June 26, 2018 Studying Tips
One can never be absolutely secure in the modern society since new technologies have brought new dangers into society. Giant business corporations used to fear terrorists and robbers, but there is no need to be even present psychically to rob a company anymore. Thanks to the information technologies, huge companies which spend millions of dollars on security, can be robbed or hacked that can lead to many negative consequences. Nowadays, cybercrimes happen more and more often, Furthermore, there are many different reasons behind such actions. It is not always about the money, for instance, hacking company's database can give hackers a lot of valuable information they can use. For this reason, it is very important to understand hackers' culture and their motives. Another important issue is the fact that companies need to protect their information just like people secure their private data. Thus, it is crucial to research the methods of how to prevent hacking attacks. One more issue which is also very important is how cybercrimes are regulated on the official level.
Obviously, governments should be involved while dealing with cybercrimes. Therefore, it is very important to implement certain laws which can be used while investigating and solving cybercrimes as well as punishing for them. Another important topic which should be considered is the political aspect of cybercrimes; similarly, the financial side of the matter should be also evaluated. For example, how a certain cybercrime affects the economic side of a corporation, and how this impacts the whole situation in a certain economic area.
The cybercrime took place one year ago, but it is still widely discussed in the media and in different types of social networks. It is a good example of how a big corporation can be easily hacked, and also an example of a way company can protect itself. This is why this research can be viewed not only as an examination of one company's occurrence but be generalized to evaluate the situation with other companies as well.
For this reason, this paper is based on a certain example which can be used as a general indicator in the situation with cybercrimes.
It can also be used as a research about hackers' culture because in order to stop them it is needful to understand they way they think and the motives behind their actions.
Overview of the Saudi Aramco Company and the Cybercrime
As it was mentioned before, Saudi Aramco is the world's largest oil and gas company; it is also the most valuable with the overall value of up to US$10 trillion (Titman, 2010). Although the value of the company is often discussed because many experts do not believe it to be so high, it still has huge financial possessions. Nevertheless, it is the biggest national company in Saudi Arabia which produces the biggest amount of oil in the world every day. Therefore, the company cannot be taken lightly because it is one of the major players in international business relations.
It is important to emphasize on the fact that this company is government-owned which can be quite important while analyzing the cybercrime it went through.
On 15 August 2012, the network system of the company was attacked by hackers. It has led the managers of the company "to isolate its production systems from infected PC workstations inside the company" (Arthur, 2012). This attack affected thirty thousands of computers although luckily for the company no valuable information was stolen. The company explained the situation on its Facebook page by stating that there was the certain disruption in company's computers' system, but this disruption did not affect "the primary components of the network" (Aramco Page, 2012). According to the information found on this page, immediately after the incident "Saudi Aramco confirmed the integrity of its entire electronic network that manages its core business, and that the interruption has had no impact whatsoever on any of the company's production operations" (Aramco Page, 2012). It means that hackers did not actually damage the company's financial side; moreover, they also did not steal any important information which could be used to threaten company or to be sold to its competitors. Obviously, the company could simply not state whether the information was stolen to protect itself, but there can never be any proof to it.
Further, the company took immediate steps to protect its electronic system describing this process with the words "The company employs a series of precautionary procedures and multiple redundant systems within its advanced and complex system that are used to protect its operational and database systems" (Aramco Page, 2012). As it can be seen, the cybercrime did not ruin Saudi Aramco and did not do any serious damage thus it can be said that the company got off lightly.
The Motives behind the Crime
The crime which occurred in Saudi Aramco was done with a new type of virus. This virus is called Shamoon. It can make networked computers unusable; moreover, it can also delete certain files. This virus can affect computers in the network which may not be Internet-connected. It can steal certain files and replace them with some images. Moreover, this virus can also be easily deleted in such a way that people may not even see that it was used on their computers.
The investigation on who was behind the attacks did not take long since the hackers exposed themselves. A group called "Cutting Sword of justice" stated that it was responsible for the attack although no evidence was given to prove it. The group stated they were targeting "administrable structures and substructures of Aramco, and also the Stock Exchange of Saudi Arabia" (Arthur, 2012).
This group also stated that it did not go after company's finances, but it was simply making a statement with such actions. It accused Saudi Aramco and the entire Saudi Arabian government in crimes in other countries. Additionally, they stated that Saudi Arabia did many negative things towards such countries as Syria and Bahrain. For example, Saudi Arabian government sent troops to Bahrain previously. For this reason, hackers used their attack to threaten the company and the government and tried to prevent further actions concerning these countries.
