Iran confirms cyberattacks against oil facilities
Reminiscent of Stuxnet and Duqu attacks, but Symantec believes they were likely simpler website hacks
Computerworld - Iran's oil ministry today confirmed that it was the target of malware attacks over the weekend, adding to reports by state-run media that the country's oil industry was hit by hackers.
The Mehr News Agency, which is a semi-official arm of the Iranian government, reported Monday that the country's principal oil terminal on Kharg Island was disconnected from the Internet as part of the response to the attacks. Email systems associated with the targets were also pulled offline.
Kharg Island, which is in the Persian Gulf off the western coast of Iran, handles the bulk of the country's oil exports.
A spokesman for the Ministry of Petroleum acknowledged the attacks, but said that critical servers at the reported targets -- the ministry, Iran's national oil company and Kharg Island -- were not affected because they are isolated from the Internet.
The ministry spokesman also said that the malware, which he did not identify, resulted in the theft of some user information from websites and some minor damage to data stored on the web servers. According to the ministry, no data was actually lost because backups were available.
Later Monday, Mehr reported that the attacks had prompted authorities to create a crisis management committee to counter the threats.
Those reports were echoed Monday by the Fars News Agency, which also has ties to the Iranian government.
The attacks immediately brought to mind Stuxnet, the worm that targeted Iran's nuclear fuel enrichment project in 2009, and reportedly set back the program after damaging hundreds of gas centrifuges.
Symantec, whose researchers were instrumental in analyzing Stuxnet three years ago, said it could not corroborate Iran's claims that a worm was responsible for the new attacks. But Liam O Murchu, manager of operations with Symantec's security response team, did note that Duqu, malware that some experts had tagged as a follow-up to Stuxnet, had infected some Iranian computers last year.
In November 2011, Iranian officials admitted that Duqu had done some damage, but claimed that the malware was "under control."
Earlier in 2011, Moscow-based Kaspersky Lab said that the "Stars" malware -- which an Iranian military officer confirmed had targeted Iranian machines in April -- was probably a part of Duqu.
O Murchu said the same today.
"And one of the industries that Duqu targeted was the energy industry," said O Murchu. He said there was no concrete evidence to link Duqu to Sunday's attacks, however.
Duqu resurfaced in late March 2012 after a five-month hiatus, O Murchu and other researchers said at the time.
O Murchu suspected that the recent attacks were aimed at Iranian websites, and were likely not based on a worm. "They do give the impression that it was an outside attack, rather than a malicious piece of software," said O Murchu, citing such things as the sites being yanked from the Internet.
While it's unusual for victims to acknowledge attacks -- doubly so for governments or critical industries -- Iran has publicly confirmed previous attacks. In this case, it may have felt it had no alternative.
"When someone has to take down a public website, that's different," said O Murchu, leaning toward that explanation for Iran's attack acknowledgement.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- The NSA blame game: Singling out RSA diverts attention from others
- Jury still out on FISA court
- Suspected China-based hackers 'Comment Crew' rises again
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- South Korea cyberattacks hold lessons for U.S.
- U.S. military networks not prepared for cyberthreats, report warns
- Return of CISPA: Cybersecurity boon or privacy threat?
- New report says cyberspying group linked to China's army
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts