‘No emails, no phones, nothing’: Aramco, in wake of Shamoon blitz

Security consultant describes Saudi oil giant’s tech blackout in wake of 2012 cyber strike

Tags: Cyber crimeSaudi ArabiaSaudi Aramco (www.saudiaramco.com)
  • E-Mail
‘No emails, no phones, nothing’: Aramco, in wake of Shamoon blitz Aramco had invested heavily in protecting the production infrastructure itself, but Shamoon targeted PCs, email servers and other, less critical systems.
By  Stephen McBride Published  August 9, 2015

An independent cyber security consultant has described how Saudi Aramco had to get by on typewriters and paper, after the August 2012 cyber-attack that disabled more than 30,000 of the company's workstations for almost two weeks.

A cyber cabal calling itself "Cutting Sword of Justice" launched the hacktivist campaign against the state-controlled oil company in protest against the ruling Al Saud family. The gang's Shamoon virus hit systems for several hours on 15 August, 2012, before admins shut down machines as a mitigating measure. Aramco's public statements at the time claimed oil production had not been affected, but in December 2012 the company admitted that critical infrastructure had been the intended target.

Speaking at this week's Black Hat conference in Las Vegas, Chris Kubecka, who was tasked with securing Aramco's EMEA satellite offices in the wake of the attack, said the oil giant initially had, "No emails, no phones, nothing", according to a report from darkreading.com.

Aramco, which claims on its website to have maximum sustainable capacity of 12m barrels per day, had invested heavily in protecting the production infrastructure itself, but Shamoon targeted PCs, email servers and other, less critical systems.

The company "got pwned [owned]", Kubecka said, employing a phrase used by hackers and gamers to denote victory over a target. She said the attack was traced to an Aramco employee's errant click on a malicious link in a spear-phishing email, but the precise time the email was sent remains a mystery.

In the aftermath, Aramco scrambled to gather the best team of regional and international experts it could to discover what went wrong and prevent a recurrence. The firm subsequently expanded its cyber-security team and built a dedicated operations centre to foster a more proactive environment.

Kubecka also highlighted the scale and wealth of Aramco as key factors in its swift recovery, saying she believed smaller companies could have been crippled by the attack. She claimed Aramco used its private fleet of aircraft to fly its employees to Southeast Asian factory floors, where they purchased as many hard drives as they could. She claimed that the practice had an impact on the market price of PCs and hard drives until as late as January 2013.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code