In May 2008, Pacific Energy Resources, an oil platform operator, fell victim to a deliberate cyber attack targeting its SCADA (Supervisory Control and Data Acquisition) system. The perpetrator, Mario Azar a disgruntled former IT consultant for the company exploited his retained access privileges after his contract termination on May 8. From his Southern California residence, Azar used multiple user accounts to tamper with the leak-detection system, compromising its integrity and availability. The attack disabled critical servers, forcing the shutdown of the leak detection infrastructure. The incident resulted in operational disruptions and financial losses amounting to thousands of dollars, primarily due to system downtime and potential safety risks from the impaired monitoring capabilities. While the attack did not directly cause environmental damage or data breaches, the temporary loss of control over a safety-critical system posed significant operational and reputational threats. The motive stemmed from Azar’s frustration over the company’s refusal to offer him permanent employment, highlighting the risks of insider threats in industrial control environments.
Source: https://www.risidata.com/Database/Detail/hacker_disabled_offshore_oil_platforms
TPRM report: https://www.rankiteo.com/company/pacific-energy-resources-ltd.
"id": "pac610092025",
"linkid": "pacific-energy-resources-ltd.",
"type": "Cyber Attack",
"date": "5/2008",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Oil & Gas / Energy',
'name': 'Pacific Energy Resources',
'type': 'Private Company'}],
'attack_vector': ['Insider Threat', 'Remote Access Abuse', 'Privilege Misuse'],
'date_detected': '2008-05',
'description': 'Mario Azar, an IT consultant for Pacific Energy Resources, '
"impaired the integrity and availability of the company's "
'SCADA system after being denied permanent employment. He used '
'his multiple user accounts to disable the leak-detection '
'system remotely from his Southern California home, causing '
'temporary server outages and thousands of dollars in damages.',
'impact': {'downtime': 'Temporary (servers and leak-detection system '
'disabled)',
'financial_loss': 'Thousands of dollars',
'operational_impact': 'Leak-detection system shutdown, potential '
'safety risks',
'systems_affected': ['Leak-Detection System', 'SCADA Servers']},
'initial_access_broker': {'entry_point': 'Legitimate user accounts (insider '
'access)',
'high_value_targets': ['SCADA Servers',
'Leak-Detection System']},
'investigation_status': 'Completed (indictment issued)',
'motivation': 'Retaliation for denied permanent employment',
'post_incident_analysis': {'root_causes': ['Insider Threat Risk',
'Inadequate Access Controls',
'Lack of Behavioral Monitoring for '
'Privileged Users']},
'regulatory_compliance': {'legal_actions': 'Indictment filed against Mario '
'Azar'},
'response': {'law_enforcement_notified': 'Yes (indictment filed)'},
'threat_actor': 'Mario Azar (Disgruntled IT Consultant)',
'title': 'SCADA Tampering Incident at Pacific Energy Resources',
'type': 'SCADA Tampering / Insider Threat',
'vulnerability_exploited': ['Improper Access Controls',
'Lack of Monitoring for Insider Threats']}