Iranian Latest

Saudi Aramco Network Hit With Cyber-Attack

Apparently they shut down the network:

Saudi Aramco, Saudi Arabia’s national oil company and the largest in the world, has confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations, but did not affect other parts of its network.

“On Wednesday, Aug. 15, 2012, an official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,” the company wrote in a statement.

“The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network.”

The company did not comment on the vector of attack or who may behind it, but insists its core operations have not been impacted as a result of the security breach.

Word is that this was due to the Disttrack malware that was only discovered yesterday:

Malware being used in a new series of targeted attacks has bucked the trend, choosing to destroy the computers it infects rather than just stealing sensitive information, security researchers said.

Called "Disttrack", the malware corrupts files, overwrites the infected machine's master boot record, and destroys the data so that it can't be recovered, according to reports from Symantec Security Response, Kaspersky Lab's Global Research and Analysis Team, and McAfee on Thursday. Disttrack has been observed in the Shamoon attacks, which has already affected at least one organization in the energy sector, Symantec said, but the company declined to provide any other details about the affected organization(s).

Given the unusual destructiveness of the malware, one can't help suspecting an Iranian or Syrian revenge operation - but no evidence one way or another at present.  Anyway, pretty interesting to have the world's largest oil company victim of a major cyberterrorism incident.

NY Times: US involved in Stuxnet

As far as I can see, the NY Times is burying the lead in this story.  I think the most important news is:

Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran’s ability to buy components and do business around the world.

Some Musings On the Bradley Manning Charges

The things that Bradley Manning is currently charged with are here.  The essence of it is that between Nov 2009 and May 2010, he used his access to the US classified secret network (SIPRnet) to download a number of things, move them to his personal unclassified computer, and then give them to other unauthorized parties (presumably including Wikileaks).  The things he is is accused of thus misusing include:

• a classified video of a military operation in Baghdad
• a classified PowerPoint video
• more than 150,000 state department cables

He is also accused of uploading unauthorized software onto a SIPRnet computer (we don't know what software it was).  He is also a person of interest in the leak of dispatches about the Afghanistan war (and apparently boasted to Adrian Lamo that he did so leak).

For the purposes of this discussion, let's assume that he did these things, or at a minimum, that his position as a military analyst in Iraq, and his resulting access to SIPRnet, made it possible that he could have done these things.  There is also no indication at this time that Manning had any advanced hacking skills - all the coverage I've read indicates that he just downloaded this stuff and burned it onto CDs.  Let's assume that's true also.

City Crippler Car Worms