On Aug. 15, more than 55,000 Saudi Aramco employees stayed home from work to prepare for one of Islam's holiest nights of the year - Lailat al Qadr, or the Night of Power - celebrating the revelation of the Koran to Muhammad.
That morning at 11:08, Nicole Perlroth reports in The New York Times, a person with privileged access to the Saudi state-owned oil company's computers unleashed a virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company. The virus erased data on three-quarters of Aramco's corporate PCs - documents, spreadsheets, e-mail, files - replacing all of it with an image of a burning American flag.
United States intelligence officials say the attack's real perpetrator was Iran, although they offered no specific evidence to support that claim. But Defense Secretary Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as âa significant escalation of the cyber threat.â In the Aramco case, hackers who called themselves the âCutting Sword of Justiceâ and claimed to be activists upset about Saudi policies in the Middle East took responsibility.
But their online message and the burning flag were probably red herrings, say independent computer researchers who have examined the code of the virus.
After analyzing the software code from the Aramco attack, security experts say the event involved a company insider, or insiders, with privileged access to Aramco's network. The virus could have been carried on a USB memory stick that was inserted into a PC.
Aramco's attackers posted blocks of I.P. addresses of thousands of Aramco PCs online as proof of the attack. Researchers say only an Aramco employee or contractor with access to the company's internal network would have been able to grab that list from a disconnected computer inside Aramco's network.
Neither researchers nor o fficials have disclosed the names of the attackers involved. Saudi Aramco said in a statement that it was inappropriate to comment during an investigation, adding that the company had a policy of not commenting on rumor or speculation.