IT did not take long for Saudi Aramco to identify Romania as the country
from which a cyberattack was launched on its computer systems, disabling
its networks and crippling its internal communications systems.
Information, Communication and Technology (ICT) managers in the world’s
largest oil company will be both embarrassed and pleased by what has
happened.
The embarrassment clearly stems from the fact that their existing security systems were somehow or other breached by the Romanian attackers. The pleasure however arises because every such cyberattack, enables an organization to tighten its own security procedures, locking down the loopholes in its software systems that have been exploited by hackers.
There is, in truth, no such thing as an entirely secure ICT system and that is because of the middle letter in the acronym. If computers are supposed to “Communicate” with other designated computers, then that means that, regardless of the level of security, other “undesignated” computers somewhere in the world, could, if their operators tried hard enough and had sufficient money and resources, also find a way of talking to them. And once an attacker gets in to a system, he can start to wreak substantial havoc.
There has been much media focus on the “Anonymous” outfit, which is reality is a loose-knit group of computer hackers, that has adopted this very compelling brand, complete with the mask of Guy Fawkes, the man who tried to blow up the English Parliament with gunpowder, four hundred years ago. However in reality, the worst that these apparently idealistic individuals can do is mount “denial of service” attacks. These simply mean that a bunch of computers is programmed to contact the targeted servers in such quantity and with such regularity, that the attacked system seizes up and “falls over”. In hacking terms, it is a relatively simple exercise.
The real danger comes when a system is penetrated by malign code, a worm or a Trojan, which then proceeds, not only to take over important parts of the installation, but also sets about destroying its tracks, so that code analysts will need to look very hard indeed to spot that it is there. Once a system has been penetrated, the attacker’s code will either start to wreck whatever the computer is supposed to be controlling — for instance STUXNET caused Iranian centrifuges to malfunction in the nuclear enrichment program — or simply to spy on all the information that is passing through them.
Since computers run so much on daily life throughout the world, the impact of a cyberattack on say, a country’s power network or the international financial system, could have catastrophic consequences.
And there is a more sinister thought. STUXNET and FLAME are two of the known successful cyberattack penetrations. However, that fact that they were spotted and analyzed, means in fact that they were not in reality, truly successful. Analysts say that they were supposed to delete themselves when they had done their work, probably leaving a backdoor for them to return if necessary. But a careless coder it seems in the case of the data mining worm FLAME, left a trace which analysts were able to follow and so unravel much of what it had been doing.
But how many other pieces of malignant code are currently working away, undetected, in crucially important servers around the world? Indeed are countries such as China, the United States and Russia busily planting mine fields of malicious software in each other’s critical computer systems, expecting to wreck each other’s infrastructure at a time of international tension? Just as the latest jet fighters will be the last to have humans at the controls, so some experts believe that the next major war will be fought out in cyberspace.
For us here in the Kingdom, there must be genuine concern at the safety of our critical systems. No doubt the authorities have taken considerable trouble to instal the strongest safeguards against cyberattack. Nevertheless, as the experience of Saudi Aramco last month demonstrated, sometimes even the best security is not always good enough. The only safe computer server is one that sits entirely alone and is connected to absolutely nothing else. And such an system would be, to all intents and purposes, utterly useless in this modern day and age. As Saudi Arabia moves further toward e-government and institutions become even more dependent on reliable inter-connected server systems, the dangers will inevitably multiply. This is the risk and the reality of our inter-connected digital world.
http://arabnews.com/editorial-worm-byte
The embarrassment clearly stems from the fact that their existing security systems were somehow or other breached by the Romanian attackers. The pleasure however arises because every such cyberattack, enables an organization to tighten its own security procedures, locking down the loopholes in its software systems that have been exploited by hackers.
There is, in truth, no such thing as an entirely secure ICT system and that is because of the middle letter in the acronym. If computers are supposed to “Communicate” with other designated computers, then that means that, regardless of the level of security, other “undesignated” computers somewhere in the world, could, if their operators tried hard enough and had sufficient money and resources, also find a way of talking to them. And once an attacker gets in to a system, he can start to wreak substantial havoc.
There has been much media focus on the “Anonymous” outfit, which is reality is a loose-knit group of computer hackers, that has adopted this very compelling brand, complete with the mask of Guy Fawkes, the man who tried to blow up the English Parliament with gunpowder, four hundred years ago. However in reality, the worst that these apparently idealistic individuals can do is mount “denial of service” attacks. These simply mean that a bunch of computers is programmed to contact the targeted servers in such quantity and with such regularity, that the attacked system seizes up and “falls over”. In hacking terms, it is a relatively simple exercise.
The real danger comes when a system is penetrated by malign code, a worm or a Trojan, which then proceeds, not only to take over important parts of the installation, but also sets about destroying its tracks, so that code analysts will need to look very hard indeed to spot that it is there. Once a system has been penetrated, the attacker’s code will either start to wreck whatever the computer is supposed to be controlling — for instance STUXNET caused Iranian centrifuges to malfunction in the nuclear enrichment program — or simply to spy on all the information that is passing through them.
Since computers run so much on daily life throughout the world, the impact of a cyberattack on say, a country’s power network or the international financial system, could have catastrophic consequences.
And there is a more sinister thought. STUXNET and FLAME are two of the known successful cyberattack penetrations. However, that fact that they were spotted and analyzed, means in fact that they were not in reality, truly successful. Analysts say that they were supposed to delete themselves when they had done their work, probably leaving a backdoor for them to return if necessary. But a careless coder it seems in the case of the data mining worm FLAME, left a trace which analysts were able to follow and so unravel much of what it had been doing.
But how many other pieces of malignant code are currently working away, undetected, in crucially important servers around the world? Indeed are countries such as China, the United States and Russia busily planting mine fields of malicious software in each other’s critical computer systems, expecting to wreck each other’s infrastructure at a time of international tension? Just as the latest jet fighters will be the last to have humans at the controls, so some experts believe that the next major war will be fought out in cyberspace.
For us here in the Kingdom, there must be genuine concern at the safety of our critical systems. No doubt the authorities have taken considerable trouble to instal the strongest safeguards against cyberattack. Nevertheless, as the experience of Saudi Aramco last month demonstrated, sometimes even the best security is not always good enough. The only safe computer server is one that sits entirely alone and is connected to absolutely nothing else. And such an system would be, to all intents and purposes, utterly useless in this modern day and age. As Saudi Arabia moves further toward e-government and institutions become even more dependent on reliable inter-connected server systems, the dangers will inevitably multiply. This is the risk and the reality of our inter-connected digital world.
http://arabnews.com/editorial-worm-byte