By Siraj Wahab
The attack that disabled 30,000 workstations at Saudi Aramco in August was not an inside job, and the Kingdom has initiated the process of setting up a national security center to combat cyber crime.
Disclosing the details of a joint investigation at the oil giant’s headquarters in Dhahran yesterday, Interior Ministry spokesperson Maj. Gen. Mansour Al-Turki and Abdullah Al-Saadan, Saudi Aramco’s vice president for corporate planning and head of the investigating team, told reporters that none of the hackers was employed by Saudi Aramco or any of its contractors.
“The attack was planned and executed by an organized group outside the Kingdom having bases in several countries,” said Al-Turki.
The Interior Ministry statement puts to rest all speculation that has been circulating throughout international and local media that one or more Saudi Aramco insiders with high-level access had assisted the hackers.
“The attack originated from foreign soil, and at this point in time we do not wish to reveal the names of the countries and the identities of the hackers for fear of compromising the ongoing investigations and legal proceedings against them,” said Al-Turki.
Al-Saadan said the hackers not only wanted to cripple Saudi Aramco but aimed at striking the Saudi economy by disrupting the supply of oil to international and domestic markets.
“The attack targeted the whole economy of the country, not just Saudi Aramco as an entity,” said Al-Saadan. “The ultimate aim was to stop the flow of oil and gas to domestic and international markets,” he said.
Al-Saadan said the hackers tried for one full month to bring down the system before succeeding in punching in through certain weak points.
“We have plugged all the loopholes, and not a single drop of oil was lost during the crisis,” he said. “The hackers used what is known as ‘spear phishing’ to break into our system,” he said.
He said the hackers and their handlers did not succeed in their ultimate objective of disrupting the supply of oil “because we had in place the processes and systems to manage, as well as sufficient incident response and business continuity plans to deal with such an attack,” he said.
“Built-in system architecture and protections for the primary components of our computer network, including firewalls and segmentation, meant that all our core operations continued smoothly,” he said.
Al-Turki said it was a massive attack, and the hackers were based in several countries spread over four continents. “This was a major crime, and we are doing all we can to bring the cyber terrorists to justice,” he said.
The general did not dismiss the possibility of taking the help of international agencies such as Interpol to bring them to book.
In response to a question from Arab News, Al-Turki said so far the Kingdom had not approached the countries from where the attack originated. “We have had excellent response from countries with which we are on very friendly terms, and we will pursue the criminals wherever they are hiding,” he said.
Al-Turki said a national center to combat such crimes was planned to protect Saudi companies from falling victim to such attacks. “We have received instructions from Interior Minister Prince Mohammad bin Naif to upgrade our facilities and form a center to counter such attacks.”
He said such a center is needed because oil and gas companies, financial institutions, banking firms all operate on computers.
“They can be hacked, and we need to take all measures to protect our assets. This center will work on those measures. Cyber crime is another form of terrorism, and just as we tackle terrorism we will have this center to combat cyber crime,” said Al-Turki.
He said the Kingdom is in touch with GCC countries on the outcome of the investigation.
“We have full cooperation between different agencies and specifically security agencies. We benefit from our experiences, and we will keep communicating with them to draw a comprehensive strategy to combat such international crimes,” said Al-Turki.
The general commended Saudi Aramco for taking quick steps to contain the attack by implementing an emergency plan and preventing access to its electronic network from abroad as a precautionary measure. It was also able to isolate the virus as a result of the accurate design of its network. The company also cleaned all computers of its staff from virus in a record time. It took measures to protect against similar cyber attacks or threats.
“This shows the strength and invulnerability of this great national institution thanks to its human resources, capabilities and advanced systems,” said Al-Turki.