oil companies hacked pretty bad apparently

[blu]

Oil companies hit by 'state' cyber attacks, says report ? The Register

written by dan goodin who is one of the best security writers (he actually understands what he is talking about). based on the latest google attacks and the stuff contained in the link it seems I was right when I said the usa infrastructure would be shut down in about an hour if a real cyberwar started. sucks that people are so company apathetic and that companies don't take computer security serious unless they are forced to by law / regulations.

 

[waltky]

Mideast oil infrastructure under cyber attack...

Mideast cyber war endangers gulf energy
Oct. 24,`12 (UPI) -- The energy industry in the Persian Gulf is finding itself vulnerable to cyberattack.

The energy industry in the Persian Gulf, which supplies more than one-third of the world's oil supplies and much of its natural gas, is finding itself vulnerable to cyberattack, a form of warfare the United States, Israel and Iran are increasingly using. "Rising regional political tensions and a flurry of recent cyberattacks have raised fears about the growing use of viruses to target critical national infrastructure in the Middle East," the Financial Times warned.

The dangers to the energy industry in a strategic region are growing all the time as the key protagonists in the cyberspace develop increasingly effective and potentially destructive viruses, energy specialists say. These dangers were dramatically underlined in recent weeks with cyberattacks on Aramco, Saudi Arabia's state oil monopoly and the world's leading producer, and RasGas, a joint venture between Exxon Mobil of the United States and state-owned Qatar Petroleum, in the neighboring gas-rich emirate of Qatar.

The discovery in September of a highly infectious variant of the W32.Flame virus that was used in a recent cyberattack on Iran's national oil infrastructure, already battered by ever-tightening U.S. and European sanctions, has caused alarm about the effects of future attacks. The new variant has been dubbed Mini-Flame and has been detected in Iran and Sudan.

Another virus, an espionage malware known as Gauss was allegedly used by the United States and Israel to attack Lebanon's banking system, suspected of laundering money for Iran and Hezbollah, its powerful Lebanese proxy, as well as the embattled Syrian regime. Gauss was used in strikes against targets in the Palestinian territories and Iran. "If Flame and Gauss were massive cyberespionage operations, infecting thousands of users, then Mini-Flame is a high-precision, surgical attack tool," says Kaspersky Lab, a Moscow IT security company.

Read more: Cyberattack Saudi Arabia Iran oil Persian Gulf - UPI.com

See also:

Saudi Cyber Attack Seen as Work of Amateur Hackers Backed by Iran
October 25, 2012 WASHINGTON — Digital security experts say a major August cyber-attack at Saudi Arabia's top oil company appears to be the work of amateur hackers working on behalf of a nation state, and several signs point to Iran as their sponsor.

The experts say the methods apparently used by the hackers to damage many of Saudi Aramco's computers pose new challenges to other companies based in the region, and to Western powers engaged in cyber warfare with Iran. Several hacker groups quickly claimed responsibility for the August 15 attack on Aramco, but their identities have remained a mystery and their online claims have not been verified.

Iran Accused as Cyber Attacker

The New York Times reported Tuesday that unnamed U.S. intelligence officials believe the attack's real perpetrator was Iran. But it said the officials offered no specific evidence to support their claim. Earlier this month, Iran's National Center of Cyberspace dismissed the U.S. allegation as politically motivated. Saudi Aramco has not commented on the perpetrators of the cyber-attack, citing an ongoing investigation. Seculert, an Israel-based security company specializing in advanced threat detection, said the Aramco hackers may be affiliated with a government because the virus they deployed was designed to do more than just destroy hard drives.

Spying for a Government?

Seculert chief technology officer Aviv Raff said the affected computers sent data to a machine outside of the corporate network just before their hard drives were erased by the virus, dubbed "Shamoon" by researchers. "With Shamoon, (the hackers) basically (were) trying to erase evidence of other intentions, trying to cover their tracks," said Raff. He said those intentions may have included spying on Saudi Aramco for a government interested in the Saudi state-owned company's major energy infrastructure. Jeffrey Carr, chief executive officer of U.S. security firm Taia Global, said Shamoon appears to have been reverse-engineered from a sophisticated data-stealing virus that attacked Iranian oil ministry computers in April.

Amateur Results

But Carr, whose firm specializes in protecting data from espionage, said Shamoon failed to accomplish its data-stealing objectives. "The malware had some very basic coding errors in it," he said. "(It looks like) somebody in their basement doing some coding and reverse-engineering and then sending it out. It is unlikely that this was done by a professional team." Carr said several factors indicate that the Aramco hackers were working for the Iranian government. He said Iran had a motive to hire them.

Circumstantial Evidence

 

[waltky]

Hackers hittin' financial institutions...

