Peak Oil is You

Donate Bitcoins ;-) or Paypal :-)

Page added on August 30, 2012

Bookmark and Share

Huge natural gas producer knocked offline by malware attack

Huge natural gas producer knocked offline by malware attack thumbnail

One of the world’s biggest producers of liquefied natural gas has been hit by a malware attack that has taken down its website and e-mail servers. This is the second documented computer attack to hit a large energy company this month.

Officials with Qatar-based RasGas first identified an “unknown virus” on Monday and took their website and e-mail servers offline in response, Bloomberg News and other news agencies reported on Thursday morning, citing company representatives. Operational systems weren’t affected and production and deliveries remain intact. A joint venture between Qatar Petroleum and ExxonMobil, RasGas exports about 36.3 million tons of liquefied natural gas per year.

News of the attack comes four days after Saudi Aramco, the world’s largest oil producer, confirmed it was the victim of a separate malware attack that took down 30,000 workstations. The assault against the Saudi Arabia-based company was launched on August 15 as the malware entered through its network of personal computers. Oil production wasn’t affected, company officials have said.

The attacks come as security researchers are tracking a malware campaign directed at unspecified companies in the energy industry. “Shamoon,” as the trojan has been dubbed, wreaks havoc on its victims by attempting to permanently wipe the hard drives of the computers it infects and prevents them from restarting. In a blog post, Symantec researchers said that the Shamoon malware, which also goes by the name “Disttrack,” struck at least one unnamed company in the energy industry.

A separate advisory by Israel-based Seculert said that Shamoon attacked “several specific companies in a few industries.” The Seculert post went on to say the wiping function was only one of two stages found in the malware. Company researchers speculate the disk erasure may have been put in place to remove traces of the other action, which may have been surveillance or data theft.

So far, there’s no confirmation that Shamoon is the same malware that struck either RasGas or Saudi Aramco.

“Usually, targeted attacks are being used against companies at the same vertical,” Seculert CTO Aviv Raff wrote in an e-mail to Ars. “So it is not surprising to see such an attack against another company in the oil and energy industry. I believe that if it’s indeed the same attack, they are probably using this to cover their tracks of the actual intended action against RasGas.”

He said a non-disclosure agreement bars him from naming the companies affected or identifying their industries.

Based on the information that is publicly available, the attacks on RasGas and Saudi Aramco appear to be major inconveniences rather than catastrophic events. Assuming that’s truly the case, the unsung heroes are the engineers who separated e-mail and Web servers from critical energy production and delivery systems. With confirmation of attacks against two of the world’s biggest energy producers, it’s worth investigating how and if all companies in this industry are designing their systems to withstand such campaigns.

5 Comments on "Huge natural gas producer knocked offline by malware attack"

  1. dissident on Thu, 30th Aug 2012 10:38 pm 

    Maybe some payback for supporting terrorists in Syria.

  2. BillT on Fri, 31st Aug 2012 12:29 am 

    The war has begun. Tanks and bombers are passe’. Cyber warfare is the new game. Why send troops when a few computer geeks can equal a regiment. And if you think only the empire has that capability…get a life. China has the fastest super computer now and technology is no longer the domain of a few.
    Wait until it escalates to the banking system. Do you have enough cash on hand to live without your bank account?

  3. DC on Fri, 31st Aug 2012 3:12 am 

    Only a website and some email. Neither of which are critical to industries functioning, unless you make industry dependent on them totally…..

    Point is, neither email or websites are necessary to run a mill, or a refinery, or w/e. How did we ever manage before this you ask…..

  4. Arthur on Fri, 31st Aug 2012 8:50 am 

    The only question that remains is, did this RasGas attack originate from Teheran or Tel Aviv?

  5. Arthur on Fri, 31st Aug 2012 8:55 am 

    But as DC says, this is a non-issue; the article admits that oilproduction was not affected. The only group that was really hurt were the wives of the employees, who for a few hours could not tell their husbands what to do, which is good for the

Leave a Reply

Your email address will not be published. Required fields are marked *