Inside the 2014 hack of a Saudi embassy

From csoonline.com

An attacker claiming to be ISIS took control of the official email account of the Saudi Embassy in the Netherlands in August, 2014 and sent emails to more than a dozen embassies at The Hague demanding $50 million for ISIS, or they would blow up a major diplomatic reception, documents seen by CSO reveal.

The attack compromised the Saudi embassy’s non-classified computer network. They deployed a garden-variety rootkit on the workstation of the ambassador’s secretary and took over the embassy’s official email account.

No one was ever formally held accountable, despite an internal investigation. Given the low sophistication of the attack, experts tell CSO it’s impossible to say whether the attacker really was part of an organized effort by ISIS, a random supporter, or a nation-state intelligence agency masquerading as ISIS for motives unknown.

The story began with a bizarre attempt to defraud a Saudi schoolmaster in the UK of a €200 visa fee and ended with a $50 million ransom demand and a manhunt by the Dutch diplomatic police as the clock ticked down to September 23, Saudi National Day.

Documents obtained by CSO provide details of the attack and the Saudi response. This provides an interesting window into how a government might react to a suspected nation-state attack and raises questions about the level of security deployed at embassies around the world.

Read more…