New evidence implicates lone attacker in Saudi Aramco hack

The August attack on the network of oil giant Saudi Aramco has now been attributed to a lone perpetrator, contradicting suspicions that a larger organisation or nation state was behind the virus.

The breach affected tens of thousands of computers at the company but failed to disrupt oil production. Yet the breach of such a high-level entity – the Saudi government-owned group is the largest oil company in the world – has seen extensive investigations into the source of the virus continue over recent months.

The finger of blame had been pointed at Iran by some anonymous US officials, but Bloomberg last night reported that the malicious software originated from a USB stick belonging to an Aramco employee now suspected of launching the attack. According to cyber detectives, the stick was inserted into a computer on the internal company network, spreading the malware which went on to destroy 55,000 computers.

The virus’s code reportedly lacked the sophistication usually associated with the work of state-sponsored programmers, and though effective malware does not have to be extremely complex, an individual involved in the investigation told Bloomberg that the offending virus was strikingly amateurish.

The revelation provides a fresh twist to the aftermath of the attack, with Iran now potentially in the clear regarding its role in the incident. Many will be expecting a cyber-backlash from the Islamic Republic, having been the target of state-sponsored attacks from the US and Israel over recent years.

Security experts believe the proliferation of cyber warfare in the Middle East and beyond is running the risk of provoking nation states into creating separate, closed-off intranets to limit international communications over the web. Iran has already threatened such a move.