striking American corporations,
prompting warnings from federal
officials, including a vague one issued
last week by the Department of
Homeland Security. This time, officials
say, the attackers' aim is not
espionage but sabotage, and the
source seems to be somewhere in the
Middle East.
The targets have primarily been
energy companies, and the attacks
appeared to be probes, looking for
ways to seize control of their
processing systems. The attacks are
continuing, officials said. But two
senior administration officials said
Sunday that they were still not certain
exactly where the attacks were
coming from, or whether they were
state-sponsored or the work of
hackers or criminals.
"We are concerned by these
intrusions, and we are trying to make
sure they don't lead to something
much bigger, as they did in the Saudi
case," said one senior American
official. He was referring to the
aggressive attack last summer that
affected 30,000 computers at Saudi
Aramco, one of the world's largest oil
producers. After lengthy
investigations, American officials
concluded that Iran had been behind
the Saudi Aramco attack.
Another official said that in the new
wave of attacks, "most everything we
have seen is coming from the Middle
East," but he did not say whether Iran,
or another country, appeared to be the
source.
Last week's warning was unusual
because most attacks against
American companies - especially those
coming from China - have been
attempts to obtain confidential
information, steal trade secrets and
gain competitive advantage. By
contrast, the new attacks seek to
destroy data or to manipulate
industrial machinery and take over or
shut down the networks that deliver
energy or run industrial processes.
That kind of attack is much more like
the Stuxnet worm that the United
States and Israel secretly used against
Iran's nuclear enrichment plants
several years ago, to slow Iran's
progress toward a nuclear weapons
capability. When that covert program
began, President Barack Obama,
among other officials, expressed
worry that its eventual discovery could
prompt retaliatory attacks.
Two senior officials who have been
briefed on the new intrusions say they
were aimed largely at the
administrative systems of about 10
major American energy firms, which
they would not name. That is similar
to what happened to Saudi Aramco,
where a computer virus wiped data
from office computers, but never
succeeded in making the leap to the
industrial control systems that run oil
production.
The Washington Post first reported
the security warning on Friday. Over
the weekend the Obama
administration described what had led
to the warning. Those officials began
describing the activity as "probes that
suggest someone is looking at how to
take control of these systems."
According to one U.S. official,
Homeland Security officials decided to
release the warning once they saw
how deeply intruders had managed to
penetrate corporate systems, including
one that deals with chemical
processes. In the past, the
government occasionally approached
individual companies it believed were
under threat. Last week's warning "is
an effort to make sure that the
volume and timeliness of the
information improves," in line with a
new executive order signed by the
president, one senior official said.
The warning was issued by an agency
called ICS-Cert, which monitors
attacks on computer systems that run
industrial processes. It said the
government was "highly concerned
about hostility against critical
infrastructure organizations," and
included a link to a previous warning
about Shamoon, the virus used in the
Saudi Aramco attack last year. It also
hinted that federal investigations were
under way, referring to indications
"that adversary intent extends beyond
intellectual property to include use of
cyber to disrupt business and control
systems."
Post a Comment