An attacker claiming to be ISIS took control of the official email account of the Saudi Embassy in the Netherlands in
The attack compromised the Saudi embassy’s non-classified computer network. They deployed a garden-variety rootkit on the workstation of the ambassador’s secretary and took over the embassy’s official email account.
No one was ever formally held accountable, despite an internal investigation. Given the low sophistication of the attack, experts tell CSO it’s impossible to say whether the attacker really was part of an organized effort by ISIS, a random supporter, or a nation-state intelligence agency masquerading as ISIS for motives unknown.
The story began with a bizarre attempt to defraud a Saudi schoolmaster in the UK of a €200 visa fee and ended with a $50 million ransom demand and a manhunt by the Dutch diplomatic police as the clock ticked down to September 23, Saudi National Day.
Documents obtained by CSO provide details of the attack and the Saudi response. This provides an interesting window into how a government might react to a suspected nation-state attack and raises questions about the level of security deployed at embassies around the world.