Breaking: Panetta Equating Crude Iranian Cyberattacks with Pearl Harbor, Iran Infiltrated Aramco

Today, the NYT–serving its role as spokesperson for the Cold War against Iran–confirms what blabby Joe Lieberman told CSPAN last month: the government suspects Iran was behind a series of crude cyberattacks on US banks.

Or to put it differently, Leon Panetta wants us to be more afraid of crude DNS attacks on US online banking sites than he wants us to be of the orders of magnitude greater damage the banks cause all by themselves. Because … Iran!

More interesting is the widely reported speculation we think Iran was behind the more serious attack on Aramco.

The attack under closest scrutiny hit Saudi Aramco, the world’s largest oil company, in August. Saudi Arabia is Iran’s main rival in the region and is among the Arab states that have argued privately for the toughest actions against Iran. Aramco, the Saudi state oil company, has been bolstering supplies to customers who can no longer obtain oil from Iran because of Western sanctions.

The virus that hit Aramco is called Shamoon and spread through computers linked over a network to erase files on about 30,000 computers by overwriting them. Mr. Panetta, while not directly attributing the strike to Iran in his speech, called it “probably the most destructive attack that the private sector has seen to date.”

Until the attack on Aramco, most of the cybersabotage coming out of Iran appeared to be what the industry calls “denial of service” attacks, relatively crude efforts to send a nearly endless stream of computer-generated requests aimed at overwhelming networks. But as one consultant to the United States government on the attacks put it several days ago: “What the Iranians want to do now is make it clear they can disrupt our economy, just as we are disrupting theirs. And they are quite serious about it.”

That’s interesting not because the attack did real damage–it didn’t, because it hit the business, not the production, computers.

Saudi Aramco has said that only office PCs running Microsoft Windows were damaged. Its oil exploration, production, export, sales and database systems all remained intact as they ran on isolated and heavily protected systems.

“All our core operations continued smoothly,” CEO Khalid Al-Falih told Saudi government and business officials at a security workshop on Wednesday.

“Not a single drop of oil was lost. No critical service or business transaction was directly impacted by the virus.”

It’s interesting because the malware was introduced into the Aramco network by an insider.

One or more insiders with high-level access are suspected of assisting the hackers who damaged some 30,000 computers at Saudi Arabia’s national oil company last month, sources familiar with the company’s investigation say.


The hackers’ apparent access to a mole, willing to take personal risk to help, is an extraordinary development in a country where open dissent is banned.

“It was someone who had inside knowledge and inside privileges within the company,” said a source familiar with the ongoing forensic examination.

Once you translate the NYT’s spin, here’s what we’re left with:

  • We’re supposed to treat cyberattacks by Iran as an existential threat, even though they expose Iran’s relative impotence in the cyber sphere.
  • We’re supposed to get panicked about computers here at home because Iran succeeded in human espionage with Aramco.

And while Panetta cries wolf over and over, the banksters and the oil companies continue to real damage he ignores.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

10 replies
  1. rosalind says:

    related: SF Chron up with devastating article on earlier fire at Chevron refinery and Cal Osha investigation. Workers had been reporting for months of widespread corrosion – “we’ve increased temperatures and increased rates, and it takes a toll on the equipment.”

    That equipment? Uh, not the correct pipe to handle the product:

    “But Cal/OSHA said in a statement to The Chronicle that the pipe ‘was made of the wrong type of metal for the type of corrosive crude oil flowing through it, creating a risk of fire and breakdown.'”

  2. Jim White says:

    That’s interesting not because the attack did real damage–it didn’t, because it hit the business, not the production, computers.

    That bit really stands out to me because Iran suffered so much damage to its PLC controllers on uranium enrichment centrifuges from the Stuxnet attack. Seems like they had a really good example to work from and at least in this case chose a much more benign target. Was this because this was all they could achieve with their virus technology? Inside access suggests to me that they could have unleashed something just as damaging as Stuxnet to production computers if they had the right technology. Or did they decide that a truly catastrophic attack on Saudi Arabia would result in serious blowback and just chose to demonstrate access and hints of technology?

  3. emptywheel says:

    @Jim White: A couple of thoughts.

    First, it was a MS hack, so it may well be that only the business computers were running shitty operating software.

    But I also wonder whether it wasn’t designed to get at volumes and customers. Since the attack Iran has increased oil production. China is clearly using the embargo to get closer to Iran, to get some leverage in the ME. So I wonder whether it wasn’t designed to get a sense of how the Saudis were managing their own inventories.

    But then why blow up the data, I wonder?

  4. Phil Perspective says:

    @emptywheel: That’s a very good question. And I bet the Saudis and Americans probably spent a day or two wondering why they hit the office computers and not the production ones. They probably just wanted to show they meant business, since it was apparently an inside job of some sort.

  5. scribe says:

    Concur that it was just a “we can do wors but choose not to, yet” display by the Iranians. If that’s who did it.

    Interesting, the whole “Pearl Harbor” line of bullshit was being tried out last Wednesday or Thursday in the German papers. I guess they were market-testing it or something.

    Of course, the knuckleheads in the Pentagon couldn’t be more clear in broadcasting their support for bigger budgets and, therefore, Romney, when they come up with this kind of bullshit. I mean, calling something a “Pearl Harbor” when it happens “on your watch” and only a month-plus ahead of a presidential election can’t but help re-elect the incumbent. Right?

    Admiral Kimmel and General Short would beg to differ.

  6. What Constitution says:

    Oh, and “Cyberattacks by Iran = Pearl Harbor”, whereas “Cyberattacks against Iran = Prudence”.

  7. shekissesfrogs says:

    Anything and everything that happens in ME or to its people is blamed on either Hizbollah or Iran, even when it comes to the extremely vulnerable windows OS, or a bomb in the mafia state of Bulgaria.

    Speculation that it’s an inside job will result in more jobs taken away from shia and workers replaced with sunni immigrants.

Comments are closed.