August 23, 2012

The Significance of the Aramco Hack

Lots of press on the Aramco virus and DDoS attack.  But there are two key points that should be emphasized about the breach:

  1. This is the first significant use of malware in a hacktivist attack.  In the past, as we described in our February report, most hacktivist attacks were primarily application or DDoS attacks.
  2. Antivirus doesn't work.  Hackers claim to have infected 30K PCs, which, if true, represents a 75% infection rate of all the company's computers.  Ouch.  Evidence continues to pile up for the need for a new security model.

However, one should not miss the key evolutionary step this attack represents.  In the last couple of years, it became very popular to single out the Chinese, US and Israeli governments for cyber-warfare.

However, this is why the Aramco attack is so interesting. Why?  In this case, it wasn’t a government, it wasn’t an agency nor a company.  This time it was hacktivists working for a political and social cause.   In other words, a group of hobbyists and hacktivists with several very strong minded developers and hackers achieved results similar to what we have allegedly seen governments accomplish. Does this mean that the power of the hacktivism has become so strong that it can compete with government cyber warfare organizations?

Authors & Topics:

Share on LinkedIn


There are 2 parties that will lose from Saudi stopping to produce oil, The west, and the Saudis.

Those that will benefit are all other OPEC countries (as they will sell more oil), as well as all those who want to see the western civilization being brought down.

So if it is state sponsored, it will be one of their local neighbors. Not Israel/USA/Europe.

The security model needed for today is different from what was built for yesterday. This being the case, security professionals should look for a better model to address tomorrow's needs.

The 30K computers which were infected might have the antivirus without having the virus definitions not being updated. The gap between the virus infection and vulnerability identification is something to be looked into before ruling out the AV completely.

Jeff: You make a good point. As I said in a February NYT article, "Hacktivism gives anyone any excuse to hack anyone at anytime." This includes government, private hackers and politically motivated actors. Its a very convenient proxy. However, this was the first significant attack involving malware. To your point, this could indicate something state sponsored, but is very hard to tell.

Thanks for the contribution.

Rob, it's impossible to distinguish between a hacker and hacktivist because they could easily be the same person. It's not like they're different species. Further there are good reasons to believe that this was a state-sponsored attack and there are reports coming out of Saudi Arabia to support that.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.