Napolitano: US financial institutions 'actively under attack' by hackers
10/31/12 - Homeland Security Secretary Janet Napolitano on Wednesday warned that some of the largest U.S. financial institutions "are actively under attack" from cyber hackers.

While Napolitano sounded the alarm about the attacks at a cybersecurity event hosted by The Washington Post, she declined to provide any details about them. "Right now, financial institutions are actively under attack. We know that. I'm not giving you any classified information," she said. "I will say this has involved some of our nation's largest institutions. We've also had our stock exchanges attacked over the last [few] years, so we know ... there are vulnerabilities. We're working with them on that."

When asked by Post editor Mary Jordan about whether hackers are stealing information or money from banks, Napolitano answered "yes" and then quickly added, "I really don't want to go into that per se." "All I want to say is that there are active matters going on with financial institutions," she said. The public websites of Wells Fargo, Bank of America, JP Morgan Chase and others were hit by a series of denial of service attacks this fall, which made their sites inaccessible to customers. A denial of service attack inundates a Web server with large numbers of page requests until the site fails to load. It does not let the hackers siphon sensitive information from its victim.

After Hurricane Sandy wreaked havoc on the East Coast, Napolitano said people should look than no further than the damage caused by the massive storm to understand the need to boost the nation's cybersecurity protections. "One of the possible areas of attack, of course, is attacks on our nation's control systems — the control systems the operate our utilities, our water plants, our pipelines, our financial institutions," Napolitano said. "If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities." "The urgency and the immediacy of the cyber problem; the cyberattacks that we are undergoing and continuing to undergo can not be overestimated," she said.

The Department of Homeland Security (DHS) oversees the protection of unclassified computer networks for civilian agencies. The Obama administration has tasked DHS with coordinating cybersecurity efforts between the federal government and private industry. Napolitano said President Obama has made cybersecurity a priority and invested money into DHS's cyber programs, noting that the department's workforce has increased roughly 600 percent over the last few years. The president has also "constantly asked for double-digit increases in the cyber budget" at the department and it is actively looking to hire more skilled cybersecurity professionals.

MORE

 

[waltky]

Hackers crack corporate computers...

For Sale: Cheap access to corporate computers
14 November 2012 - Many sites are selling access to corporate networks for only a few pounds

Cybercriminals are openly selling illegal access to the computer networks of many of the world's biggest companies. For only a few pounds or dollars, fraudsters and scammers can get the log-in details for a server sitting on the network of a Fortune 500 firm. Those renting access can use the machine to carry out their own scams, such as sending spam, or use it as a springboard for a wider hacking attempt on a big company. The network access is just one of a wide range of cybercrime services now available on the underground economy.

Called Dedicatexpress, the hacked server service was uncovered by security researcher Brian Krebs who spent two weeks tracking down the site, accessing its forums and getting hold of a list of the corporate networks to which it offered access. Currently, the site has about 17,000 servers available but he estimates that about 300,000 have been listed since the site started in 2010. Since Mr Krebs wrote about it, the site has changed to become member-only.

Spam funnel

Mr Krebs said the site was acting as a broker on behalf of hackers who had already won access to the networks as a result of separate attacks. "It seems to they are gathering these from people who are selling them to the service," he told the BBC. "They maybe individual hackers that have no use for these but know they have value and are re-selling them." The servers listed could prove useful to spammers or other fraudsters who want to use corporate resources, which typically include high speed net links and powerful computers for their own ends.

Dedicatexpress puts some restrictions on what customers can do with some hacked servers, said Mr Krebs. Paypal fraud, online gambling and dating site scams are among activities banned on some. While openly offering hacked servers for sale may be a surprise or a shock to some, Mr Krebs said it was likely that the computers had been compromised for a long time. "My sense is that a lot of these systems are probably abused quite a bit before they get to this point," he said. "They may have been wrung out in other ways before they are sold to a service like this."

More BBC News - For Sale: Cheap access to corporate computers

See also:

Are 'geek' and 'nerd' now positive terms?
15 November 2012 - Campaigners in Sweden are trying to force a dictionary to change its definition of "nerd". But after two decades of "reappropriation" has "nerd" - and its sister word "geek" - now completely lost its derogatory connotations?

In the 1984 film Revenge of the Nerds the rousing final speech of one of the protagonists starts with the statement: "I'm a nerd." Its plot may be cartoonish but the film reveals a certain cultural backdrop - to be a nerd was to be socially awkward, even socially inferior. Jocks, those who were good at sport, or other socially successful groups, usually ended up winning. To turn that on its head could form the basis for comedy. Things have changed.

