A spokesman for RasGas, the second largest producer of Qatari liquefied natural gas after Qatar Petroleum, confirmed that the company’s office systems were hit by a virus on August 27, 2012 and is still struggling to overcome the attack. The nature of the virus is still unknown and according to the spokesman, the virus did not affect operations in Ras Laffan Industrial City nor cargo deliveries. The attack seems to be limited to office computer systems which has put the company offline. On August 15, 2012, days ahead of Eid El Fitr, at a time when Saudi alertness or vigilance is not at its highest, Aramco was also the target of a malware attack which has suspended the company’s website and office systems for 10 days. Just like the latest attack on RasGas, the attack against Aramco did not affect its operation activities.
A previously unknown group, which goes by the name of “Cutting Sword of Justice”, has claimed responsibility for the attack against Aramco and similar claims are likely to surface in the coming days regarding the RasGas attack. The group which claims to be fed up “of crimes and atrocities taking place in various countries around the world, especially in the neighboring countries such as Syria, Bahrain, Yemen, Lebanon, Egypt and …” declared it has started its campaign by targeting Aramco as a result of what they claim is Al-Saud’s sponsorship of oppressive measures and sent a warning to other countries supporting “injustice and oppression”.
Regardless of the veracity of these claims, both attacks expose the fragility of the network and computer systems in some of the biggest and most influential companies in the region, which indicate that other companies and/or institutions might be equally, if not more, vulnerable. The attack might appear as the work of frustrated online activists (also known as hacktivists) with a political agenda. But hacktivists’ preferred mode of operation typically consists of distributed denial of service (DDoS) attacks, in which a website is bombarded with traffic until it goes offline, and very rarely use the more sophisticated malware attacks, which raises questions about who really is behind such attacks.
At a period when cyber attacks and counter attacks are rife in the region [link in French], this rather new mode of operation and its security repercussions should be addressed with more assertiveness. If, so far, attacks have been willingly limited to office work, sparing operational activities, it is only a matter of time before they become more harmful going as far as disrupting the company’s or institution’s work for days, maybe weeks, putting it, and the entire national economy at risk.