We reported back in October about the damage swell of Saudi Aramco, Saudi Arabia’s oil company, which fell victim to a cyberattack. Some new details have been revealed by a few investigating/reporting organizations…
The New York Times reported the following yesterday:
The attack on Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt production, but was one of the most destructive hacker strikes against a single business.
“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” Abdullah al-Saadan, Aramco’s vice president for corporate planning, said on Al Ekhbariya television. It was Aramco’s first comments on the apparent aim of the attack.
Hackers from a group called Cutting Sword of Justice claimed responsibility for the attack, saying that their motives were political and that the virus gave them access to documents from Aramco’s computers, which they threatened to release. No documents have yet been published.
The “Cutting Sword of Justice” made a post on PasteBin.com about taking credit for the attack.
We explained previously that most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. However, renewed thoughts of Aramco are showing the want by hackers to stop the flow of production. Good thing it got sorted out.
The New York Times reported about the damages of the attacks on Saudi Aramco, a Saudi Arabian oil firm. The article stated the following, blaming Iran for the attacks on Saudi Aramco along with supporting evidence:
That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.
United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.
Intelligence officials are still investigating the nature of the RasGas hack also, because it is related to this attack, which involved a malware called Shamoon.
The investigations of Saudi Aramco and RasGas, Qatar’s top natural gas firm, are coming together. Most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. More updates to come.
- How hackers attacked Saudi oil company’s computers (seattletimes.com)
- US Increasingly Convinced Iran Behind Attack On Saudi Aramco (techweekeurope.co.uk)
- Shamoon Virus that Attacked Saudi Aramco is the Most Dangerous to Date (oilprice.com)
A consumer group in Germany has alleged over Facebook App Center about violating privacy laws.
According to the Washington Post, the Federation of German Consumer Organisations has given Facebook one week to stop automatically giving user information to third-party applications without explicit consent.
Legal action is possibly to Facebook, if these solutions are not met to fix privacy flaws, by September 4, 2012.
According to the New York Times about two week ago, “The company’s use of analytic software to compile photographic archives of human faces, based on photos uploaded by Facebook’s members, has been problematic in Europe, where data protection laws require people to give their explicit consent to the practice.”
Officials say this investigation and alleged charges are related to the Google Street View investigation, and similar actions can be taken, if necessary, to resolve the problem.
For the App Center, it’s put in place, some speculate, to help the Facebook mobile market and increase revenue for the company. With its competition against Apple or Android stores, it’s trying to gain attention quickly as an app store itself.
What makes governments and privacy experts nervous, is when Facebook developers make users opt-out, instead of opt-in. This means that new, potentially problematic, features are turned on by default. This requires too much work on the user, and an unfair advantage for Facebook.
- Facebook given one week to stop breaching privacy laws (nakedsecurity.sophos.com)
- German consumer group sets Facebook privacy ultimatum (reuters.com)
- Facebook’s new app bazaar ‘violates’ punters’ privacy – lobbyists (go.theregister.com)
Also, earlier this month, The New York Times reported that President Obama ordered similar attacks on the super-computers that run Iran’s nuclear plants.
According to Reuters, “Based on obtained information, America and the Zionist regime (Israel) along with the MI6 planned an operation to launch a massive cyber attack against Iran’s facilities following the meeting between Iran and the P5+1 in Moscow,” Iran’s English-language Press TV quoted him as saying.
Another crazy issue would be that since Iranian leaders could not talk to the US/UK/Israel, they assumed an attack was planned. I guess what they don’t know WILL hurt them…right?
What is big about this, is the fact that the cyberwar between the US-based allies (UK + Israel + US) and Iran is heating up. Prepare for more stories like this here on seCURE Connexion!