30 August 2012

Cyber War Envelops Middle East

Iran has already been hit by Flame, Duqu, and Stuxnet. Now we are learning of a more mysterious attack against Iran's oil infrastructure by malware called "Wiper:"
Wiper was an aggressive piece of malware that targeted machines belonging to the Iranian Oil Ministry and the National Iranian Oil Company in April.

...No one has ever found a sample of Wiper in order to study its code and determine exactly what it did to machines in Iran, but Kaspersky did obtain mirror images of “dozens” of hard drives that had been hit by the malware.

Although the disks were thoroughly wiped in most cases, leaving no malware behind – or much of anything else – the researchers did find evidence of its previous existence on some of the systems that weren’t completely wiped. The evidence came in the form of a registry key that pointed to files that had been on the machines before being erased.

According to Kaspersky, the wiping activity occurred between April 21 and April 30. Wiper’s erase operation focused initially on destroying data on the first half of a disk, then systematically erasing system files, causing the systems to crash and preventing them from rebooting... _Wired
Spread of Duqu

But Iran has not been entirely passive in this cyber-war. A recent cyber attack against Saudi Aramco -- Saudi Arabia's state energy company -- is thought to have originated with groups allied with Iran.
Saudi Aramco, Saudi Arabia's national energy company, said on Sunday it had repaired 30,000 workstations infected with a malicious virus earlier this month....

...A group calling itself the "Cutting Sword of Justice" claimed responsibility for the attacks. The group accused the Saudi Arabian government of supporting "crimes and atrocities" in countries such as Syria and Egypt, according to a post on Pastebin.

Saudi Aramco said it expected further intrusions. "Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack." _CW

Saudi Aramco is right to expect further attacks, just as the Iranian Oil Ministry should expect further attacks. In fact, all middle eastern oil production in and around the Persian Gulf is vulnerable to one type of malware or another. Whoever controls the flow of oil will be able to hold global oil markets hostage to potentially devastating price swings.
Earlier this year, a group of international experts at the Herzliya Conference imagined a very different scenario — a far more drastic one — in which a sophisticated attack on Abqaiq was directed by Iran and carried out from within. In the simulation, a series of explosions, along with a cyber-weapon, crippled the facility...

...The results of this simulated attack, detailed here in full for the first time, were profoundly disturbing. The price of oil skyrocketed to over $200 per barrel. The House of Saud, and the territorial integrity of the kingdom, were existentially threatened. Saudi Arabia’s neighbors — Jordan, Iraq, the UAE, Bahrain, Qatar, Kuwait and Oman — were destabilized. Developing countries that use oil for electricity were propelled into war, both civil and external.

And Iran, the world’s third-largest producer of oil, authoritatively recognized as the perpetrator of the attack, reaped the rewards, its influence growing throughout the Middle East as the demand for oil outpaced the supply, and the Shiite populations in the Gulf — increasingly unrestful throughout the Arab Spring revolutions — rose up in arms.

“The simulation showed that global over-reliance on Saudi oil and our over-reliance on Saudi stability, would give Iran, in the case of such an attack, carte blanche in the Middle East — and that’s without a nuclear weapon,” said Tommy Steiner, the author of the report... _How Iran Might Triumph Even Without Nukes

The evolution of increasingly sophisticated cyber attacks has just begun, and every industrial facility and information network is clearly at risk.

There is a limit to how well protected large networks can be and still function. In this situation, resilient backups will be increasingly important.

Labels: , , ,

Bookmark and Share


Blogger neil craig said...

Thats if iran attacks successfully.

More likely that Israel will decide that while they have slowed Iran's nuclear programme to a crawl it is still crawling forward & hust pull the plug on all Iran's infrastructure. No oil being pumped abroad, or dometically, electricity generators melting down, water supply contaminating itself ...

Friday, 31 August, 2012  
Blogger al fin said...

Iran has already proven itself a cyber threat to Saudi Arabia. It is the Shia vs. Sunni interplay which may generate the most heat in this arena.

Of course Israel occupies the higher stronger position in terms of information technology expertise. But Israel is also capable of sitting on the sidelines while opposing sides -- both composing external threats to Israel -- slug it out.

Friday, 31 August, 2012  
Blogger Matt M said...

Risking the term 'preper' - I would suggest that the USA could experience a similar occurrence to that of the Georgian Republic when all their ATM's were acked and shut down by a foreign power.

A couple of weeks of food and water would be a good thing to have on hand - along with some cash to tide you over.

Sunday, 02 September, 2012  

Post a Comment

“During times of universal deceit, telling the truth becomes a revolutionary act” _George Orwell

<< Home

Newer Posts Older Posts