The Social Network in 2010 came in a very different social milieu. Now a nerd, or a "geek", can be a driven Machiavellian bent on success - Gordon Gekko in a zip-up hoodie. Today when people think of "geeks" and "nerds" they might very well name the likes of Bill Gates, Steve Jobs and Mark Zuckerberg - people whose imagination and grasp of the technical made them billions.

Historic geeks are celebrated, with Alan Turing and Nikola Tesla's legacies provoking great passions. New York Times blogger and geeky statistician Nate Silver has been hailed as an unexpected star of the US presidential election after correctly predicting the outcome. "Memo to wannabe presidents: hire geeks, not pundits," advises this week's New Scientist magazine. Even sportsmen unabashedly refer to themselves as "nerds". Chris Kluwe of the Minnesota Vikings, who has just been voted "sexiest man of the year", said of the honour: "It's a little weird because I'm a nerd video game player."

Singles on dating websites define themselves in their profiles as "nerds" and "geeks" - in a positive way - and there is no end of blogs listing stars like Natalie Portman as geeks or listing "nerdy power couples" (like Tim Burton and Helena Bonham Carter). A slew of comedies over the past few years have had geeks as heroes, such as Tim Bisley - the comics, video game and Star Wars-obsessive of Spaced - and Leonard Hofstadter, the precocious physicist of The Big Bang Theory.

More http://www.bbc.co.uk/news/magazine-20325517

 

[waltky]

Shamoon virus is back...

Saudi Arabia Warns Destructive Computer Virus Has Returned
January 24, 2017 — Saudi Arabia is warning that a computer virus that destroyed systems of its state-run oil company in 2012 has returned to the kingdom, with at least one major petrochemical company apparently affected by its spread.

Suspicion for the initial dispersal of the Shamoon virus in 2012 fell on Iran as it came after the Stuxnet cyberattack targeting Tehran's contested nuclear enrichment program. It wasn't immediately clear who could be responsible for the new infection, though the relations between regional rivals remain tense. A report Monday by Saudi state-run television included comments suggesting that 15 government agencies and private institutions had been hit by the Shamoon virus, including the Saudi Labor Ministry. The ministry said it was working with the Interior Ministry to contain the virus. Sadara, a joint venture between the Saudi Arabian Oil Co. and Michigan-based Dow Chemical Co., shut down its computer network Monday over a disruption. Company spokesman Sami Amin said its network remained down Tuesday, though it hadn't affected operations at the facility. He declined to comment further.

Sadara is based in Jubail Industrial City, which sits about 100 kilometers (60 miles) northwest of the eastern Saudi city of Dammam in the heartland of the kingdom's oil industry. Another state-run TV report on Tuesday said the Saudi Technical and Vocational Training Corp. was affected, though a spokesman denied the virus did any damage to its network. Symantec Corp., a California-based security firm, warned in late November that Shamoon had been spotted again in Saudi Arabia. Computers affected had their hard drives erased and displayed a photograph of the body of 3-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country's civil war, Symantec said. The November attacks apparently involved previously stolen passwords, suggesting the virus' use was a long time coming. "Why Shamoon has suddenly returned again after four years is unknown," Symantec said . "However, with its highly destructive payload, it is clear that the attackers want their targets to sit up and take notice."

An illustration of a virus attack.​

Shamoon first emerged in Saudi Arabia in 2012. In that attack, which hit Saudi Aramco and Qatari natural gas producer RasGas, the virus deleted hard drives and then displayed a picture of a burning American flag on computer screens. The attack forced Saudi Aramco to shut down its network and destroyed over 30,000 computers. "All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date," then-U.S. Defense Secretary Leon Panetta said at the time. Shortly before Panetta's speech, a former U.S. official told The Associated Press that American officials firmly believed Iranian hackers likely backed by Tehran were responsible for the attack. Iran denied being responsible for the 2012 Shamoon outbreak. Tehran had no immediate comment on the new outbreak.

The first emergence of Shamoon came as Iran faced international sanctions over its contested nuclear program and after it saw thousands of centrifuges destroyed by the Stuxnet virus, widely believed to be an American and Israeli creation. Last year, a series of fires at Iranian petrochemical plants and facilities have raised suspicions about hacking potentially playing a role. Hostilities persist between Shiite power Iran and Sunni-ruled Saudi Arabia. The countries support opposite sides in the wars gripping Syria and Yemen, while the kingdom has backed Bahrain's Sunni rulers amid a crackdown on dissent on the Shiite-majority island. Saudi Arabia severed diplomatic relations with Iran last year after protesters there - angry about its execution of a Shiite cleric - stormed two Saudi diplomatic posts.

Saudi Arabia Warns Destructive Computer Virus Has Returned