US thinks Iran behind cyberattack in Saudi: ex-official

Oct 13, 2012 by Dan De Luce
This file photo shows visitors passing by the stand of Saudi Arabia's national oil company Aramco at the Abu Dhabi International Petroleum Exhibition, in 2008. The US believes Iran was behind a major cyberattack on Aramco and a Qatari gas firm, a former US official who has worked on cybersecurity issues said on Friday.

The United States believes Iran was behind a major cyberattack on Saudi Arabia's state oil company and a Qatari gas firm, a former US official who has worked on cybersecurity issues said.

In a major cybersecurity speech on Thursday, Defense Secretary Leon Panetta issued a veiled warning to Tehran that Washington is ready to take preemptive action to protect US computer networks, the former official said.

US government agencies have concluded that Iran orchestrated the "shamoon" virus that disabled tens of thousands of computers at Saudi Aramco and struck Qatari natural gas firm RasGas as well, said James Lewis, who has worked for the State Department and other government agencies on national security and .

American officials had "more than a suspicion" that Iran was to blame for the August attacks, that also possibly included recent attacks on some US banks, said Lewis, a senior fellow at the Center for Strategic and International Studies think tank.

"There's generally a conviction that it was Iran," he told AFP.

Lewis said he was not privy to the intelligence reports that backed up the assertion, but said it was implausible the Iranian government would not be aware of a major cyber operation coming from sources inside the country.

"How could you do something that consumed a massive amount of bandwidth in Iran and not have the government notice, when it's monitoring the Internet for political purposes?" he asked.

US government officials had concluded that Iran likely launched the attack in retaliation for US-led sanctions over its nuclear program and a cyber sabotage campaign reportedly backed by Washington, he said.

A senior administration official, who spoke on condition of anonymity, told AFP the on the Gulf oil giants was believed to be carried out by a "state actor" and acknowledged that Iran would be a prime suspect.

In his speech, Panetta referred to the "shamoon" virus for the first time publicly, saying it erased critical files on about 30,000 computers at Saudi Aramco, the world's largest oil company.

He said the virus, which hit Qatar's Rasgas a few days later, was "probably the most destructive attack that the private sector has seen to date."

The Pentagon chief also spoke of "foreign actors" probing sensitive US networks and cited on some large US financial companies in recent weeks.

While he reiterated US concerns about cyber threats linked to Russia and China, Panetta said Iran was building up its digital capabilities.

In the same speech to business executives in New York, Panetta said the United States had improved its ability to track the origin of digital attacks and suggested the military stood ready to take preemptive action in cyberspace to protect vital networks.

"He came as close to fingering Iran for some of the disruptions we've seen in the last month as you could do without actually saying it by name," said Lewis, who has advised the US government on cyber security.

"Hopefully, the Iranians picked it up as a warning."

Iran has advanced its digital warfare capacity faster than US officials had anticipated, Lewis said, though the attack on Saudi Aramco was relatively unsophisticated.

"We're used to China, we're used to Russia. But Iran is new, Iran is different. And a lot of people didn't think it would develop this quickly," he said.

US officials said information about the recent cyberattacks was declassified to allow Panetta to refer to the incidents in his speech.

The "shamoon" virus wiped out crucial files and replaced them with images of burning American flags.

Two weeks after the August 15th cyberattack on Saudi Aramco, the company announced it had restored its main internal network and that the assault had not disrupted oil production.

The firm targeted in Qatar, RasGas, is a joint venture between American oil firm Exxon Mobil Corp and state-controlled Qatar Petroleum.

Explore further: Vatican's manuscripts digital archive now available online

add to favorites email to friend print save as pdf

Related Stories

Virus origin in Gulf computer attacks in question

Sep 04, 2012

(AP)—Security technicians are beginning to suspect that highly targeted virus attacks were behind the recent crippling of computer systems at two major Gulf energy companies, even as questions swirl about ...

US military prepares new rules for cyber war: Panetta

Oct 12, 2012

The United States faces a growing threat of a "cyber-Pearl Harbor" and has drafted new rules for the military that would enable it to move aggressively against digital attacks, Defense Secretary Leon Panetta ...

Iran 'mobilizing' for cyberwar with West: experts

Apr 26, 2012

Iran is busy acquiring the technical know-how to launch a potentially crippling cyber-attack on the United States and its allies, experts told a congressional hearing on Thursday, urging the US to step up ...

Iran oil sector hit by 'cyber attack'

Apr 23, 2012

A voracious virus attack has hit computers running key parts of Iran's oil sector, forcing authorities to unplug its main oil export terminal from the Internet and to set up a cyber crisis team, according ...

Obama stepped up cyberattacks on Iran: report

Jun 01, 2012

US President Barack Obama accelerated cyberattacks on Iran's nuclear program and expanded the assault even after the Stuxnet virus accidentally escaped in 2010, the New York Times reported Friday.

Recommended for you

Kickstarter suspends privacy router campaign

Oct 20, 2014

Kickstarter has suspended an anonymizing router from its crowdfunding site. By Sunday, the page for "anonabox: A Tor hardware router" carried an extra word "(Suspended)" in parentheses with a banner below ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
3 / 5 (4) Oct 13, 2012
The targets were individual control boxes linked by wireless. There was no security only the candy toy winblows NT operating system which has over 100,000 known exploits. So war must begin because cheap millionaires don't want to hire a security consultant, according to this technocrat Defense Secretary Leon Panetta.

USA has no credibility and is pining for any excuse for getting on board with Netanyahu. Here Israel lobbyist Patrick Clawson strategizes how to trick the United States with a false flag attack into going to war against Iran on behalf of Israel: http://www.juanco...ran.html

So Americans are happy to kill their own as public policy to start wars. Disgusting. Not even insects do that.
loneislander
1 / 5 (1) Oct 13, 2012
USA has no credibility and is pining for any excuse for getting on board with Netanyahu. Here Israel lobbyist Patrick Clawson strategizes how to trick the United States with a false flag attack into going to war against Iran on behalf of Israel: http://www.juanco...ran.html


Wow, I liked your first paragraph but thought your second (partially quoted) was just you being a crank. Then I watched the clip.

Patrick Clawson is insane. Plainly insane. That he believes Iran should be provoked is outrageous (as if they haven't been pushed far enough --> How ~did~ they end up with a Shaw?), but, that an "institute" exists which would stand this guy up and listen to him is symptomatic of a much deeper illness.

We're all in trouble if this extremism becomes normalized.

(Arg!, "nuk-yu-ler"! Two syllables fer frig sakes: 1) "nu" 2)"clear" there's no middle syllable)
indio007
3.7 / 5 (3) Oct 13, 2012
The virus probably was started by some oil futures trader with a very large put.

Pinetta claimed 100k computers had to be completely replaced.
I'm calling BS on that.
The tard doesn't even know the difference between software and hardware.
rwinners
1 / 5 (1) Oct 14, 2012
Again, who started this? Didn't 'we'?