Chevron
says computer network was infected by anti-Iranian virus Stuxnet
Chevron found the virus in its
systems after the malware's existence was first reported in a blog post in July
2010, according to Mark Koelmel, general manager of the earth-sciences
department at the big US oil company. The US government has never officially
acknowledged the Stuxnet program.
Stuxnet, a sophisticated computer
virus that former US officials say was created by the US and Israel to spy on
and attack Iran's nuclear-enrichment facilities, also infected Chevron Corp.'s
network in 2010, shortly after it escaped from its intended target.
Chevron found the virus in its
systems after the malware's existence was first reported in a blog post in July
2010, according to Mark Koelmel, general manager of the earth-sciences
department at the big US oil company.
The US government has never officially acknowledged the Stuxnet program.
The US government has never officially acknowledged the Stuxnet program.
"I
don't think the US government even realized how far [the virus] had
spread," said Mr. Koelmel, who oversees earth-science research and
development at Chevron and is familiar with how information technology is used
at the company.
"I think the downside of what
they did is going to be far worse than what they actually accomplished,"
he said.
Chevron, which is based in San
Ramon, Calif., wasn't hurt by Stuxnet, said Chevron spokesman Morgan Crinklaw.
"We make every effort to protect our data systems from those types of
threats," he said.
Chevron's experience with Stuxnet
appears to be the result of the malware's unintentional release into
cyberspace, much like an experimental virus escaping from a medical lab.
But many companies also are being
specifically targeted by viruses, sometimes by less-sophisticated groups or
individuals attempting to retaliate against perceived cyberaggression by the
US. Although they have fewer resources behind them, those guerrilla campaigns
are nonetheless capable of doing real, physical damage to the targeted
facilities.
Chevron is the first US company to
acknowledge that its systems were infected by Stuxnet. But most security
experts suspect that the vast majority of hacking incidents go unreported for
reasons of security, or to avoid embarrassment.
The devices targeted by Stuxnet,
called programmable logic controllers are used to automate factory equipment.
PLCs are made by huge companies, including Siemens of Germany, whose devices
were in use at the Iranian facility.
Millions of the devices have been
sold world-wide, exposing the industrial companies that depend on them to the
risk of being infected.
US officials, meanwhile, blame
Iranian hackers with government ties for the so-called Shamoon virus that
destroyed data on 30,000 computers belonging to Saudi Aramco in August. Defense
officials said a Qatari natural-gas company called Rasgas was attacked in
August.
The incidents show how cyberattacks have escalated in speed and scale during the past few months.
The incidents show how cyberattacks have escalated in speed and scale during the past few months.
"All told, the Shamoon virus
was probably the most destructive attack that the private sector has seen to
date," US Secretary of Defense Leon Panetta said in an Oct. 11 speech at a
Business Executives for National Security dinner.
Aramco said it quickly recovered
from the August attack, but expects more such threats in the future. Rasgas
said the August attack had no impact on its operations.
"The real worry that a lot of
us have been talking about for a year or so is that instead of just stealing
information, [hackers are] gaining control of target systems so that they can
cause" physical damage, said Ed Skoudis, who teaches cybersecurity classes
at the SANS Institute, a private organization that trains cybersecurity experts
and conducts information-security research.
Employees who have a deep
understanding of cybersecurity and their company's systems are the only defense
against viruses like Stuxnet, which often target vulnerabilities that
securities researchers haven't yet identified or software vendors haven't
patched, said Alan Paller, who founded SANS.
He said those employees need to understand malware and techniques for fighting them, such as deep-packet inspection, which involves a very detailed examination of traffic on a computer network.
He said those employees need to understand malware and techniques for fighting them, such as deep-packet inspection, which involves a very detailed examination of traffic on a computer network.
They must also have a deep knowledge
of what network traffic should look like.
"There are probably only 18 to
20 people in the [US] who have those fundamental skills," he said.
Unleashing potent cyberweapons
involves the risk of blowback. "Somebody could recover malware assets,
tweak them and use them" against their creators, according to Skoudis. He
said portions of the Stuxnet code already have been used to commit financial
cybercrimes, such as stealing credit-card data and bank-account information.
The US government's purported link
to Stuxnet makes American companies an even bigger target, said Mr. Paller.
Hackers last summer went from stealing information to using cyberattacks to
cause destruction, he said.
Stuxnet "opened Pandora's box," he added. "Whatever restraint might have been holding damaging attacks back is gone."
Stuxnet "opened Pandora's box," he added. "Whatever restraint might have been holding damaging attacks back is gone."
In the end, companies are left to
clean up the mess associated with viruses such as Stuxnet.
"We're finding it in our
systems, and so are other companies," said Chevron's Mr. Koelmel. "So
now we have to deal with this."
By RACHAEL KING
http://www.hydrocarbonprocessing.com/Article/3116037/Latest-News/Chevron-says-computer-network-was-infected-by-anti-Iranian-virus-Stuxnet.html
No comments:
Post a Comment