Thursday, Aug 16, 2012
Dubai: There is no respite for networks in the Middle East from computer viruses as state-sponsored cyber-spying threats intended to steal personal details are growing in the past few years.
Saudi Aramco’s computers were affected by a virus on Wednesday night, forcing the world’s largest crude exporter to stop operations and isolating many of its electronic systems. Oil production wasn’t affected.
The oil giant said in a statement that its networks are safe and operations will resume soon without specifying a time.
Rumours had spread among traders late on Wednesday that the state-owned company had been subjected to a hacking attack.
The virus entered the network through personal computers, the statement said.
“The electronic systems were isolated completely today and access to them from the outside was prevented as a precautionary measure,” Aramco said.
Iran has been the main focus of attacks and especially its oil and nuclear facilities.
The recent Gauss virus has created havoc in the Middle East and was targeted mainly at Lebanese banks.
Jeffrey Carr, CEO of cyber risk management firm Taia Global, said that Lebanese banks have long been watched by US intelligence agencies for their role in facilitating payments to extremist groups. “You’ve got this successful platform. Why not apply it to this investigation into Lebanese banks and whether or not they are involved in money laundering?” he said.
The majority of the infections have been found in Lebanon, Palestine and Israel.
Eleven machines were infected in the UAE while four each in Qatar, Jordan and Saudi Arabia.
Gauss is known to have infected 2,500 PCs, compared with 700 for Flame, and just 20 for Dugu and Stuxnet. Experts point Gauss to be in the same family as Flame.
Stuxnet virus attacked Iran’s nuclear plant two years ago and according to the New York Times it was jointly developed by US and Israel. In April, Iran’s facilities were attacked by Flame virus.
Experts at Kaspersky Lab are seeking help from the public in cracking an “encrypted warhead” they believe was unleashed by Gauss virus and may be poised to search and destroy a high-profile target.
The Russian company has already tried millions of possible keys to unlock the code, so they are now refocusing their efforts on defeating the cryptography used to conceal the underlying code. They believe the secret code may be designed to disrupt Scada (supervisory control and data acquisition) systems used to control equipment used by dams, gasoline refineries, and other types of critical infrastructure.
“Of course, it is obvious that it is not feasible to break the encryption with a simple brute-force attack,” the researchers wrote in a blog post.
“We are asking anyone interested in breaking the code and figuring out the mysterious payload to join us.”
Two of the three sections - exrdat and .exdat - hold data, whilst another - the .exsdat file - is believed to contain the code for decrypting and executing contents of the “warhead”, Kaspersky said.
Furthermore, that programme has to be written in an “extended character set”, such as Arabic or Hebrew, or one that starts with a symbol such as “~”.
Vitaly Kamluk, chief malware analyst at Kaspersky Lab, said it was likely all the targets of Gauss were picked manually. “It must be [going after] something very critical,” he said.
The company has now offered cryptographers the first 32 bytes of encrypted data and hashes from known variants of the modules and has called on those who want to take part in uncovering Gauss’ secrets.
“It is like a pure mathematical problem,” Kamluk added. “We have a definition of the problem, all the required conditions and there are multiple ways of solving it.”
By Naushad K.?Cherrayil Staff Reporter
Gulf News 2012. All rights reserved.
