Aramco Says Cyberattack Was Aimed at Production
By REUTERSDEC. 9, 2012
Date: 01 April 2013
JEDDAH, Saudi Arabia (Reuters) — Saudi Arabia’s national oil
company, Aramco, said on Sunday that a cyberattack against it in August that
damaged some 30,000 computers was aimed at stopping oil and gas production in
Saudi Arabia, the biggest exporter in the Organization of the Petroleum
Exporting Countries.
The attack on Saudi Aramco — which supplies a tenth of the
world’s oil — failed to disrupt production, but was one of the most destructive
hacker strikes against a single business.
“The main target in this attack was to stop the flow of oil
and gas to local and international markets and thank God they were not able to
achieve their goals,” Abdullah al-Saadan, Aramco’s vice president for corporate
planning, said on Al Ekhbariya television. It was Aramco’s first comments on the
apparent aim of the attack.
Hackers from a group called Cutting Sword of Justice claimed
responsibility for the attack, saying that their motives were political and
that the virus gave them access to documents from Aramco’s computers, which
they threatened to release. No documents have yet been published.
Aramco and the Saudi Interior Ministry are investigating the
attack. A ministry spokesman, Maj. Gen. Mansour al-Turki, said the attackers
were an organized group operating from countries on four continents.
The attack used a computer virus known as Shamoon, which
infected workstations on Aug. 15. The company shut its main internal network
for more than a week. General Turki said the investigation had not shown any
involvement by Aramco employees. He said he could not give more details because
the investigation was not complete.
Shamoon spread through Aramco’s network and wiped computers’
hard drives clean. Aramco said damage was limited to office computers and did
not affect systems software that might harm technical operations.
Resource:
http://www.nytimes.com/2012/12/10/business/global/saudi-aramco-says-hackers-took-aim-at-its-4production.html?_r=0
________________________________________
Case Study Answers:
Actor Type:
Organized Criminal Group
Organized Criminal Group
Organized Criminal Group: refers to criminal organizations
that use hacking as an instrument for financial or other ill gain.
Regarding the Aramco case, the actor type is Organized
Criminal Group because the cyber-crime attack was done by a group called
"Cutting Sword of Justice" that aimed to destroy the local and
international markets of oil and gas by sending a malicious virus.
By: Sara Bahagari
Location:
Foreign Location
Foreign Location
Foreign location- The actor location can thus be outside the
target’s national borders,hackers behind the virus are based outside Saudi
Arabia where our organization (Aramco) is located.
The case study states that the hackers where traced back to
countries which are in 4 different continents hence from this statement we
derive that its a foreign location rather than a local one.
Although there are many conspiracy theories and assumptions
about the location of the hacker group behind the Shamoon virus their exact
locations is not known and can not be traced.
By: Fawzia Hersi
Motivation:
Criminal
Criminal
Cyber crime motivation is the attacker purpose or reason for
an attack. cyber criminals have different motivations for their operations for
fun, ethical purpose or criminal purpose.
Regarding the Aramco case, the cyber crime motivation is
criminal purpose because the cyber crime attacker was targeted to stop the flow
of oil and gas to local and international markets by sending a malicious virus.
By: Abrar AlAhmadi
Goal:
Destroy Data
Destroy Data
One of the Attack goals principles is to destroy data attack
goal and according to the Aramco case, the attackers were aiming for stopping
the flow of oil and gas production in KSA, by damaging almost 30,000 computers
in Aramco national oil company.
By: Hanadi Kheshaim
Method:
Data Manipulation, Virus-Based
Data Manipulation, Virus-Based
Data manipulation is one of the attack methods in
cybercrimes. It is divided into three sub-parts which are, network-based,
virus-based and web applications. Regarding the Aramco case, the attackers used
a virus-based methodology where they launched a virus called Shamoon. Shamoon
spread through Aramco's network as it affected the main internal network and
wiped all the computer's hard drives.
By: Rayyana AlHazzaa
________________________________________
For more information on this case study click:
________________________________________
For more information on this case study click:
Aramco Case Study Part 2...
For countermeasures and protection from this attack click:
To see other Cyber Crime Cases Click in the links below:
1. Aramco Virus Cyber Crime Analysis:
Group A
Group E
2. Iran Nuclear Stuxnet Cyber Crime Analysis:
Group B
Group D
3. Beijing Olympic Ticketing Cyber Crime Analysis:
Group C
Group F
To see more cases about Cyber Crime click the link below:
No comments:
Post a Comment