‘No emails, no phones, nothing’: How Saudi Aramco - the world's biggest oil company - survived a debilitating cyber attack by Stephen McBride

13/08/2015 13:07

An independent cyber security consultant has described how Saudi Aramco had to get by on typewriters and paper, after the August 2012 cyber-attack that disabled more than 30,000 of the company's workstations for almost two weeks.

A cyber cabal calling itself "Cutting Sword of Justice" launched the hacktivist campaign against the state-controlled oil company in protest against the ruling Al Saud family. The gang's Shamoon virus hit systems for several hours on 15 August, 2012, before admin staff shut down machines as a mitigating measure. Aramco's public statements at the time claimed oil production had not been affected, but in December 2012 the company admitted that critical infrastructure had been the intended target.

Speaking at this week's Black Hat conference in Las Vegas, Chris Kubecka, who was tasked with securing Aramco's EMEA satellite offices in the wake of the attack, said the oil giant initially had, "No emails, no phones, nothing", according to a report from the darkreading.com website.

Aramco, which claims on its website to have maximum sustainable capacity of 12 million barrels per day, had invested heavily in protecting the production infrastructure itself, but Shamoon targeted PCs, email servers and other, less critical systems.

The company "got pwned [owned]", Kubecka said, employing a phrase used by hackers and gamers to denote victory over a target. She said the attack was traced to an Aramco employee's errant click on a malicious link in a spear-phishing email, but the precise time the email was sent remains a mystery.

In the aftermath, Aramco scrambled to gather the best team of regional and international experts it could to discover what went wrong and prevent a recurrence. The firm subsequently expanded its cyber-security team and built a dedicated operations centre to foster a more proactive environment.

Kubecka also highlighted the scale and wealth of Aramco as key factors in its swift recovery, saying she believed smaller companies could have been crippled by the attack. She claimed Aramco used its private fleet of aircraft to fly its employees to Southeast Asian factory floors, where they purchased as many hard drives as they could. She claimed that the practice had an impact on the market price of PCs and hard drives until as late as January 2013.