Mideast cyberwar endangers gulf energy

Oct. 24, 2012 at 2:12 PM
share with facebook
share with twitter
Sign up for our Energy newsletter

DUBAI, United Arab Emirates, Oct. 24 (UPI) -- The energy industry in the Persian Gulf, which supplies more than one-third of the world's oil supplies and much of its natural gas, is finding itself vulnerable to cyberattack, a form of warfare the United States, Israel and Iran are increasingly using.

"Rising regional political tensions and a flurry of recent cyberattacks have raised fears about the growing use of viruses to target critical national infrastructure in the Middle East," the Financial Times warned.

The dangers to the energy industry in a strategic region are growing all the time as the key protagonists in the cyberspace develop increasingly effective and potentially destructive viruses, energy specialists say.

These dangers were dramatically underlined in recent weeks with cyberattacks on Aramco, Saudi Arabia's state oil monopoly and the world's leading producer, and RasGas, a joint venture between Exxon Mobil of the United States and state-owned Qatar Petroleum, in the neighboring gas-rich emirate of Qatar.

The discovery in September of a highly infectious variant of the W32.Flame virus that was used in a recent cyberattack on Iran's national oil infrastructure, already battered by ever-tightening U.S. and European sanctions, has caused alarm about the effects of future attacks.

The new variant has been dubbed Mini-Flame and has been detected in Iran and Sudan.

Another virus, an espionage malware known as Gauss was allegedly used by the United States and Israel to attack Lebanon's banking system, suspected of laundering money for Iran and Hezbollah, its powerful Lebanese proxy, as well as the embattled Syrian regime.

Gauss was used in strikes against targets in the Palestinian territories and Iran.

"If Flame and Gauss were massive cyberespionage operations, infecting thousands of users, then Mini-Flame is a high-precision, surgical attack tool," says Kaspersky Lab, a Moscow IT security company.

Its researchers have conducted major investigations of the malware attacks that began with the U.S.-Israeli Stuxnet strikes that sabotaged the uranium enrichment program of Iran's nuclear project in 2009-10, which the United States and Israel insist is intended to provide Tehran with nuclear weapons.

So intense is the development of new, more powerful viruses, that Kaspersky and others in the field say they fear that "researchers have only begun to scratch the surface of cyberwarfare being waged" in the Middle East, the Financial Times observed.

U.S. researchers discovered in May that W32.Flame had been extracting massive amounts of data from Iranian computers for several years.

The Aug. 15 attack on Aramco provides a chilling example of how the Persian Gulf's energy industry, on which so many countries depend to fuel their economies, could be crippled for an extended period without firing a shot.

The virus used to attack Aramco, the world's largest oil monopoly, and RasGas has been dubbed Shamoon, after a word embedded in its code. It wiped the memory of three-quarters of Aramco's digital system, disabling 30,000 computers.

The company claimed the system was quickly restored, but there have been persistent reports that Aramco's computerized systems aren't fully restored.

That attack was claimed by a group calling itself the "Cutting Sword of Justice." The data wiped from Aramco's hard drives was replaced by an image of a burning U.S. flag.

That indicated the attack was the work of hackers opposed to Saudi Arabia's policies. But U.S. investigators believe this was a decoy and that Iran was responsible.

In May, the National Iranian Oil Co., in normal times the second largest oil producer behind Saudi Arabia in the Organization of Petroleum Exporting Countries, was attacked by the W32.Flame virus.

It disrupted connections between the Oil Ministry in Tehran, production centers and facilities across the country, including the big export terminal on Kharg Island in the northern end of the gulf.

Before the sanctions took their toll, 85 percent of Iran's oil exports, lifeblood of its economy, flowed through Kharg.

If, as the Americans contend, Shamoon was a heavily disguised Iranian virus, designed to deflect attention from Tehran, other attacks on the oil and gas infrastructure of the gulf's Arab kingdoms are likely as regional tensions swell.

Kaspersky says that as cyberweapons become more sophisticated, industrial computer systems, like those in the gulf, will be increasingly vulnerable to attack.

"Next year will see an escalation of cyberweapons," Eugene Kaspersky, cofounder of the Russian IT security outfit, warned in Dubai.

Related UPI Stories
Trending Stories