Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Aramco Says Networks Back Online, No Results From Investigation Yet

samzenpus posted more than 2 years ago | from the we're-back dept.

Security 21

Trailrunner7 writes "Saudi Aramco says that the virus attack that compromised tens of thousands of the company's workstations last month never endangered the company's oil production capabilities and that all of the affected systems have been brought back online and restored. The attack on Aramco has been linked by researchers to the Shamoon malware, but company officials did not comment on the nature or provenance of the malware. The attack hit Aramco, one of the larger oil producers in the world, on August 15 and the company soon took its main Web sites offline as it investigated the extent and nature of the compromise. A group of attackers calling itself the Cutting Sword of Justice took credit for the attack through a post on Pastebin, saying that the operation had destroyed data on 30,000 machines, including both workstations and servers. The company originally did not comment on the extent of the damage to its network, simply saying that it had suffered an attack and was in the process of cleaning it up. On Monday, company officials said that security staffers had restored all of the infected machines and that its operations were back to normal."

cancel ×

21 comments

Sorry! There are no comments related to the filter you selected.

That's horrible! What OS were those compromised (1)

couchslug (175151) | more than 2 years ago | (#41292841)

systems running?

Re:That's horrible! What OS were those compromised (1)

jschmitz (607083) | more than 2 years ago | (#41292883)

"Saudi Aramco says damage was limited to office computers and did not ... They say the computer virus gave them access to documents from Aramco's ... Saudi Aramco has said that only office PCs running Microsoft Windows ..."

Saudi Aramco damage limited to office computers? (1)

dgharmon (2564621) | more than 2 years ago | (#41293935)

"Saudi Aramco says damage was limited to office computers .. running Microsoft Windows" ...

'However, one of Saudi Aramco's Web sites taken offline after the attack - www.aramco.com . remained down on Sunday. E-mails sent by Reuters to people within the company continued to bounce back` link [nytimes.com]

Re:Saudi Aramco damage limited to office computers (1)

ubrgeek (679399) | more than 2 years ago | (#41294211)

> E-mails ... continued to bounce back

GoDaddy strike again. ;)

Re:That's horrible! What OS were those compromised (1)

DriedClexler (814907) | more than 2 years ago | (#41294303)

They say the computer virus gave them access to documents from Aramco's

Hey, maybe they can blackmail Aramco out of Bitcoins now!

Re:That's horrible! What OS were those compromised (4, Insightful)

Aryeh Goretsky (129230) | more than 2 years ago | (#41293275)

Hello,

I realize the default permission on Slashdot is set to "anti-Microsoft," but before that gets out-of-line, consider this attack was purportedly done by an insider (or possibly even insiders).

At that point, it doesn't really matter what the operating systems(s) the business runs. If it was an inside job, the attacker would have been damaging things regardless of the operating system(s) used. How environments are secured and managed is a lot more important these days than what operating systems they run.

Regards,

Aryeh Goretsky

Re:That's horrible! What OS were those compromised (1)

Anonymous Coward | more than 2 years ago | (#41293453)

No inside attacker can do any more harm than an outsider in a well-protected setup these days.

Regards,

Thomas J

Default permission on Slashdot (1)

dgharmon (2564621) | more than 2 years ago | (#41293779)

"I work in the research department of a computer security company"

If you want to be taken seriously in computer security, don't ever go on slashdot to defend MICROS~1 ...

Re:Default permission on Slashdot (1)

ra1n85 (2708917) | more than 2 years ago | (#41294939)

Yes, how dare he!? Everyone knows that Aramco should have been using the Arabic port of Debian.

Re:That's horrible! What OS were those compromised (2)

symbolset (646467) | more than 2 years ago | (#41295367)

When you're using Windows desktops, all your "inside" is "outside". Google at least learned after their big oops and corrected this situation. I bet Aramco didn't, and will have the issue again in nine months or so.

Re:That's horrible! What OS were those compromised (1)

Aryeh Goretsky (129230) | more than 2 years ago | (#41296447)

Hello,

Malware for Android, Google's version of Linux for smartphones and tablets, seems to be on the upswing, though.

Regards,

Aryeh Goretsky

Re:That's horrible! What OS were those compromised (1)

symbolset (646467) | more than 2 years ago | (#41309033)

Android is open source, and lets people do what they will with it. Some people will do dumb things. Almost all of the Android malware issue seems to be with people who don't have Google Play, and in places not relevant to most of us, or people who sideload apps from random websites, and such. You know, I'm fine with people deciding to take that risk and enjoying the benefit or suffering the consequences. That's what freedom is about.

The Arabs use mainly Windows (1)

unixisc (2429386) | more than 2 years ago | (#41296607)

I doubt that they were using anything other than Windows, Windows Server & so on. I'm willing to bet - they may be the among the first converts to Windows Server 2012 and Windows 8.

Obama now leading in Oiho! (0)

Anonymous Coward | more than 2 years ago | (#41293299)

Says not to vote for that Jack Ryan fellow.

The guilty will likely be... (0)

Anonymous Coward | more than 2 years ago | (#41296629)

... beheaded, unless they happen to live outside Saudi Arabia, in a country hostile to them. Such as Iran. Incidentally, I was wondering what would happen if it turned out that the crackers in this case were Jews? Saudi law doesn't allow Jews to enter the country, so they couldn't even get them extradited, if it came to that. HA!

Re:The guilty will likely be... (0)

Anonymous Coward | more than 2 years ago | (#41296657)

I think their gov would be willing to take them in the country, as long as there was a death sentence waiting.

I don't think they're all up yet. (1)

freeze128 (544774) | more than 2 years ago | (#41293465)

I have clients that need to send email to aramco.com, and none of their SMTP servers are accepting a connection. Maybe they overreacted, and blacklisted the entire planet....

Better to release then delete (0)

Anonymous Coward | more than 2 years ago | (#41293941)

Why delete the info? They should have a backup system in place, thus minimizing the loss. Better to release all the data into the wild for competitors and conspiracy theorists to pour over.

A better term... (0)

Anonymous Coward | more than 2 years ago | (#41296933)

...might be "oil pumpers"? They aren't exactly "producing" it in the ordinary sense.

Why are there backups to restore from? (1)

xenobyte (446878) | more than 2 years ago | (#41296979)

Any good attack would have destroyed the backups before wiping the servers and workstations.

Of course, offline tapes with backups cannot be destroyed from the outside, unless we're talking a truly long term project with an inside man slowly corrupting the offline backups, or a full intrusion armed with bulk erasers...

Apple is world's most valuable company (1)

tinkerton (199273) | more than 2 years ago | (#41297721)

.. if you only look at companies that are listed on the stock market.
It's remarkable how Aramco manages to keep a low profile. It's not possible to put 'today's value' on it but estimates are always over a trillion dollars and reach up to 7 trillion.

To be fair, it may be just the name that has a low profile. 'saudi oil' is the same thing and it doesn't exactly have a low profile.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?