Neena Kapur | The I.T Ambassador
Saudi Cyber Attack: Who done it?
Published: Monday, November 5, 2012
Updated: Monday, November 5, 2012 06:11
On the morning of Aug. 15, Saudi Aramco, the largest state−owned oil exporter in the world, experienced one of the most destructive acts of computer sabotage on a company to this day. The attacking virus destroyed the hard drives of more than 60 percent of Aramco’s computers and wiped out data on the company’s servers. As a final touch, the virus replaced all data with an image of a burning American flag.
Talk about a blatant message.
Though this virus, dubbed as Shamoon, attacked well over two months ago, experts are still unsure of whom to blame. Was it state sponsored, or did an individual execute it? United States intelligence officials say Iran was behind the attack, retaliating against the previous U.S. backed attacks on the Iranian Oil Ministry.
If this is the case, this means two interesting things. One, that less sophisticated code can still do a lot of damage. And two, a global cyber war could be brewing.
A cyber war is a new and unexplored concept. Up until now, cyber attacks had followed no specific patterns; attacks had direct targets, but were spurious. If this attack was retaliation, the potential damage the cyberworld can inflict would drastically increase. Once countries target each other for warlike purposes, rather than means of coercion (i.e. the Iran nuclear program), then the applications of cyber attacks become much more versatile and dangerous. U.S. Defense Secretary Leon Panetta, in a speech to Business Executives for National Security, said that a cyber attack “could be as destructive as the terrorist attack of 9/11.”
Now let’s look at things through a non−American lens. Though it has been reported that there is a high likelihood that Iran was behind the attack, it’s important to realize that there is also a high likelihood that Iran wasn’t behind it. To be honest, it’s very difficult to tell.
The evidence supporting retaliation comes from the fact that the code used the same name for its self−destruct execution, “Wiper,” that the Flame virus, which has been traced back to a U.S. state−sponsored attack, used on the Iranian Oil Ministry. There is little evidence otherwise. Roel Schouwenberg, a senior researcher for Woburn, Mass.−based Kaspersky Lab Inc., asserted that the only reason the United States is blaming Iran is because the attack took place in the Middle East. The code, otherwise, has little indication that it was state−sponsored.
The design errors and other aspects of the virus actually provide evidence that an individual actor or small time non−state sponsored hacking group could have executed the attack. The virus was comprised of pieces of software that are commercially distributed to consumers by various tech companies, and other pieces were downloaded from online forums. Not only was much of this virus unoriginal, but it also was a patched together, unsophisticated structure.
However, analysis cannot absolutely conclude that a lone actor launched this attack. It is possible that a state actor may have intentionally created the code to appear amateurish in an attempt to cover its tracks. “Sloppy code may well become more prevalent as a form of obfuscation,” Schouwenberg said.
Though the culprit of the code has not been identified yet, analysis provides important discourse for the future of cyberattacks. If it was an Iranian−backed attack, cyberwar could become a reality — critical infrastructure of countries could be targeted, and immense damage could be done. And, if it wasn’t Iran, this virus illustrates the immense power that less−sophisticated coders have in the cyberworld. Though the virus itself was clearly inferior to viruses like Flame and Stuxnet, it caused the most economically damaging cyberattack to this date. Cyberattacks in the Middle East are becoming a standard tactic of offense, and this instance serves as an important wake up call — sophistication isn’t necessary for damage to be inflicted, and an attack may be returned with retaliation.
Neena Kapur is a sophomore majoring in international relations and computer science. She can be reached at Neena.Kapur@tufts.edu.