back to article That Saudi oil and gas plant that got hacked. You'll never guess who could... OK, it's Russia

A malware infection at a Saudi petrochemical plant last year was likely the work of a Moscow-based research operation backed by the Russian government. Security shop FireEye says this week it is confident in labeling the Kremlin-backed Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM) as the source of …

  1. wolfetone Silver badge

    Even though it's been reported on this very site that software created by the NSA to make cyber attacks look like they originated from a specific country is available to all and sundry, we're still able to accept findings like this as gospel?

    Are we really, really sure about this? Given everything else that's going on. I know everything that's old is new again, but I'm not really a fan of the whole anti-Russia rhetoric version 2.0.

    1. Insert sadsack pun here

      Did you read the FireEye blog explaining how it reached its tentative conclusion before posting?

    2. Version 1.0 Silver badge

      I think you make a good point but realistically the same doubt sits on any conclusion for, or against, this. The real answer might be found by looking at who benefits from the hack but even then we could be wrong. The enemy of your enemy is your friend ... right up until the moment that they stab you in the back.

      1. Robert Helpmann??

        @Version 1.0, have an up-vote simply for replying to a post about Version 2.0. To adjust your comment a bit, "The enemy of my enemy is my enemy's enemy. No more. No less." Any day I can get a Schlock Mercenary reference in is a good day.

      2. Anonymous Coward
        Anonymous Coward

        The real answer might be found by looking at who benefits from the hack

        Or who benefits from this timely attribution of the hack, more likely. Given the idiotic behaviour of our Saudia Arabian "friends", it is rather convenient to finger the Russians for attacking Saudi infrastructure in order to persuade them that they should put up with some token sanctions on some mid level officials, and not race off into the orbit of Russia or China.

    3. phuzz Silver badge

      If someone has been framing Russia, it's not (just) the result of an automated tool. Someone had to leave a username in a file path which matches that of a Russian professor at an institution which specifically deals with large infrastructure, and with a documented social media history going back years.

      So either someone put in a lot of effort (when they could have just left it at some Cyrillic filenames and Russian timestamps on the files) for dubious motives, or it's genuine.

      It being genuine is the simpler of the two explanations, and lines up with potential motives.

    4. Anonymous Coward
      Anonymous Coward

      Oh, I suspect the Russians did it, or gave the Iranians the tools. Remember how the US and Israel did the same thing to destroy the Iranian centrifuges? There was bound to be eventual retaliation. Israel doesn't have an oil industry and its nuclear fuel and warhead plants are too well protected, so Saudi, their best mates in region, were an obvious second best.

      As the Israeli malware got out, as such things do, it could be a little lesson about sowing and reaping.

      1. Gareth Douglas

        Absolutely spot on with that comment. Stuxnet is the gift that keeps on giving

  2. This post has been deleted by its author

  3. sitta_europea Silver badge

    Well, my firewalls DROP all packets from Russia. And Iran. And Israel. And...

    1. The First Dave

      Only the ones that come direct...

  4. adnim

    Just as I plannned...

    "A malware infection at a Saudi petrochemical plant last year was likely the work of a Moscow-based research operation backed by the Russian government."

    Yours in all sincerity,

    Hacky McHackface

  5. Steve Aubrey

    Circular reasoning

    "So far, the Russian government has shown itself more than willing to engage in state-sponsored hacking operations, and has faced little in the way of repercussions on the global stage."

    But they feel really, really bad about it. Every single time it happens . . .

    1. Jay Lenovo
      Thumb Down

      Re: Circular reasoning

      It seems for many countries (not just Russia) hacking is like flatulence.

      Yeah sorry, I guess that really stinks. But we really couldn't help ourselves.

      1. Anonymous Coward
        Anonymous Coward

        He who smelt it dealt it

        >"It seems for many countries (not just Russia) hacking is like flatulence."

        So what you are saying is that FireEye did it?

    2. Yet Another Anonymous coward Silver badge

      Re: Circular reasoning

      At least they are honest enough to only attack their enemies

      We hacked our allies

  6. Nematode

    I recall working (in 1987) for a well known DCS manufacturer who used a semi-proprietary OS. We used to get sales questions from prospective customers asking how secure it was from virus attacks. We used to jokingly say that if anyone could hack in to the OS and get anything to run, we'd probably hire them as a developer, so arcane was the OS and so difficult to get it to actually do what WE wanted it to. Actually, I quite liked the OS as it was so simples

  7. Anonymous Coward
    Anonymous Coward

    FireEye providing “evidence” – at least they are trying a new marketing strategy. The whole schtick of “it's Russia wot done it” is to provide corporate security managers comfort that they can stand up to a hacking “superpower”.

    I just wonder why this company is always the one to make these announcements.

  8. Potemkine! Silver badge
    Black Helicopters

    Vlad the Impaler vs Mr Bone Saw

    It will be bloody

    1. Anonymous Coward
      Anonymous Coward

      Re: Vlad the Impaler vs Mr Bone Saw

      Minor point of order.

      In the "disassemble in a consulate and feed the stray dogs" case it is clearly ordered by Mr Bone Saw and there is at most 1-2 command chain links separation from Mr Bone Saw to the "rogue employees" executing the order.

      In this case we have a NII. Russian Scientific Institute. We, quite deliberately assisted in the attempt to terminate Russian science in the 1990-es. While Eastern Block Science got sustainer grants on multiple Eu programs to ensure it does not go rogue, in Russia they got f*** all. The result, however was not what we wanted. Instead of eliminating the enemy's ability to develop, the ones producing interesting stuff massively went onto the mob's payroll.

      Exhibit A: Key players in the 3 Whales affair (part of which is the Litvinenko case) was surprise, surprise high ranking staff in one of the NIIs working on advanced nuclear reactor designs (by the way, I will believe anything UK says about that case only when they explain why they did not ask for extradition when the Swiss arrested one of them on an Interpol red notice). Exhibit B: The first Novichok murder (the banker in the 90-es) was done using compound made for the mob by a lab in a NII (who were not paid their salaries for 6 months). Exhibit C: Where do you think spice comes from and what is the role of the mob paid Russian chemist in making semi and fully synthetic cannabinoids from an idea into reality in less than 20 years. Exhibit D, E, F ...

      So while it may be Vlad, it may as well be Mr Chelsea and Kensington dweller which banked a few 100M speculating on the oil futures market around Aramco troubles. Every time Aramco sneezes, Brent crude catches a cold. If you can reliably produce "issues" in Aramco to a known schedule you are as good as printing money.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like