Register

Peak Oil is You


Donate Bitcoins ;-) or Paypal :-)

Donate Bitcoin



Donate Paypal

Page added on October 20, 2012

Bookmark and Share

Saudi Insider Likely Key to Aramco Cyber-Attack

Public Policy

Last weekend’s disclosure that Iranian cyber warriors had disabled some 30,000 computers owned by the Saudi oil giant Aramco is attracting considerable attention here, particularly in light of a warning last week by Pentagon chief Leon Panetta that Washington could face a “cyber-Pearl Harbor”.

The alleged Iranian hand behind the attack, first reported Saturday by the Wall Street Journal, was described as one of several forays by the increasingly sophisticated “Iran’s Cyber Army” whose existence first surfaced in 2009, according to experts here.

One key element of the Aramco attack, however, has not yet been reported. Two former senior CIA officials told IPS that it appears to have been carried out with the help of personnel inside Aramco. They said that the Saudi regime has been detaining and questioning staff with access to the affected work stations.

The fact that the work stations were not connected to the Internet lends credence to reports that the attack was facilitated by a Saudi Aramco employee.

“The attackers knew what they were doing, and it is clear they had inside knowledge. They had people inside that could move about,” according to one of the sources who asked not to be named.

Both said that one or more operators were involved.

Saudi Aramco has hired at least six firms with expertise in computer hacking, as well as outside experts, to repair the computers and to try and identify the perpetrators, according to the former CIA officials.

The virus is being called “Shamoon” after a word in its code, according to New York Times technology blogger Nicole Perlroth, who wrote in late August that key data on three-quarters of the company’s office computers were overwritten and replaced with the image of a burning U.S. flag, an account confirmed by U.S. officials here.

U.S. intelligence sources stressed that the damage was limited to those computers. Software used for the company’s massive technical operations, including pumping operations, remained untouched.

The attack is believed to have been fueled in part by sectarian, as well as political differences.

Richard Stiennon at IT-Harvest, a company that tracks evolving cyber threats, told IPS in an interview that Iranian-trained hackers probably launched the attack “in deep wrath” at the long-time mistreatment of the Shiites in Saudi Arabia’s Eastern province where most of Aramco’s operations are based.

Unrest among the Shia Muslims in the region has increased sharply since Riyadh sent troops into Bahrain 18 months ago as part of a crackdown by that sheikhdom’s Sunni monarchy against the Shiite majority and other opposition forces.

Syria’s civil war – which pits the Iranian-backed Alawite-led government of President Bashar Al-Assad against a mainly Sunni insurgency supported by Saudi Arabia, Qatar and Turkey – has also stoked sectarian tensions around the region. An offshoot of Shi’a Islam, Alawites are considered heretics by conservative Sunnis who dominate the Saudi kingdom.

Saudi Arabia also provided support to Sunni tribes in Iraq after a predominantly Shi’ite government took power there following the 2003 U.S. invasion.

The attack on Aramco, as well as an August attack against a Qatari natural gas company – now being attributed to Iran – are also seen as retaliation for the Stuxnet virus that was reportedly developed jointly by the U.S. and Israel as part of a larger effort designed to disrupt Iran’s nuclear programme. Stuxnet destroyed up to 1,000 centrifuges at the Natanz enrichment facility.

Recent cyber-attacks on major U.S. bank websites have also been blamed on Iran, whose economy has been sent into a tailspin in major part due to the effectiveness of far-reaching U.S. and European economic sanctions that are also designed to curb Iran’s nuclear programme.

A small group of hackers, numbering about 100 operatives and calling themselves “The Cutting Sword of Justice”, claimed responsibility for the attack. Reports of similar attacks on other oil and gas firms in the Middle East, including in neighbouring Qatar, suggest that Iran is positioning itself as a regional cyber power.

Iran’s Cyber Army (ICA) began as a group within the Iranian military, according to Paulo Shakarian, an expert at the West Point Military Academy and co-author with Andrew Ruef of a book called “Introduction to Cyber Warfare: A Multidisciplinary Approach”. Shakarian said the ICA uses equipment and tactics far less potent than more advanced cyber powers, including the U.S., Israel, Russia and China, but the group is fast learning more effective tactics.

If the alleged Iranian hackers used one or more insiders to launch the Shamoon virus, they might have been inspired by perhaps their most determined enemies.

The Stuxnet virus that damaged Iran’s nuclear programme was allegedly implanted by an Israeli proxy – an Iranian, who used a corrupt “memory stick.32″, former and serving U.S. intelligence officials said. They said using a person on the ground would greatly increase the probability of computer infection, as opposed to passively waiting for the software to spread through the computer facility.

“Iranian double agents” would have helped to target the most vulnerable spots in the system, one source said.

According to James Lewis, a cyber expert at the Center for International and Strategic Studies (CSIS), here, “The memory stick is the perfect tool. It can be left behind in a men’s room or left in a parking lot, and someone will at last plug it in and set the virus running. It’s human nature.”

“It’s basically a kind of low-grade cyber war,” said Vincent Cannistraro, former head of the CIA’s Counter-Terrorism office.

Israel has allegedly used cruder methods than Stuxnet to attack Iran’s nuclear programme, including the assassination of several scientists associated with it.

