Shamoon virus targets energy sector infrastructure.

Saudi Aramco is Saudi Arabia's national oil provider

Continue reading the main story

Related Stories

• Stuxnet thwarted by code update
• Flame and Stuxnet 'link' found
• UN warning on 'risk of cyberwar'

A new threat targeting infrastructure in the energy industry has been uncovered by security specialists.

The attack, known as Shamoon, is said to have hit "at least one organisation" in the sector.

Shamoon is capable of wiping files and rendering several computers on a network unusable.

Although Saudi Aramco did not link the issue to the Shamoon threat, it did confirm that the company had suffered a "sudden disruption".

In a statement, the company said it had now isolated its computer networks as a precautionary measure.

The disruptions were "suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network", a statement read.

It said the attack had had "no impact whatsoever" on production operations.

Rendered unusable

On Thursday, security firms released the first detailed information about Shamoon.

Experts said the threat was known to have had hit "at least one organisation" in the energy sector.

"It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable," wrote security firm Symantec.

Continue reading the main story

“Start Quote

Why would someone wipe files in a targeted attack and make the machine unusable?”

Seculert

The attack was designed to penetrate a computer through the internet, before targeting other machines on the same network that were not directly connected to the internet.

Once infected, the machines' data is wiped. A list of the wiped files then sent back to the initially infected computer, and in turn passed on to the attacker's command-and-control centre.

During this process, the attack replaces the deleted files with JPEG images - obstructing any potential file recovery by the victim.

'Under the radar'

Seculert, an Israel-based security specialist, also analysed the malicious code and concluded that it had unusual characteristics compared with other recent attacks.

"The interesting part of this malware is that instead of staying under the radar and collect information, the malware was designed to overwrite and wipe the files," the company said.

"Why would someone wipe files in a targeted attack and make the machine unusable?"

Shamoon is the latest in a line of attacks that have targeted infrastructure.

One of the most high-profile attacks in recent times was Stuxnet, which was designed to hit nuclear infrastructure in Iran.

Others, like Duqu, have sought to infiltrate networks in order to steal data.

US plants hit by USB stick malware attack

US authorities did not specify which plants had been hit - and to what extent

Continue reading the main story

Related Stories

• 'Red October' cyber-attack found
• US 'hacked office of Sarkozy'
• New virus targets energy sector

Two power plants in the US were affected by malware attacks in 2012, a security authority has said.

In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said "common and sophisticated" attacks had taken place.

Malware had infected each plant's system after being inadvertently brought in on a USB stick, it said.

The ICS-CERT said it expected a rise in the number of similar attacks.

Malware can typically be used by cyber-attackers to gain remote access to systems, or to steal data.

In the newsletter, authorities said: "The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation.

"The employee routinely used this USB drive for backing up control systems configurations within the control environment."

And at a separate facility, more malware was found.

"A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades," the report said.

"Unknown to the technician, the USB-drive was infected with crimeware.

"The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks."

Physical effects

The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened.

"Such practices will mitigate many issues that could lead to extended system downtime," it said.

"Defence-in-depth strategies are also essential in planning control system networks and in providing protections to reduce the risk of impacts from cyber-events."

In recent years, power plants have been the target of increasingly destructive malware and viruses - a bridge between damage in a digital sense, such as data loss of theft, and actual physical infrastructure.

In 2010, the Stuxnet virus was said to have damaged critical parts of Iran's nuclear infrastructure.

Security firm Symantec research said it believed Stuxnet had been designed to hit motors controlling centrifuges and thus disrupt the creation of uranium fuel pellets.

A UN weapons inspector later said he believed the attack had set back Iran's nuclear programme.

No country has claimed responsibility for the attack, but a New York Times report last year, written by the author of a book on the attacks, pointed the finger at the US.

Journalist David E Sanger wrote that the US had acted with the co-operation of Israel.

Kids 'using coding skills to hack' friends on games, expert says

By Dave LeeTechnology reporter, BBC News

AVG's Tony Anscombe says children hacking games is still "theft"

Continue reading the main story

Related Stories

• US plants hit by USB stick malware
• App charges cause anger for parents
• 'Red October' cyber-attack found

Children as young as 11 years old are writing malicious computer code to hack accounts on gaming sites and social networks, experts have said.

A report from antivirus company AVG detailed evidence of programs written to "steal" virtual currency.

In one case, researchers were able to reverse-engineer "amateur" code to reveal data about the identity of one child in Canada.

The company said children must be educated on coding "rights and wrongs".

