DUBAI, United Arab Emirates — Security technicians are beginning to suspect that highly targeted virus attacks were behind the recent crippling of computer systems at two major Gulf energy companies, even as questions swirl about the source of the strikes.
The computer disruptions at state oil giant Saudi Aramco and Qatari natural gas producer RasGas do not appear to have affected oil and gas production. Yet they highlight another risk to the security of energy supplies in the Persian Gulf region.
Neither company has said how much data may have been lost, but the scope of the attacks appears extensive. Aramco blocked all its electronic systems from outside access for several days to deal with the problem, which it says affected about 30,000 workstations last month. RasGas technicians were still working to fix that company’s systems more than a week after being hit.
Although pinpointing culprits in the shadowy world of Internet crime is tricky, some experts believe that Iran — itself the victim of multiple computer attacks — may have played a role. Others aren’t so sure, saying there isn’t enough evidence. That may be partly by design, as the virus thought to be involved in at least one of the attacks covers its tracks by erasing data on computer hard drives.
The attacks may not be over. Security and data storage company Symantec said this week that it is investigating reports of additional infections involving the virus at the center of what security experts refer to as the Shamoon attacks. It’s widely believed to be responsible for the Aramco disruption, and several security experts suspect it in the Qatar attack.
The virus can spread through networked computers and ultimately wipes out files by overwriting them — sometimes leaving behind an image of a burning American flag.
Aviv Raff, the chief technology officer of Israeli computer security firm Seculert, said other companies outside the energy industry have also been affected.