Starting in mid November, someone, possibly Iran, wiped many computers at a number of Saudi government agencies, including the Saudi Civil Aviation Agency . A total of 6 agencies were attacked; 4 were compromised; 2 agencies repelled the attack.
The attack was made to look identical to an attack attributed to Iran in 2012 where tens of thousands of computers at the Saudi Aramco oil company were destroyed.
How “destroyed” is also unclear. In the case of the Aramco attack, the oil company chose to be ultra cautious and replaced the disk drives in those 35,000 computers, causing a spike on the global market for disk drives. We don’t know what they plan to do regarding this attack or how many computers were affected.
This is kind of similar to the attack on Sony, attributed to North Korea and the less successful attack 6 months before Sony on Sheldon Adelson’s Sands Hotel chain.
Since the Aramco attack is pretty public, someone wanting to cast a shadow of guilt on Iran (such as the CIA, KGB or Mossad) could have certainly planted the malware to stir up trouble. We just don’t know.
For the soon-to-be-president Trump, this could get messy. If he decides that it was Iran and that the U.S. needs to retaliate (big IF), then this escalates things. It is pretty clear that the Iranians and their allies could certainly attack U.S. infrastructure – whether it is the San Francisco Metro or Gorilla Glue, if all they want to do is cause mischief, there are certainly plenty of soft targets. If they want to get ugly, they could try for a critical infrastructure attack like the Russians did in Ukraine last year. That could really get ugly.
The Saudis have not released much information about the attack; likely more will leak out over time, but how much and when is unknown.
Was it the Iranians? Were they testing Trump? Who knows, but get some buttered popcorn and stay tuned for the show.
Information for this post came from Bloomberg.