Connecting the Dots After Cyberattack on Saudi Aramco
New York Times | Nicole Perlroth | 8.27.12
The attack was the first significant use of malware by so-called hacktivists — hackers who attack for political reasons rather than for profit. Hacktivist groups like LulzSec and Anonymous typically recruit volunteers to flood a Web site with traffic until it goes offline. In this case, hackers used a malicious virus that was intended to inflict more harm.
Security researchers at Symantec, the computer security firm, said that hours after the attack, they received a sample of the virus they believe was responsible. The virus, named Shamoon after a word in its code, was designed to overwrite critical files with an image of a burning American flag. The researchers discovered instructions in Shamoon’s code, what is known as a “kill timer,” to attack at 4:08 a.m. on Aug. 15 — the same time hackers said they had destroyed Saudi Aramco’s computers.