"As more schools are educating people for programming in this early stage, before they are adults and understand the impact of what they're doing, this will continue to grow." said Yuval Ben-Itzhak, chief technology officer at AVG.

The researchers found that many instances of malware targeting games popular with children shared the same characteristics.

Most were written using basic coding languages such as Visual Basic and C#, and were written in a way that contain quite literal schoolboy errors that professional hackers were unlikely to make - many exposing the original source of the code.

Stealing data

The team examined closely one particular instance of code that masqueraded as a cheat program for gamers playing Runescape, an online title that has over 200 million signed-up players.

This piece of software was used to steal data from gamers

The program, Runescape Gold Hack, promised to give the gamer free virtual currency to use in the game - but it in fact was being used to steal log-in details from unsuspecting users.

"When the researchers looked at the source code we found interesting information," explained Mr Ben-Itzhak to the BBC.

"We found that the malware was trying to steal the data from people and send it to a specific email address.

"The malware author included in that code the exact email address and password and additional information - more experienced hackers would never put these type of details in malware."

That email address belonged, Mr Ben-Itzhak said, to an 11-year-old boy in Canada.

Enough information was discoverable, thanks to the malware's source code, that researchers were even able to find out which town the boy lived in - and that his parents had recently treated him to a new iPhone.

Continue reading the main story

“Start Quote

It is not enough to just use computer programs”

Linda SandvikCode Club

Many schools around the world are changing education programmes in schools to teach children to code, rather than simply to use, computers.

In the UK, several after-school clubs have been set up - and initiatives to get kids into programming have been backed by the likes of Google and Microsoft.

Coding benefits

Mr Ben-Itzhak said that, as the ability level of children increased, more needed to be done to educate them on how best to use their new skills.

"We cannot tell how many kids around the world are [writing malicious programs], but we believe there are more cases like this.

"You teach your children that you can't take a toy without paying - so I think this type of a message needs to get to the kids when they're writing software too."

Linda Sandvik is the co-founder of Code Club, an initiative that teaches children aged nine and up how to code.

She told the BBC that the benefits from teaching children to code far outweighed any of the risks that were outlined in the AVG report.

"We teach English, maths and science to all students because they are fundamental to understanding society," she said.

"The same is true of digital technology. When we gain literacy, we not only learn to read, but also to write. It is not enough to just use computer programs."

SimCity sales top 1.1 million

Despite connection problems plaguing the opening days after launch, city-building simulation SimCity has sold more than 1.1 million copies, publisher Electronic Arts announced.

More than half of those copies purchased were digital downloads, EA says in a statement.

"SimCity is one of the storied brands in gaming, and Maxis delivered a game re-envisioned and engineered for the online age," says EA chief operating officer Peter Moore in a statement.

Launched two weeks ago, SimCity had suffered through a myriad of technical issues, most notably an inability to log on and start building cities. The game requires players to maintain an online connection throughout, even when exploring single-player components.

Since then, EA says they have increased server capacity by 400% to cut back on wait times and allow users to log on. The publisher says players have logged more than 15 million hours of online play.

In an effort to win back players upset by the launch woes, EA is offering a free game available through digital download. SimCity copies registered before March 25 at 11:59 p.m. PT are eligible, and those owners have until March 30 to grab their title.

Options include Battlefield 3 (Standard Edition), Bejeweled 3, Dead Space 3(Standard Edition), Mass Effect 3 (Standard Edition)
Medal of Honor Warfighter (Standard Edition), Need For Speed Most Wanted(Standard Edition), Plants vs. Zombies and SimCity 4 Deluxe Edition.

In a separate post on EA's official blog, Bradshaw defended the use of an "always-on" connection for SimCity. "Could we have built a subset offline mode? Yes," she says. "But we rejected that idea because it didn't fit with our vision."

Smart almost-laptop nearly gets it right

See all models 

• Review
• User Reviews
• Specs
• Compare
• Shop

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Previous

Next

CNET Editors' Rating

3.5starsVery good

 

$899.99

Review Date: 2/05/13

 

Average User Rating

4.5stars16 user reviews

The good: The Microsoft Surface Pro fits a full ultrabook experience in a compact 10-inch tablet. Thanks to the ingenious Type and Touch covers, it offers a comfortable interface and typing experience. The clean, crisp design and sharp 1080p screen rise above the competition.

The bad: The battery life is disappointing, and more ports would be nice. The 64GB model barely has any free storage. It costs as much as a regular laptop, especially because the cool keyboard cover isn't included by default.

