Destructive cyber attack at Saudi Aramco assisted by insiders
One or more insiders with high-level access are suspected of assisting the hackers who damaged some 30,000 computers at Saudi Arabia's national oil company last month, sources familiar with the company's investigation say. The attack using a computer virus known as 'Shamoon' against Saudi Aramco - the world's biggest oil company - is one of the most destructive cyber strikes conducted against a single business.
Shamoon spread through the company's network and wiped computers' hard drives clean. Saudi Aramco says damage was limited to office computers and did not affect systems software that might hurt technical operations. The hackers' apparent access to a mole, willing to take personal risk to help, is an extraordinary development in a country where open dissent is banned. "It was someone who had inside knowledge and inside privileges within the company," said a source familiar with the ongoing forensic examination.
Hackers from a group called 'The Cutting Sword of Justice' claimed responsibility for the attack. They say the computer virus gave them access to documents from Aramco's computers, and have threatened to release secrets. No documents have so far been published. Reports of similar attacks on other oil and gas firms in the Middle East, including in neighbouring Qatar, suggest there may be similar activity elsewhere in the region, although the attacks have not been linked.
Saudi Aramco declined to comment. "Saudi Aramco doesn't comment on rumours and conjectures amidst an ongoing probe," it said. The hacking group that claimed responsibility for the attack described its motives as political. In a posting on an online bulletin board the day the files were wiped, the group said Saudi Aramco was the main source of income for the Saudi government, which it blamed for "crimes and atrocities" in several countries, including Syria and Bahrain.
The Saudi interior ministry did not respond to requests for comment. The foreign ministry was not available for comment. Saudi Arabia sent troops into Bahrain last year to back the Gulf state's rulers, fellow Sunni Muslims, against Shi'ite-led protesters. Riyadh is also sympathetic to mainly Sunni rebels in Syria. Saudi Arabia's economy is heavily dependent on oil.
Oil export revenues have accounted for 80-90 per cent of total Saudi revenues and above 40 per cent of the country's gross domestic product, according to US data. Saudi Aramco, which supplies about a tenth of the world's oil, has hired at least six firms with expertise in hacking attacks, bringing in dozens of outside experts to investigate the attack and repair computers, the sources say.
According to analysis of Shamoon by computer security firm Symantec, the way the virus gets into networks may vary, but once inside it tries to infect every computer in the local area network before erasing files to render PCs useless. "We don't normally see threats that are so destructive," Liam O Murchu, who helped lead Symantec's research into the virus, said. "It's probably been 10 years since we saw something so destructive."