Facing Cyberattack, Iranian Officials Disconnect Some Oil Terminals From Internet
http://www.nytimes.com/2012/04/24/world/middleeast/iranian-oil-sites-go-offline-amid-cyberattack.html
April 23, 2012
Facing Cyberattack, Iranian Officials Disconnect Some Oil Terminals From Internet
By THOMAS ERDBRINK [Iran] [confluence of Iran’s domestic politics and its foreign policy] [we have reason to believe some intense factionalism is ongoing in Iran] [followup] [fearing cyberattacks on oil processing plants Iranians disconnect from internet?] [hard to know for sure what they are reporting but someone appears to be launching attacks on oil terminals?] [it could be almost anything from gulf computer nerds to stuxnet-like attacks but we are hearing too little about them in West to know what to make of it?] [followup] [*]
TEHRAN — Iran disconnected several of its main Persian Gulf oil terminals from the Internet on Monday, local news media reported, as technicians were struggling to contain what they said were intensifying cyberattacks on the Oil Ministry and its affiliates.
Iranian officials said the virus attack, which began in earnest on Sunday afternoon, had not affected oil production or exports, because the industry is still primarily mechanical and does not rely on the Internet. Officials said they were disconnecting the oil terminals and possibly some other installations in an effort to combat the virus.
http://www.nytimes.com/2012/04/24/world/middleeast/iranian-oil-sites-go-offline-amid-cyberattack.html
April 23, 2012
Facing Cyberattack, Iranian Officials Disconnect Some Oil Terminals From Internet
By THOMAS ERDBRINK [Iran] [confluence of Iran’s domestic politics and its foreign policy] [we have reason to believe some intense factionalism is ongoing in Iran] [followup] [fearing cyberattacks on oil processing plants Iranians disconnect from internet?] [hard to know for sure what they are reporting but someone appears to be launching attacks on oil terminals?] [it could be almost anything from gulf computer nerds to stuxnet-like attacks but we are hearing too little about them in West to know what to make of it?] [followup] [*]
TEHRAN — Iran disconnected several of its main Persian Gulf oil terminals from the Internet on Monday, local news media reported, as technicians were struggling to contain what they said were intensifying cyberattacks on the Oil Ministry and its affiliates.
Iranian officials said the virus attack, which began in earnest on Sunday afternoon, had not affected oil production or exports, because the industry is still primarily mechanical and does not rely on the Internet. Officials said they were disconnecting the oil terminals and possibly some other installations in an effort to combat the virus.
“Fortunately our international oil selling division has not been affected,” said a high-level manager at the Oil Ministry who asked not to be mentioned for security reasons. “There is no panic, but this shows we have shortcomings in our security systems.” [*]
There were some reports that the virus had forced widespread Internet shutdowns. “The ministry has disconnected all oil facilities, operations and even oil rigs from the Internet to prevent this virus from spreading,” said another Oil Ministry official who asked to remain anonymous, because he was not authorized to speak publicly about the attack. [*]“Everybody at the ministry is working overtime to prevent this.” His assertion about the extent of the shutdowns could not be independently verified.
The Iranian Students’ News Agency said that the virus, called “wiper” by its creator, had successfully erased information on hard disks at the Oil Ministry’s headquarters, a hulking black glass skyscraper on Taleghani Street in central Tehran. The ministry appears to have been the initial target of the virus, which the Iranian authorities say they first noticed in March but apparently were unable to dismantle. [*]
The Web sites of several oil related institutions, like the National Iranian Oil Company, which handles most oil sales in the country, were down on Sunday and Monday. It was unclear whether the virus took the sites down or if they were switched off by the Oil Ministry. [*]
Two years ago, a computer worm called Stuxnet attacked Iranian nuclear facilities, knocking out an unknown number of centrifuges used for enriching uranium. While initially silent on the Stuxnet sabotage, President Mahmoud Ahmadinejad eventually acknowledged that “enemies” had been successful in “making problems” by installing computer malware in industrial switches used to control the centrifuges, making them spin out of control at high speed. [from what I know, the worm targeted Seimens controller boxes on machines] [Iran was heavily into Seimens controller boxes] [*] Iranian officials vowed at the time to erect better defenses against such attacks.
No one has claimed responsibility for Stuxnet, but Israeli officials openly expressed glee over the attack. The United States has denied any involvement. [*]
Iran is among the world’s largest oil producers, and any disruption in supply would rattle the markets, almost certainly sending prices soaring. Just one of the six oil terminals now disconnected from the Internet, on Kharg Island in the Persian Gulf, typically transfers about 80 percent of Iran’s crude exports of 2.2 million barrels a day. [one reason I find it hard to believe the U.S. or even Israel launched it] [stuxnet targeted high-speed centrifuges] [*]
While officials here emphasize that both production and sales of oil are continuing as normal, the semiofficial Mehr News Agency said that the attack was intensifying and that access to the internal communications systems of most prominent oil and gas companies had been intentionally cut. A special crisis center has been set up where experts from across the country are assisting in the fight against the virus, it quoted one such specialist working for the Oil Ministry as saying.
The source of the cyberattack was still being investigated, an internal security official said. “For now, nullifying these attacks is on our agenda,” Hamdollah Mohammad Nejad, the head of the Oil Ministry’s Passive Defense Office, told the Mehr News Agency.
But many here were quick to blame Iran’s leading antagonists, the United States and Israel, at a time of growing pressure on Iran over its nuclear program, which Tehran insists is peaceful but which Western powers say is a cover for developing weapons. [really doesn’t make much sense as reported] [I understand why Iranians think so but I can’t see why the West would launch said attacks?] [*]
“This attack was very limited and only made some interruptions for some hours in the administrative part of the oil ministry,” said Hamidreza Taraghi, a political analyst and spokesman for the Islamic Coalition Party, close to Ayatollah Ali Khamenei, the nation’s supreme leader. “This is again an attempt to wage soft war by the West, and does not have any impact on our operations.”
Other affected organizations include the National Iranian Oil Processing and Distribution Company, National Iranian Gas Company, Iranian Offshore Oil Company, Pars Oil and Gas, and many other companies functioning under the National Iranian Oil Company, which handles most oil sales in the country, Mehr reported.
For Mohammad Reza Sabzalipour, president of the Tehran World Trade Center, the message of the virus attack was clear. “The aim is to increase pressure so that Iran will compromise in the upcoming nuclear talks on May 23,” he said. “We are in a bloodless war. If the talks fail, Iran can expect much more of this.”
Ramtin Rastin contributed reporting.