The bottom line: The Surface Pro's gutsy design successfully reinvents the Windows 8 laptop by cramming an ultrabook experience into the body of a 10-inch tablet. Those wanting to go all-in on the tablet experience won't regret buying the Surface Pro, but we're holding out for a future, more polished generation of the device.

• See it

Set price alert

On February 9, the Surface gets another lease on life. This version, known as the Surface Pro, tackles head-on many of the complaints about the original Surface RT -- especially that model's compromisedWindows RT operating system. The Surface Pro offers a full Windows 8 experience that works with older Windows software titles, packs a real Intel Core i5 processor, and boldly stuffs the entire PC experience into a sleek and appealing tablet body that's just a tad thicker and heavier than the RT version.

There's a lot to like here -- if not to love. While the Surface Pro isn't the first Windows 8 tablet, it may well be the best one to date, at least in terms of design. The magic here is in the details: the ingenious detachable keyboard cover and the included pressure-sensitive stylus both go a long way toward setting the Surface Pro apart from the other laptops, tablets, and hybrids we've seen so far.

Can the Surface Pro work as a real, everyday PC -- a task that rival iPads, Android tablets, and even those Windows RT models couldn't quite handle? For me, an initial skeptic, it can. You can color me impressed.

If you were skipping the Surface RT because you wanted "true" laptop power and performance, the Pro version is definitely the way to go.

Surface Pro: Microsoft tries to bridge PC and tablet (pictures)

1-2 of 19

Scroll LeftScroll Right

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

But while it's undeniably more powerful, the Surface Pro makes trade-offs -- most notably, middling battery life, a heavier chassis, and a price tag that starts at $899. That hit on your wallet becomes closer to $1,200 if you go with the 128GB version (a necessity) and add the so-cool-you'll-want-it keyboard cover. And you can say goodbye to the free version of Microsoft Office that came with the Surface RT; Surface Pro buyers will need to spring for that, too.

I'm waiting for Microsoft to throw me a bone. The Surface Pro's best feature isn't even in the box; toss in the $129 Type Cover. Or give me Microsoft Office. Otherwise, I think I'm holding out for the inevitable Surface Pro 2 -- the one that will undoubtedly offer better battery life and a host of other upgrades. This version makes strides, but it's not the perfect laptop-killer yet.

Price as reviewed / starting price	$999 / $899
Processor	1.7GHz Intel Core i5-3317U
Memory	4GB, 1,600MHz DDR3
Hard drive	64GB SSD ($899), 128GB SSD ($999)
Chipset	Intel HM77
Graphics	Intel HD4000
Operating system	Windows 8
Dimensions (WD)	10.8x6.8 inches
Height	0.53 inch
Screen size (diagonal)	10.6 inches
System weight / Weight with AC adapter	2 pounds / 2.6 pounds
Category	Ultraportable / Hybrid

(Credit: Sarah Tew/CNET)

Design: Boxy-sexy-cool
Microsoft has done something right with the Surface Pro's overall design: everything works exactly as advertised, and with an extremely elegant, bordering on beautiful, sense of design. The industrial magnesium chassis of the Surface Pro feels solid but isn't too heavy to hold in one hand. One notable difference between it and the slightly thinner RT version of the Surface is a hairline wraparound vent on the rear that works with internal fans to keep the more powerful CPU running smoothly.

(Credit: Sarah Tew/CNET)

At 2 pounds, the Surface Pro weighs less than a regular ultrabook, and at 10.81 inches by 6.81 inches by 0.53 inch, it's more compact. But it's bigger than your average tablet, and weighs more, too. It feels like a larger iPad decked out in a fat suit. In fact, it still feels more like a super slimmed-down laptop than a regular tablet, especially with the Type or Touch Cover attached.

The Surface Pro on top of the HP Envy x2 tablet/laptop.

(Credit: Sarah Tew/CNET)

The closest equivalent we've reviewed was the Acer Iconia W700, a nearly identical tablet in terms of specs. The Iconia is longer and wider and has an 11.6-inch screen; the Surface Pro's is 10.6 inches.

(Credit: Sarah Tew/CNET)

Made of the same "VaporMG" magnesium as the Surface RT, it feels even better than it looks, which -- despite being cleanly honed -- is a little boxy.

(Credit: Sarah Tew/CNET)

The Surface Pro tips the scales at 2 pounds even; add half a pound for one of the keyboard covers, and another 0.6 pound for the AC adapter and cord. That's heavier than the Surface RT and iPad (both around 1.5 pounds), but lighter than most laptops, even with the keyboard case in tow.

