By Simeon Kerr in Dubai
23 October, 2012
Rising regional political tensions and a flurry of recent cyber attacks have raised fears about the growing use of viruses to target critical national infrastructure in the Middle East.
Recent attacks on oil infrastructure in Saudi Arabia and Qatar bear the hallmarks of so-called “hacktivists”, say information security researchers. About 30,000 computers at Saudi Aramco were disabled in August by a virus known as Shamoon, which also damaged systems at Qatari natural gas company RasGas.
“There are only two known Shamoon victims – but all I can say is this was not the first, nor will it be the last, time this virus will be used,” says Costa Raiu, director of global research and analysis at Kaspersky Labs, the Russian information technology security company.
US officials have hinted that Iran – reacting to what is believed to have been the US and Israeli-led Stuxnet attack on its nuclear facilities – may be behind the Shamoon virus, either acting on its own or in concert with cyber activists.
A group calling itself the Cutting Sword of Justice claimed responsibility for the Aramco attack, blaming the Saudi government for crimes in neighbouring states such as Syria and Bahrain.
Leon Pannetta, US defence secretary, has said the threat of co-ordinated cyber attacks against critical national infrastructure could unleash an attack akin to a “cyber Pearl Harbor”.
Security experts discovered the Stuxnet virus, used to disable systems at an Iranian nuclear facility and widely believed to have been created by the US and/or Israel, in 2010. Since then, five more variants of the virus have been discovered, including another sophisticated cyber-espionage virus last week.
Dubbed Mini-Flame, it has been used to snoop on a relatively small number of high-value targets, its geographical spread spanning Lebanon and the Gulf.
Kaspersky has warned that, with the rise of cyber weapons, knowledge of how to write computer viruses will expand exponentially. Industrial computer systems that control power plants and other pieces of critical national infrastructure are often old, making them vulnerable to attack.
Working with governments and authorities, Kaspersky is aiming to develop a new, industrial-scale operating system with security embedded in the hardware, rather than using security envelopes to protect the systems.
Gulf governments are becoming increasingly attuned to the issue of cyber security as the threats proliferate. The United Arab Emirates in September announced the creation of a new agency, the National E-Security Authority, to implement a national plan to ward off threats to online security.
Experts say sharing information is necessary to boost defences against cyber crime. Ideally, networks would instantaneously share information about new attacks with other systems, creating a more effective defence against these threats.
“There has been a belief that the less said about breaches, the less attackers will know – but that’s not the case,” says Michela Menting, senior analyst at ABI Research, a technology market research firm.
“Lots of sharing is needed, especially at the government level, even if it opens up the risk of where potential vulnerabilities lie.”
Bader al-Manthari, executive in information security for Oman, says the government is working to improve information flow across the sultanate’s public and private sectors. The six Arab countries of the Gulf Co-operation Council are also working together more closely to ward off cyber threats, he says.
Mr Manthari concedes that forging co-operation in the sensitive area of IT security is tricky, as most institutions are secretive about confidential information.
But he says: “There is much better co-operation now. As more engage, the value add will push co-operation to the next level.”