Hacker News article The hacker who broke into the world’s largest oil rig last year has released a series of malware files that are being used to control the rig.
The oil rig was built by BP, and has an operational capacity of more than 20,000 barrels a day.
In the weeks leading up to the rig’s breach, the company’s security team was working on a fix, but in April the hacktivist group Anonymous breached the rig with a series, dubbed “Operation Mantis.”
The group claimed responsibility for the breach and published the files on Thursday.
Anonymous has since issued several warnings of its intention to release the malware, but the leak was the first time the hackers had publicly released the code.
It’s unclear if the group has any ties to BP.
One of the code snippets posted by Anonymous on Thursday, titled “Oil Rig Control”, can be used to execute a number of malicious commands.
For example, the command “set password 0” can be executed on the rig to change the password.
Anonymous says that the malware is designed to operate in two modes: the first is a persistent mode where the hacker has control over the rig until it is reset to default settings, or “auto reset.”
This would allow the hacker to keep the rig running indefinitely, until a new set of settings is set.
The second mode is called “passive mode” and allows the hacker “to bypass security controls that stop the rig from operating normally.”
This is where the hackers find vulnerabilities in BP’s security systems and network.
They also post instructions on how to install and use a new version of the malware.
“These are just the first stages of a long and costly process that will allow us to create a full-fledged oil rig,” the Anonymous posting reads.
“In this case, the rig will be able to operate indefinitely.
We will then use our resources to build a fully automated oil rig that will be capable of delivering oil to customers, with no downtime.”
The hacker has posted a number for the code on Pastebin, and he says that it is being developed by an unnamed person.
Anonymous does not claim responsibility for any of the malicious code.
The hacktivists are also offering a reward for information leading to the arrest of the hacker.