(Credit: Sarah Tew/CNET)

If there's any ergonomic complaint I can level at the Surface, it's the angle of the tablet in kickstand mode when sitting at a desk and using the small kickstand flap that folds out to form the back of the system. The angle is not adjustable, and while it works fine with the Type Cover attached, I would prefer it angled up a bit more. I found myself hunching over to get to a perfect angle.

Display
The 10.6-inch display is small, especially for a full Windows laptop, but it's crisp and bright and has a full 1,920x1,080-pixel resolution. I found myself able to work on it easily, but I could also see that you'd want to plug in a monitor for all-day use. The good news is that the Surface Pro supports up to 2,560x1,440-pixel resolution on an external display. Even if you didn't use another monitor, the Surface's IPS display is one of the best I've ever seen on a small Windows computer. Capacitive multitouch feels buttery-smooth. That's the magic that made the iPhone and iPad so fun to use. The Surface Pro, in painting programs and a few other apps I tried, felt comfortable to navigate. It's not quite as brilliant as the iPad's Retina Display, but it feels like it's getting spiritually close.

You can connect the Surface to a larger monitor easily; many will. A built-in Mini DisplayPort carries audio and video, and with adapters (sold separately) you can switch over to VGA or HDMI if needed. Working in multimonitor mode operated exactly the same as you'd expect on a Windows PC. It took some fiddling to get window sizing just right, but I found that working on my desk with the innocuous Surface on the side of my monitor as a PC-slash-second-screen was a bit of a treat.

(Credit: Sarah Tew/CNET)

Type Cover, Touch Cover: Killer accessories, neither included
Nearly this entire review has been written on the Surface Pro, using a combination of Type and Touch covers. The $130 Type Cover has an actual keyboard with depressible keys, whereas the $120 Touch Cover is a membrane keyboard. They both weigh about half a pound, and double as screen covers for the Surface.

The Type Cover keyboard feels wonderful, easy to bang away on, and largely responsive. The Touch Cover...well, not quite as much. It's usable, however. The key spacing on the Touch Cover is identical, and as long as you can get used to the lack of actual key motion and give in to tapping away lightly on what amounts to raised polyurethane squares, then it can work -- even with touch typing.

(Credit: Sarah Tew/CNET)

The Type Cover has a real but tiny honest-to-goodness multitouch touch pad with lower click zones; the Touch Cover's touch pad has "clickable" areas delineated below the touch-pad space with cut-out grooved lines. The Touch Cover is fun (it's available in multiple colors), but the real keyboard on the Type Cover only costs $10 more.

(Credit: Sarah Tew/CNET)

I can't say enough good things about the Type Cover keyboard -- if I were reviewing it separately, it would get an Editors' Choice hands-down. It attaches magnetically and seamlessly to the Surface Pro's bottom. It forms a pretty attractive cover along the lines of Apple's own (keyboardless) Smart Cover, but with the addition of that Surface-powered keyboard-touch-pad combo that doesn't noticeably drain battery life at all.

(Credit: Sarah Tew/CNET)

And, yes, it forms a strong enough bond to dangle the Surface Pro upside down, but I wouldn't try this at home over a concrete floor.

Working with the included touch pad gets the job done, but you can just as easily use the Surface's touch screen -- or add a Bluetooth or USB mouse or touch pad. I used the Microsoft Wedge Touch Mouse that Microsoft included with this review unit. It's expensive but small enough, and it pairs nicely with the Surface.

(Credit: Sarah Tew/CNET)

Surface Pen
The Surface Pro supports pressure-sensitive styli, and the Surface Pro comes with its own Surface Pen that magnetically attaches to the power connector to hold it in place when you're on the go. Writing and sketching felt natural, and the pen worked far more responsively than a capacitive iPad stylus (the technology's different).

(Credit: Sarah Tew/CNET)

Using a few basic drawing apps from the Windows Store, it all worked easily enough for my 4-year-old son and myself to enjoy.

(Credit: Scott Stein/CNET)

The "fun factor" is definitely present in the Surface Pro, but there isn't the incredible level of tablet-friendly app support that iOS and Android enjoy. You can run legacy Windows applications on the Surface to your heart's content, but those won't be nearly as touch-friendly.

Speakers, cameras
Audio, conveyed through built-in stereo speakers, sounds adequate but not spectacular. It's better than you'd expect out of a machine this small, however.