Analyzing this cybercrime allows understanding a little bit more about hackers behind it. First of all, since the group claimed that it did it, then it must be true because no one else took responsibility for the crime. It is obvious that people in the group are fanatics who have no fear and no respect for the laws. These people are devoted to certain ideas, and they are willing to do anything. Thus, dealing with such people is very dangerous. It is much easier to deal with hackers who are led by mercantile reasons. For example, it is easier to understand the hacker who simply wants to steal money from a certain bank account. He or she may also steal valuable information in order to sell it for the highest price. For this reason, it is not that difficult to understand people behind such actions because their psychology is similar to ordinary robbers.
On the other hand, hackers who attacked Saudi Aramco do not fall into this category. They are ideological criminals, and that means there is certain belief system behind their actions. They are cyber terrorists which make it harder to deal with them. Luckily, the damage done to the company was not big; this is why it is hard to speak about a serious threat. Nevertheless, companies need to use this crime as a warning to protect their information.
Hackers could be using some employees which work in the company. Moreover, it is possible that the hackers were actually within the company working for it meaning it is an inside job. By examining the motives and the actions done by hackers, it is very unlikely that the crime was done by rivaling companies. It was an ideological crime in the first place. Therefore, the hackers would probably go after any kind of information which could show the company in the negative light. For example, they would seek some information related to finances which could have some inaccuracies. Hackers could be searching for corruption proof which could be used against the government. On the other hand, the crime itself was enough for the hackers since they simply wanted to threaten the government and the firm.
Thus, the hackers want any kind of information they could use for their purposes, not so much money. They would get it if the virus was successful; however, luckily for the company, it was not. Thanks to the virus, hackers could get access to important data which was stored in thousands of computers.
As it was mentioned before, it was not hard to identify the attackers since they named themselves. Actually, another problem is to catch and punish them. The attack of Saudi Aramco gave it the knowledge of what type of people is interested in hacking its system. This is why now Aramco managers know how to identify potential attackers. The list includes different organizations related to the political sphere which use cybercrime as a way to threaten governments in order to achieve certain ideological purposes.
The Ways to Protect a Company and to Prevent Further Cybercrimes
Saudi Aramco took immediate actions right after the attack; thus, it could save its network system and did not give any information to the criminals. After that, Saudi Aramco took few steps in order to secure itself more.
First, there were certain changes done to company's cybersecurity system. The first step taken by the company was the implementation of an emergency plan which prevented access to the electronic network from abroad as a precautionary measure. The company also cleaned all computers of its staff from the virus in a record time (Wahab, 2012).
Then, the company installed special cyber operations center, its main aim is searching and preventing cybercrimes and terrorism.
Other changes were applied while dealing with employees. It was possible that the attack was an inside job; for this reason, employees were checked by the managers whether they could be connected to the crime. Although the hackers were located in few different countries, they still could use the help of some workers. The insider's issue was largely discussed in the U.S. since American government insisted it was Iran's actions (Perlroth, 2012).
On the other hand, there can never be enough security. Definitely, the company should check its employees in order to protect its data. Another effective way to prevent further attacks is to use government regulations. The government should be the first one to react to such actions and stop them.
Companies should unite while dealing with cybercrime because this threat can be used against any firm. Another way is not to compromise with the cyber terrorists.
Cybercrime is a dangerous threat which affects many companies nowadays. It can be said that hacking became popular because people often do not even consider it as a crime. They find it as something fun and intriguing, and they often consider it as a game. In this game, the participant must prove whether he or she is smarter than the entire company. Whenever hacker can achieve this result, he or she feels very pleased with oneself. This is why hacking is very dangerous because of its effects of people's psychology.
The biggest threat includes organized groups of hackers. These people use cybercrimes in order to achieve bigger results than just proving something to oneself. For example, they often go for big companies in order to steal huge sums of money or valuable information. The most dangerous thing is cyber terrorism which can be seen as an example in Saudi Aramco case. The company was attacked by people who did it because of their beliefs.
Saudi Aramco case shows how the company can effectively protect itself from harm and secure its data from further cybercrimes. It is something that managers of all of the companies need to keep in mind in order not to be damaged by the cyber terrorists. Companies need to understand that dealing with cybercrimes is a difficult process because it requires a lot of knowledge, and the hardest part is that sometimes there is absolutely no information about hackers the company is dealing with. For this reason, protecting company from cybercrimes is a top priority which should not be taken lightly. The more attention managers pay to this topic, the better consequences would be. Thus, the company would secure its image, position and finances; and it would not let hackers manipulate it.
- Aramco FB Page.
- Arthur, C. (2012, August 16). Saudi Aramco hit by computer virus. The Guardian.
- Perlroth, N. (2012, October 23). In cyberattack on Saudi firm, U.S. sees Iran firing back. The New York Times.
- Titman, S. (2010, February 10). What's the value of Saudi Aramco? Texas Enterprise.
- Wahab, S. (2012, December 10). Cyber attack on Aramco a 'global plot'. Arab News.