Skip to: Content
Skip to: Site Navigation
Skip to: Search

More telltale signs of cyber spying and cyber attacks arise in Middle East (+video)

A Saudi energy company has lately confirmed that its computer networks were targeted by a cyberattack. But perhaps more important is the discovery of Gauss, malware believed to be related to the Stuxnet worm that attacked Iran's nuclear centrifuges in 2009.

By Staff writer / August 21, 2012

John Bumgarner, research director for the US Cyber Consequences Unit, a non-profit group that studies the impact of cyber threats, holds a notebook computer while posing for a portrait in Charlotte in this December 2011 file photo.

John Adkisson/Reuters/File


More evidence has surfaced that the Middle East has become a cyberspace free-fire zone, with revelations about a destructive new cyberattack on at least one energy company and the exposure of a sophisticated cyberespionage program aimed at Lebanese banks.

Skip to next paragraph
CEO of Kaspersky Labs, a Moscow-based cybersecurity company, talks about 'the era of cybersecurity weapons.'

Saudi Arabia's national oil company, Saudi Aramco, confirms reports that its computer networks were shut down last week by a malware attack. While its business network was impaired, the "interruption has had no impact whatsoever on any of the company’s production operations," Aramco reported on Facebook Aug. 15.

The next day, computer security firm Symantec announced that an energy firm it would not identify had been targeted by malware that made any computer it infected unusable by wiping clean sectors of the hard drive. There has been no reported connection between Saudi Aramco and the Symantec announcement.

The new software attack weapon, dubbed Shamoon by cybersecurity researchers, is the most recent in a series of attacks targeting key infrastructure in the Middle East region. Stuxnet, discovered in 2010, wrecked nuclear centrifuges in Iran, while its brethren, Duqu and Flame, were designed to clandestinely steal network data.

The Saudi Aramco attack and the Symantec report are reminiscent of Iran's claim that its oil terminal facilities were hit in April by a software weapon it called "Wiper." But analysis comparing the Iranian malware with the just-discovered Shamoon weapons shows them to be unrelated in terms of their authorship, according to Kaspersky Labs, a Moscow-based cybersecurity company.

"Our opinion, based on researching several systems attacked by the original Wiper, is that it is not" Shamoon, reported Kaspersky's Global Research & Analysis Team. "It is more likely that this [Shamoon attack] is a copycat, the work of script kiddies inspired by the story." "Script kiddies" are hackers who have little expertise of their own but who slightly modify existing malware.

A group calling itself the Arab Youth Group has claimed responsibility for the Saudi Aramco attack, decrying Saudi leaders for their ties to the US. But the group's claim has not been verified. "This action has been done in order to warn the Saudi rulers," said the group's message posted on pastebin, a website often used by hackers to communicate. "If the rulers of Saudi Arabia continue to betray the nation, [they] will face more severe action."

If the Saudi Aramco cyberattack does not appear to be the work of a top-notch sophisticated team, the same cannot be said for another newly discovered act of cyberespionage, dubbed Gauss. Kaspersky publicly disclosed its existence earlier this month. 

Gauss has been linked to a suite of cyberweapons reportedly developed by the United States and Israel to spy on Iran and attack its nuclear infrastructure, Kaspersky researchers who discovered it reported. Stuxnet, Duqu, Flame, and now Gauss share digital features that indicate they were made by the same developer, they conclude.

"After looking at Stuxnet, Duqu, and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories,' ” states the Kaspersky analysis. "All these attack toolkits represent the high end of nation-state sponsored cyber-espionage and cyberwar operations, pretty much defining the meaning of 'sophisticated malware.' ”


Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer


Doing Good


What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

Become a fan! Follow us! Google+ YouTube See our feeds!