A senior State Department official said last month that such attacks were considered “terrorism” by Washington, which denounced the killing last January of a deputy director of the Natanz facility in unusually vehement terms. The same official insisted that the U.S. had no information as to who was behind the assassination, however.

Former and senior U.S. intelligence officials believe Israel has used recruits from the Mujahedeen-e-Khalq (MEK) for the assassinations.

“The MEK is being used as the assassination arm of Israel’s Mossad intelligence service,” said Cannistraro. He said the MEK is in charge of executing “the motorcycle attacks on Iranian targets chosen by Israel. They go to Israel for training, and Israel pays them.”

In his remarks last week, Panetta did charge Iran with responsibility for the attacks on Aramco, but he described them as “probably the most destructive attack that the private sector has seen to date.”

After the existence of Stuxnet was disclosed in June 2010, many international legal and exports noted that it would likely set an unfortunate precedent that could blow back against its creators.

*Richard Sale is author of the 2009 book, ‘Clinton’s Secret Wars: The Evolution of a Commander in Chief”.

 Inter Press Service



5 Comments on "Saudi Insider Likely Key to Aramco Cyber-Attack"

  1. DC on Sat, 20th Oct 2012 11:28 am 

    Wow , 2 cyber-prop’ganda articles back to back. Funny, the US is the one of the few cyber-attackers *confirmed* and admitted, so in order to deflect that awkward fact, blame the enemy of the hour for doing exactly what the US did. Even more amusing, they are all but admitting this ‘cyber-attack’ did no real harm and was likely an inside job(ie Saudis did it), and didnt impact anything of any real importance…handy that eh? These cyber-attackers,instead of trying to do REAL damage, they elect to run a crappy little script showing a burning US flag. Pretty nasty stuff that, digital burning US flags on computer screens and all.

    In this regard, these cyber-whatevers are run the same way ‘Al-qaeda’ is. Al-qaeda is the same way, they huff and puff a lot, and keep threatening to attack airliners, a useless target if there was one, instead of trying to do actual damage. Of course, Al-Q always get foiled in the nick of time and never does any actual ‘harm’ either. So it is with this uhhh…Iranian cyber army. There ‘attacks; will also be trivial and or non-existent, but the US will blow LOTS of smoke up everyones ass about what a deadly threat they are.

    uh-huh.

    The Stux-net virus, otoh(you know the real cyber-saboteurs form the US), did REAL damage and really was an attempt to actually destroy real property. No scripts with burning Iranian flags with stux-net, no way.

    So much BS out there, were up to our armpits in it and most people think its roses there so thoroughly conditioned to accept w/e horsecrap the US is shoveling these days.

  2. Arthur on Sat, 20th Oct 2012 12:09 pm 

    It will not be easy to setup a false flag attack, now that the internet is around as a global watchdog.

    In fact the last false flag attack, 9/11, ordered by Netanyahu, in close cooperation with Silverstein, Zakheim and the rest of the PNAC-gang and covered up by the author Philip Zelikow of the 9/11-commission report, which according to a prominent member of that commission, was ‘set up to fail’… that false flag attack, was pulled off, a few months before the blogosphere / internet forums exploded on a global scale, which was not foreseen by the people behind the attack. I remember posting my first forum post in march 2002. And now the perps are trapped.

    And now they are at it again, desperate as they are to kick off a war against Iran, that hopefully (in their eyes) will lead to WW3, the war to end all wars (again) as it should lead to world government, after it has been demonstrated that a world with nukes (used in WW3) cannot exist, except with world government.

  3. Arthur on Sat, 20th Oct 2012 12:23 pm 

    http://www.youtube.com/watch?v=a0LBARGBupM

    Zelikow who?

    While at Harvard, Zelikow worked with Ernest May and Richard Neustadt on the use, and misuse, of history in policymaking. They observed, as Zelikow noted in his own words, that “contemporary” history is “defined functionally by those critical people and events that go into forming the public’s presumptions about its immediate past. The idea of ‘public presumption’,” he explained, “is akin to William McNeill’s notion of ‘public myth’ but without the negative implication sometimes invoked by the word ‘myth.’ Such presumptions are beliefs (1) thought to be true (although not necessarily known to be true with certainty), and (2) shared in common within the relevant political community.”

    Translation: historic events (like 9/11) should be used to further agenda’s of the ‘political community’. The agenda was to create a terror meme, based on the public Al Qaida myth, that could be used until the end of times to invade any territory at random. Like countries with a lot of oil and gas.

  4. BillT on Sat, 20th Oct 2012 12:26 pm 

    And the race is on. Will it be the elite one-worlders or Mother Nature that crosses the finish line first? My bet is on Mother Nature. She doesn’t give a damn who wins or loses so the end will come no matter the cost to humanity. And, if she wins, the earth may actually have enough resources to come back to a balance in a few thousand years. If humans win, there may not be anything left that is not radioactive.

  5. Stiennon on Sun, 21st Oct 2012 6:18 pm 

    For the record I never made the comment attributed to me about Saudi treatment of Shiites. I am not at all knowledgeable about such matters. I can only assume that Mr. Sales, mus-attributed this statement to me.

    -Richard Stiennon


Leave a Reply

Your email address will not be published. Required fields are marked *