The inside story of the biggest hack in history
LAS VEGAS — Three years ago, the world witnessed the worst hack ever seen.
And for the first time, we’re now learning new details about the monstrous cyberattack on Saudi Aramco, one of the world’s largest oil companies.
In a matter of hours, 35,000 computers were partially wiped or totally destroyed. Without a way to pay them, gasoline tank trucks seeking refills had to be turned away. Saudi Aramco’s ability to supply 10% of the world’s oil was suddenly at risk.
And one of the most valuable companies on Earth was propelled back into 1970s technology, using typewriters and faxes.
When it comes to sheer cost, the recent cyberattacks on Sony Pictures and the American government pale in comparison.
The average person has never heard about Saudi Aramco — or this hack. But we all felt its mysterious reverberations.
Until now, little of this was publicly known. But Chris Kubecka, a former security advisor to Saudi Aramco after the hack, spoke to CNNMoney about her experience. She told the tale ahead of her presentation about it Thursday at the Black Hat hacking conference in Las Vegas.
CNNMoney asked Saudi Aramco to confirm Kubecka’s account, but the firm did not respond to a request for comment.
Somebody was duped
It started sometime in mid-2012, Kubecka recalled. One of the computer technicians on Saudi Aramco’s information technology team opened a scam email and clicked on a bad link. The hackers were in.
The actual attack began during the Islamic holy month of Ramadan, when most Saudi Aramco employees were on holiday. On the morning of Wednesday, Aug. 15, 2012, the few employees noticed their computers were acting weird. Screens started flickering. Files began to disappear. Some computers just shut down without explanation.
That morning, a group calling itself “Cutting Sword of Justice” claimed responsibility, citing Aramco’s support of the Al Saud royal family’s authoritarian regime.
“This is a warning to the tyrants of this country and other countries that support such criminal disasters with injustice and oppression,” the group said.
The company goes offline
In a frantic rush, Saudi Aramco’s computer technicians ripped cables out of the backs of computer servers at data centers all over the world. Every office was physically unplugged from the Internet to prevent the virus from spreading further.
Oil production remained steady at 9.5 million barrels per day, according to company records viewed by CNNMoney. Drilling, pumping — all of that was automated, Kubecka explained. But the rest of the business was in turmoil.
Managing supplies, shipping, contracts with governments and business partners — all of that was forced to happen on paper.
Without Internet at the office, corporate email was gone. Office phones were dead. Employees wrote reports on typewriters. Contracts were passed around with interoffice mail. Lengthy, lucrative deals needing signatures were faxed one page at a time.
The company temporarily stopped selling oil to domestic gas tank trucks. After 17 days, the corporation relented and started giving oil away for free to keep it flowing within Saudi Arabia.
Kubecka, living in the Netherlands, was hired as an independent consultant to help secure all of Saudi Aramco’s satellite offices in Africa, Europe and the Middle East.
“It was a massive army of IT people. I’ve never seen anything like that in my life,” Kubecka said.
The corporate giant also flexed its muscle. It flew representatives directly to computer factory floors in Southeast Asia to purchase every computer hard drive currently on the manufacturing line. In one fell swoop, it bought 50,000 hard drives. Kubecka said the company paid higher prices to cut in line ahead of every computer company in the world — temporarily halting hard drive supplies to everyone else. World supplies of hard drives — already backed up because of flooding in Thailand — became even more constrained.
“Everyone who bought a computer or hard drive from September 2012 to January 2013 had to pay a slightly higher price for their hard drive,” Kubecka said.
Five months later, with a newly secured computer network and an expanded cybersecurity team, Saudi Aramco brought its system back online. An attack of that size would have easily bankrupted a smaller corporation, Kubecka said.
The hackers were never identified or caught — at least not that we know of.