Petrolífera saudita sofre ataque informático

Connecting the Dots After Cyberattack on Saudi Aramco


In a statement on Sunday, Khalid al-Falih, Aramco’s chief executive, said Aramco had restored its main internal network services after they were “impacted on Aug. 15, 2012, by a malicious virus that originated from external sources and affected about 30,000 workstations.”


To support their claim, they posted blocks of what they claimed were the infected I.P. addresses to Pastebin, a Web site often used by hackers to post data from such attacks. The group said it had attacked the government-owned oil company in retribution for what it said was the Saudi government’s support for “oppressive measures” in the Middle East.

The attack was the first significant use of malware by so-called hacktivists — hackers who attack for political reasons rather than for profit. Hacktivist groups like LulzSec and Anonymous typically recruit volunteers to flood a Web site with traffic until it goes offline. In this case, hackers used a malicious virus that was intended to inflict more harm.

Security researchers at Symantec, the computer security firm, said that hours after the attack, they received a sample of the virus they believe was responsible. The virus, named Shamoon after a word in its code, was designed to overwrite critical files with an image of a burning American flag. The researchers discovered instructions in Shamoon’s code, what is known as a “kill timer,” to attack at 4:08 a.m. on Aug. 15 — the same time hackers said they had destroyed Saudi Aramco’s computers.

Symantec’s researchers said that they had received the sample of malware from an outside security researcher who discovered it on a computer “in the Middle East.” They declined to identify that researcher or specify the country or organization where the virus was found. But Vikram Thakur, a senior researcher with Symantec’s response team, said it was “extremely likely” that Shamoon was used in the attack on Saudi Aramco.


notícia completa