Latest cyberattack on Iran targets oil export facilities

Computer servers at the government oil ministry and the National Iranian Oil Co. are the apparent target of a cyberattack via a data-deleting virus, Iranian officials have acknowledged. Previous attacks struck at Iran's nuclear program.

Raheb Homavandi/Reuters/File
Gas flares from an oil production platform, as an Iranian flag is seen in the foreground, at the Soroush oil fields in the Persian Gulf, some 776 miles south of the capital Tehran, in this July 2005 file photo.

Iran's oil export facilities are the apparent target of computer malware, an attack that penetrated computer servers at both the government oil ministry and the National Iranian Oil Co.

The cyberattack – one of several Iran has endured over the past few years – comes as Iran and an international coalition of six nations, including the US, prepare for more talks next month over the extent of Iran's nuclear ambitions. To put pressure on Iran to cooperate with efforts to verify the scope of its nuclear program, the United States has been discouraging the international community from buying Iranian oil.

Initial reports from Iran are that a computer virus, dubbed "Viper," wiped data from the targeted servers.

Alireza Nikzad, a spokesman for Iran's oil ministry, told the Fars news agency, which has ties to the government, that Sunday's attack was a "virus" that "attempted to delete data on oil ministry servers." Another Iranian news agency cited Mr. Nikzad as identifying the virus as Viper.

"This cyberattack has not damaged the main data of the oil ministry and the National Iranian Oil Company (NIOC) since the general servers are separate from the main servers; even their cables are not linked to each other and are not linked to Internet service," Nikzad said in the reports. "We have a backup from all our main or secondary data, and there is no problem in this regard."

But in another statement posted on the oil ministry's news website, SHANA, Nikzad said the virus did indeed wipe some data from official servers – but with limited damage, Agence France Presse reported.

"To say that no data was harmed is not right. Only data related to some of the users have been compromised," Nikzad said, according to AFP. Websites of the Iranian oil ministry and NIOC were also knocked offline, reports said.

Authorities told Iranian news agencies that oil exports were not disrupted. At least 80 percent of Iranian oil is shipped from Kharg Island, the nation's big export terminal.

The cyberattack on Iran's oil facilities could be perpetrated by a nation sending Iran a not-too-subtle message: Start negotiating with the international community over your nuclear weapons program or lose the ability to export oil, say some US cyberwarfare experts. Or, it could be the work of a lone hacker taking a digital potshot.

Either way, Iran is expected to take the attack seriously, these experts say.

"It looks like this virus was not designed to attack the industrial control systems that operate Iran's oil-pumping operations," says John Bumgarner, research director for the US Cyber Consequences Unit, a nonprofit security think tank that advises government and industry. "If it had been, the attackers could have done serious damage to those plants. By taking over servers and wiping the data so they can't function, that's only a temporary disruption – possibly one designed mainly to send a message like, 'We are in your oil export system, so you better start negotiating.' "

Whether or not that's the message, it's clear that Iran has been hit with a barrage of cyberattacks, including Stuxnet, the world's first publicly identified cyber superweapon. In 2009 it began sabotaging Iran's Natanz nuclear centrifuge facility, eventually destroying 1,000 centrifuges and setting the program back by years, some experts say.

Iran also has had to deal with Duqu, a sophisticated espionage program that appears to have targeted industrial networks inside the country. Another attack, about which little is understood, is said to involve a malicious cyberweapon that Iranian officials dubbed "Stars."

In response to this activity, Iran has said it is ramping up a cybermilitary unit. Hamdollah Mohammadnejad, deputy oil minister in charge of civil defense, also said a special unit had been set up to confront the Viper attack, the Associated Press reported.

Other possible messages from the Viper attack? Perhaps a warning about the US stealth drone that went down in Iran in December. Iran acknowledged the Viper attack on the day after Tehran announced it had reverse engineered the sophisticated drone and would begin developing an Iranian duplicate.

"Cyber attacks are much more elegant than saboteurs placing bombs at the facility. The Iranians must be really frustrated and will be desperate to retaliate," says James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington.

"This is not a big, noisy violation of national sovereignty," Mr. Lewis adds. "And it just doesn't create the same level of outrage that an air attack or a commando team would create. It's low political risk – no worries about captured pilots or agents. This makes cyberattack attractive."

Others, however, say such cyberattacks won't succeed as a tool to press Iran to curtail its nuclear program, which Iran's foes see as a fig leaf for creating a nuclear bomb.

If that's the intent, "it's unlikely to be effective," says Douglas Shaw, assistant professor at George Washington University's Elliott School of International Affairs and an expert nuclear nonproliferation and arms control. Iran's defiance of the international community has been longstanding, he notes. It has also been hit already by more formidable cyberweapons, without any sign of undermining Iran's determination to continue with its nuclear program, he says.

The peril of using cyberweapons to sabotage Iran's oil exports is that such actions could trigger a cyberwar. 

"If you start engaging in cyberattacks with physical consequences, thereby blurring the line between increasing international pressure and war, that strikes me as unlikely to succeed," says Dr. Shaw. "If the Iranians ever think they can detect a return address [for these cyber attacks], then I think it's highly likely we will see escalation."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Latest cyberattack on Iran targets oil export facilities
Read this article in
QR Code to Subscription page
Start your subscription today