Anyone know anything about the Sunday hack on Kharg Island

Discussion in 'Anonymous Iran Archive' started by Anonymous, Apr 26, 2012.

  1. Anonymous Member

    Sunday, there was a sustained attack on the main servers used for Iranian National Oil Co. No real damage was done, some data was wiped, but redundant backups stored offline quickly restored the erased data from the primary servers.

    Spillover included a worm or virus found on the control systems used on Kharg Island, which was subsequently totally cut off from the internet for 3 days. Production was not affected. The crude oil tank farms are primarily gravity feed, and can be operated manually, independent of LAN, WAN or internet.

    I have a specific interest in finding more info about the virus found in the control system on Kharg, since I have involvement in this system, and actually predicted this type of scenario attack a couple months ago.

    Due to tech embargo, I cannot get direct access to Kharg Island control room at the moment.

    Does anyone have any information about the virus that was found in the control system on Kharg Island? I don't care about the rest of the hack or attack. If this was a Stuxnet type attack on DCS or SCADA, I really want to know.

    Yes, I'm posting anonymously. Mods can contact me (I'm a fairly reputable oldfag) if anyone has any specific info they don't want to post here.
    • Like Like x 1
  2. PresidentShaw Member

    lol @ fairly reputable oldfag
  3. Anonymous Member

    PM sent, you hoser
  4. Anonymous Member

    reckon it would be from the same source as Stuxnet...
  5. Anonymous Member

    Thanks, but I've done my homework over the last couple days. The hack appears to have attempted to send a message to Iran to cooperate with upcoming nuke talks.

    Virus is totally different from Stuxnet. That bug was designed to infiltrate massive amounts of Siemens control networks, and would only activate after specific acknowledgement that it had successfully infiltrated the Iranian control SCADA / DCS used to control enrichment. Other infiltraltions were passive, and caused zero damge, and even had expiry dates.

    The hack on Kharg Island which started on Sunday, and lasted for a couple days, was a virus designed to wipe data fron Iranian Oil Co. / ministry servers, more to cause inconvenience to massive amounts of Iranian citizens, since part of the intended target gas petrol ration card info.

    Totally not the same thrust as Stuxnet.

    Hey US and Israel IT intellegince, you listening up yet? It seems neither of your agencies was involved, but I'm sure you both are interested.

    Anyway, my sole interest is what malware ended up being deposited on SCADA or DCS systems on Kharg Island, since it appears this was simply a random side effect of the main target of IOOC servers in Tehran.

    I predicted something like this happenining less than 2 months ago, to IT security in another country. Soooooooo, I'm trying to very hard to find out WHAT THE FUCK VIRUS GOT PUT ON THE CONTROL SYSTEMS IN KHARG ISLAND? I'm not just some random bystander. I predicted this would happen.

    Thanks for any input. Please contact a mod if you don't want to post info publicly.
  6. Anonymous Member

    Tomorrow I will most likely be asked by global IT, why, if I was able to predict this type of attack, I was unable to prevent this attack.

    Fuck, I moved to another country a few months ago to work for another company. I learned their systems, and very quickly pointed out this type of vulnerabilty. Was told it was it was unlikely it could happen.

    Then this shit happens.

    If I can't justify my position shortly, I will be fired, and forced to leave the country, totally fucked.

    Yeah, no need to rub in the "sucks to be you" crap. No one else saw this attack coming. I did. I will be let go next month if I can't justify my "premonition".

    y'all please HELP an oldfag useless faggot.
  7. Anonymous Member


    I've had enough troubles lately IRL, this is one of the few times in my life I'm actually asking for help.

    So, I'm actually asking for help, from persons who might know WTF hapenned earlier this week.

    Any assistance is most appreciated. I'm running out of energy to figure this out.
  8. Anonymous Member

    I don't know anything about this, but here's some useless generic advice anyway.

    Sounds like your bosses are looking for a scapegoat to blame so that it's not them who are fired, since they were the ones who ignored your warning and are therefore responsible.

    Collect what evidence you can and go over their heads. It probably won't work but it might be your best shot at protecting your job and laying the blame where it belongs.

    Also, how do they expect you to fix the problem if they can't give you access to the computers that were attacked? or at the very least access to the virus? That would make a lot more sense than having you go on the internet and ask random strangers if anyone who has inside information about the virus will help you.

    Sorry about your job. I hope you find a better one soon.

    Nice to hear from an old time ball buster tribble if that's what you are.
  9. Anonymous Member

    You made me giggle, thanks.

    Yes, I'm indeed an actual Old Time Ballbuster Trible (nope, not mis-representing myself to to oldfags).

    Not going to go into details.

    I truly appreciate your advice, but it is mostly off the mark. Interesting vector conjectures though, I'm impressed at your thought processes. (My IQ is 145, give or take. I appreciate intelligent conjecture.)

    I'm still looking for info about the specific worm or virus that was deposited on the control systems at Kharg Island.
  10. Anonymous Member

    Give or take the OCA enough times, and even I could get a hi score.

    I was going to say,
    if you were the oldfag you're claiming to be, you would have known the probability that WWP users would have specific knowledge of hax, extrapolating from the number of haxors and the quantity of steroids consumed, combined with the likelihood of iranfags trusting you enough to divulge such if they knew it.

    but then you go and post your hiscore, and I remember which oldfag you were and it makes more sense.

    hello thar
    sadly, you already know the answer.

  11. Anonymous Member

    Ima Dick is one of my socks. I've had too many beers.

    Oldfags can very easily figure out who I am - that's not really the point. Although posting specific hiscore was another way of confirming to oldfags that I am who I claim to be - its been posted before. Its a confirmation, not a brag.

    I'm trying to figure out the specifics of the malware infected on the control systems on Kharg Island.

    IOOC has totally clammed up on this, now claiming zero damage to systems.

    So, I'm guessing the source(s) behind the attack might be a bit miffed about this diss, and possibly wiiling to share specs of intended payload.

    Yes, longshot, you don't need to say so, already understood.
  12. iraniam Member

    Mystery Surrounds 'Cyberattack' On Iranian Oil Facilities
    • Like Like x 2
  13. Anonymous Member

    • Like Like x 2
  14. hushpuppy Member

    Yes, thanks iraniam. Anyone else capable of helping a WWP old-timer?
    • Like Like x 2
  15. Anonymous Member

    Hey, Dude. The politics of that island are very significant. If Wikipedia is to be believed, 98% of Iranian oil gets shipped out of that Island Port.

    If this is true, I can fully understand its status as a target of mischief and mayhem.

    It also means there are underwater pipes from the mainland connecting. Difficult to keep from imagining Mossad and/or Navy Seals down there in the water, somewhere near those pipes.

    Perhaps to consider, in terms of getting yourself off the blow-back hook from the whistle-blowing, the political ramifications of the Island Oil Port. I think almost anyone that gave the situation a thoughtful analysis would be inclined to report that a serious vulnerability exists there. Open to IT attack, as well as old-school blow-shit-up attack.

    I do hope that all this blows over for you.
    • Like Like x 2
  16. Bump for more eyes.

    I remember you. Good luck.
    • Like Like x 3
  17. Anonymous Member

    Bumpity bump...
  18. Anonymous Member

    Bump again.
  19. Anonymous Member

    Which means that there were very expensive corporate contracts behind that rather than the usual hacker suspects.

    It would have to have been written by someone with long-term experience in programming Siemens control systems of that type.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins