Warning – a new wave of Cyber attacks aimed against the U.S.
This post is also available in: 
עברית (Hebrew)
A new wave of cyber attacks is striking American corporations. Officials say the attackers aim is not espionage but sabotage, and the source seems to be the Middle East.
The targets have primarily been energy companies, and the attacks appeared to be probes looking for ways to seize control of processing systems. Two senior US administration officials said they were not certain from where the attacks were coming or whether they were state-sponsored or the work of hackers or criminals.
The likely targets in the US, including mobile phone networks and electric utility grids, are in private rather than government hands.
“We are concerned by these intrusions, and we are trying to make sure they don’t lead to something much bigger, as they did in the Saudi case,” said one senior American official. He was referring to the attack last year that affected 30,000 computers at Saudi Aramco, one of the world’s largest oil producers. After lengthy investigations, American officials concluded that Iran had been behind the Saudi Aramco attack.
Another official said that in the new wave of attacks, “most everything we have seen is coming from the Middle East,” but he did not say whether Iran, or another country, appeared to be the source.
According to the New York Times the disclosure of the attacks was unusual because most attacks against American companies — especially those coming from China — have been attempting to obtain confidential information, steal trade secrets and gain competitive advantage. By contrast, the new attacks seek to destroy data or to manipulate industrial machinery and take over or shut down the networks that deliver energy or run industrial processes.
That kind of attack is much more like the Stuxnet worm that the US and Israel secretly used against Iran’s nuclear enrichment plants several years ago to slow Iran’s progress toward a nuclear weapons capability. When that covert program began, President Barack Obama, among other officials, expressed worry that its eventual discovery could prompt retaliatory attacks.
Two senior officials who have been briefed on the new intrusions say they are aimed largely at the administrative systems of about 10 major American energy firms, which they would not name. It is similar to what happened to Saudi Aramco, where a computer virus wiped data from office computers, but never succeeded in making the leap to the industrial control systems that run oil production.
According to one US official, Homeland Security officials decided to release the warning of the attacks once they saw how deeply intruders had penetrated corporate systems, including one that deals with chemical processes. In the past, the government occasionally approached individual companies it believed were under threat. Last week’s warning “is an effort to make sure that the volume and timeliness of the information improve,” in line with a new executive order signed by the president, one senior official said.
The warning was issued by an agency called ICS-Cert, which monitors attacks on computer systems that run industrial processes. It said the government was “highly concerned about the hostility against critical infrastructure organizations,” and included a link to a previous warning about Shamoon, the virus used in the Saudi Aramco attack last year. It also hinted that federal investigations were under way, referring to indications “that adversary intent extends beyond intellectual property to include use of cyber to disrupt business and control systems.”
