TINA CASEY
Despite a warning from the U.S. to back off, Iran has threatened to close the Strait of Hormuz and it claims that a U.S. aircraft carrier is lurking in the area, but if Iran is preparing for a fight the real action is more likely to begin with laptops and desktops.
According to a team from the Russian IT security firm Kaspersky Lab, the notorious Duqu and Stuxnet computer viruses, both of which reportedly attacked Iranian nuclear facilities, can be traced to a single platform that is much older, and has been used to create at least three other viruses.
Duqu was first detected by a Hungarian security lab in October. Since then, security researchers around the globe have been racing to determine the extent of its spread and to pinpoint its origins, as Microsoft has struggled to patch a security flaw in Microsoft Word that enabled the transmission of the malware in the first place.
Almost a year after Iranian President Mahmoud Ahmadinejad said Iranian centrifuges had been attacked by Stuxnet, Iran in November said it had detected Duqu and was working to fight it, confirming earlier reports of security researchers.
In addition to gathering the information necessary to cause physical damage to industrial systems, such as those at Iran’s uranium enrichment plants, the Duqu malware also opens the door for other viruses such as Stuxnet, which could have the capability to assume control of those systems.
If Duqu and Stuxnet share the same platform, this could just be the beginning of a new round of cyber-attacks designed to prevent Iran from building nuclear weapons.
Kaspersky Lab is confident of its findings, and that doesn’t bode well for Iran’s ability to respond effectively to future attacks.
The Kaspersky team is calling the parent platform “Tilded” in reference to the tilde symbol “~” and the letter “d,” which begin many of its files. They found evidence of a connection to Stuxnet while analyzing Duqu incident that occurred in August 2011, and used an in-house database of other malicious programs to find additional similarities.
The database itself turned out to be a key piece of evidence for a common, older ancestor shared between the two viruses. As explained by Kaspersky Lab, the database contained a file that was created a year before the creation of the drivers used by Stuxnet.
In a prepared statement, Alexander Gostev, Chief Security Expert at Kaspersky Lab, said:
“The drivers from the still unknown malicious programs cannot be attributed to activity of the Stuxnet and Duqu Trojans. The methods of dissemination of Stuxnet would have brought about a large number of infections with these drivers; and they can’t be attributed either to the more targeted Duqu Trojan due to the compilation date. We consider that these drivers were used either in an earlier version of Duqu, or for infection with completely different malicious programs, which moreover have the same platform and, it is likely, a single creator-team.”
As for the geographic locations, nationalities and political affiliations of that team, Kaspersky doesn’t speculate.
Earlier, however, Kapersky said that “Stuxnet development was likely to be backed by a nation state, which had strong intelligence data at its disposal,” leading to additional speculation from other researchers and media outlets that Israel and/or the U.S. were behind the virus.
Also, it is worth pointing out that whoever was behind Duqu — they are apparently fans of the American SHOWTIME series “Dexter,” as they embedded an obvious reference to the show in the code.
Indeed, in any case, Kapersky Lab’s predictions for 2012 include “a dramatic increase in the number of targeted attacks,” particularly on “companies and state organizations involved in arms manufacturing, financial operations, or hi-tech and scientific research activities.”
Hold on to your hats.
Fans of Dexter? Well that leaves with about 50 suspects.
tlaloc What is this treasonous nonsense?
I don't like war. But if there is to be war, I think I prefer the cyber variety.
gvs1066 You must not have air conditioning. By the looks of the weather predictions for the Southwest drought next year a virus that knocks out our electricity may be life-threatening. And are the gas utilities vulnerable to such viruses?
as a former sysop, it still boggles my mind that anything "nuclear" should ever be hooked up to anything "windows"
vaxorcist They just said Microsoft, not Windows. Their plants are using the much safer step of running on Microsoft Bob.
vaxorcist It should boggle your mind even more that it was in any way connected to the internet or that random software was allowed to run on it.
Let me add that I have absolutely no sympathy for those theocratic neanderthals with nuclear ambitions.
Duqu and Stuxnet have the same author? Lone Gunman fallacy.
The similarities between Duqu and Stuxnet point to a common code base, not necessarily a common author, and confirm the existence of an underground currency in malignant software -- the source code is there to be sold. Once used, malware is identified and blocked. For re-use, it must be modified for specific application. This accounts for some differences between the two.
Any group that sets centrifuge PLC's as their targets has access to arcane nuclear industry information. "Cui Bono" suggests that they are more likely national actors than ordinary credit card skimmers. Other differences between Dugu and Stuxnet stem from the need to obfuscate their origins. Really, do you think the NSA wants that code traced back to one of their subcontractors?
kharsivan I think Stuxnet was pretty much confirmed to be Israeli, not American. Certain references in the code.
Flying Squidkharsivan It doesn't mean the that there weren't Americans involved. This pie could have several chefs.
gvs1066kharsivan Maybe they were, maybe not. They certainly didn't need to be. Israel is very proficient with technology. My point was it probably wasn't an NSA subcontractor job.
it's certainly a brave new world, and while I vastly prefer cyberattacks on Iran's nuclear program - they are more effective and far less expensive in terms of both lives and money than dropping bombs - it's also inviting a cyber counterattack. Sometime in the next 10 years, we might well see the Pentagon's recently-announced policy of deeming cyberattacks the same as an actual attack, put to the test.
That is, are we *really* going to go to war with Iran if a cyberattack on our nation's power or banking infrastructure can be traced back to Iran?
Iran should buy macs.
jonwisby check out the cool video I just made on my iCentrifuge
mndem lol
mndemjonwisby Death to Israel!
-Sent from my iBomb
jonwisby If they did, the country would have to change it's name to iRan.
Clearly iRan should be using Macs
- spam
- offensive
- disagree
- off topic
Like