Cyberattacks on infrastructureCyberattack disrupts Iran’s oil production system

Published 26 April 2012

The Iranian oil industrywas subject to cyber attack this past weekend,but the Iranian government saysit has contained and controlled the damage from the malware; this is the fourth known cyber attack on Iran’s civilian and military infrastructure

The Iranian oil industrywas subject to cyber attack this past weekend,but the Iranian government saysit has contained and controlled the damage from the malware. It has yet provided no details of the virus, or how the system was infiltrated. Internet access at the targeted sites was disrupted during the attack.

The network systems at the Kharg Island depot, which handles up to 90 percent of Iran’s petroleum exports, were disconnected from the Internet, along with the systems at a number of unspecified facilities in other parts of the country, including the oil ministry’s Website.

A spokesman for the oil ministry, Alireza Nikzad, told the ministry’s news Website SHANA that despite initial reports in Iran, the virus had succeeded in deleting data from official servers. “To say that no data was harmed is not right. Only data related to some of the users have been compromised,” He said.

Core data on Iran’s oil production is safe, since it is stored offline. It is unknown whether backed up data from the compromised servers was affected. If the backup devices are connected to the network that was targeted, than data may have been stolen or compromised in some other way. If the backups are stored on a device not connected to the network, but taken periodically, then any new data acquired between the time of the last backup and the attack is lost.

Iran’s oil ministry has set up a “cyber crisis committee” to deal withthe attack. The country’s response was a test of procedures put into place following the 2010 Stuxnet attack on Iran’s nuclear program. That attack dealt a blow to the Iranian uranium enrichment program, destroying thousands of uranium enrichment centrifuges and disruptingthe nuclear program for months.

Little is known about the malware in this latest attack. It appears that this attack is not near the sophistication of the Stuxnet attack, making it more of a mystery as to the source and means of infiltration.

 Iran has a history of not sharing malware samples with the antivirus industry, according to Boldiszar Bencsath, an assistant professor at the Laboratory of Cryptography and Systems Security in Budapest. In addition tothe Stuxnet and subsequent Duqu attacks, Iran, on 25 April 2011, reported an attack by athird virus called Stars..

Bencseth finds that suspicious, saying “that we have just [arrived at] the first anniversary for the Stars virus or malware. And for this Stars malware we don’t know too much as well. Iran did not share samples with the [antivirus] industry. So no one knows what Stars was actually.”

According to Businessweek, this latest attack comes a week after Iran and the five permanent members of the UN Security Council – the United States, France, China, Russia, and the United Kingdom – plus Germany, ended a 15-month stalemate on discussions of Iran’s nuclear program.