John Romant's Technology Blog

If it's technology, I want to know about it.

Category Archives: Stuxnet

Duqu Virus attacks Iran. All facilities and equipment are said to be “cleaned”.

On Sunday Iran has indicated that the Duqu Virus (click here to learn about the Duqu super virus) has been detected, but the depth of the contamination is currently unknown. The director of Iran’s Passive Defense Organization, Gholam Reza Jalali, says that the Islamic Republic has produced an antivirus software protecting software and hardware systems of governmental centers against the  Duqu super virus.  All facilities and equipment, which were affected with this virus, have been cleaned, and the virus is under control, Gholam Reza Jalali told IRNA on Sunday.

Side note,  I wander how much the Iranian Duqu anti-virus will go for on the open market ?  I also wander if Iran is still using Siemens control systems.  Sounds like a film plot in the making.

follow me on twitter: @johnromant

Advertisements

“Duqu” virus created from original Stuxnet Code. Researchers Warn of Impending Cyber Attack.

PHOTO: Researchers claim a new virus, dubbed "Duqu", could be the first step in a new Stuxnet-like cyber attack.

By LEE FERRAN
Oct. 18, 2011

A new computer virus using “nearly identical” parts of the cyber superweapon Stuxnet has been detected on computer systems in Europe and is believed to be a precursor to a new Stuxnet-like attack, a major U.S.-based cyber security company said today.

Stuxnet was a highly sophisticated computer worm that was discovered last year and was thought to have successfully targeted and disrupted systems at a nuclear enrichment plant in Iran. At the time, U.S. officials said the worm’s unprecedented complexity and potential ability to physically sabotage industrial control systems — which run everything from water plants to the power grid in the U.S. and in many countries around the world — marked a new era in cyber warfare.

Though no group claimed responsibility for the Stuxnet worm, several cyber security experts have said it is likely a nation-state created it and that the U.S. and Israel were on a short list of possible culprits.

READ: Could Cyber Superweapon Be Turned on the U.S.?

Whoever it was, the same group may be at it again, researchers said, as the authors of the new virus apparently had access to original Stuxnet code that was never made public.

The new threat, discovered by a Europe-based research lab and dubbed “Duqu”, is not designed to physically affect industrial systems like Stuxnet was, but apparently is only used to gather information on potential targets that could be helpful in a future cyber attack, cyber security giant Symantec said in a report today.

“Duqu shares a great deal of code with Stuxnet; however, the payload is completely different,” Symantec said in a blog post.

READ: Beware the Cyber War Boomerang?

Duqu is designed to record key strokes and gather other system information at companies in the industrial control system field and then send that information back to whomever planted the bug, Symantec said.

If successful, the information gleaned from those companies through Duqu could be used in a future attack on any industrial control system in the world where the companies’ products are used — from a power plant in Europe to an oil rig in the Gulf of Mexico.

“Right now it’s in the reconnaissance stage, you could say,” Symantec Senior Director for Security Technology and Response, Gerry Egan, told ABC News. “[But] there’s a clear indication an attack is being planned.”

Duqu is also not designed to spread on its own…continue reading.

Is World War III Going To Be Started via Cyber Warfare? Pentagon is Prepairing.

The Pentagon, headquarters of the United State...

Image via Wikipedia

By Anna Mulrine,
Staff writer, CSMonitor

(AXcess News) Washington – The Pentagon is rapidly preparing for cyberwar in the face of alarming and growing threats, say senior defense officials, who add that sophisticated attacks have prompted them to take the striking step of investigating the feasibility of expanding NATO‘s collective defense tenet to include cyberspace.

But as such planning intensifies, the military is struggling with some basics of warfare – including how to define exactly what, for starters, constitutes an attack, and what level of cyberattack warrants a cyber-reprisal.

“I mean, clearly if you take down significant portions of our economy we would probably consider that an attack,” William Lynn, the deputy secretary of defense, said recently. “But an intrusion stealing data, on the other hand, probably isn’t an attack. And there are [an] enormous number of steps in between those two.”

Today, one of the challenges facing Pentagon strategists is “deciding at what threshold do you consider something an attack,” Mr. Lynn said. “I think the policy community both inside and outside the government is wrestling with that, and I don’t think we’ve wrestled it to the ground yet.”

Equally tricky, defense officials say, is how to pinpoint who is doing the attacking. And this raises further complications that go to the heart of the Pentagon’s mission. “If you don’t know who to attribute an attack to, you can’t retaliate against that attack,” noted Lynn in a recent discussion at the Council on Foreign Relations.

As a result, “You can’t deter through punishment, you can’t deter by retaliating against the attack.” He lamented the complexities that make cyberwar so different from, say, “nuclear missiles, which of course come with a return address.”

How to pinpoint the source of a cyberattack is a subject being discussed by Pentagon officials with their counterparts in Britain, Canada, and Australia, among others, in advance of the upcoming NATO summit in Lisbon in November, at which cyberwarfare is an item on the agenda. Officials from NATO member states are also discussing such fundamental issues as how to share information and exchange related technologies, illustrating that the concept of a collective cyberwarfare defense is still in its infancy.

Lynn is among those working to develop the Pentagon’s new cyberstrategy, which is focusing both on how to defend the military’s classified networks as well as how to protect the Internet itself.

This upending of some key tenets of military doctrine is prompting the Pentagon to look to some surprising new places for strategic models of cyberdefense, including public health. “A public health model has some interesting applications,” Lynn said. “Can we use the kinds of techniques we use to prevent diseases? Could those be applied to the Internet?”

To that end, the Pentagon is now researching means of introducing internal defenses to the Internet so that it acts more like a human organism. When it’s hit with a virus, for example, it might mutate to fend it off. Such strategies are meant to “shift the advantage much more to the defender and away from the attacker,” Lynn said.

The problem is that the Internet currently has very few natural defenses. And sophisticated crafted viruses like Stuxnet are even tougher to fend off. Indeed, the Web “was not developed with security in mind,” he added. “It was developed with transparency in mind; it was developed with ease of technological innovation.” Those same attributes do not lend themselves to good security. Among the potential targets for cyberattack frequently mentioned by cybersecurity experts are the nation’s powergrid and financial system.

It was in 2008 that a cyberattack on Pentagon networks – an attack attributed to an unnamed “foreign intelligence service” – served as a wake-up call for US defense leadership. “To that point, we did not think our classified networks could be penetrated, so it was – it was a fairly shocking development,” said Lynn, adding that it was a “seminal moment” in a new military frontier.

Lynn put forward an analogy to early American warfare that the Pentagon often likes to call upon to illustrate its point. “If you figure the Internet is 20, 20-plus years old, and you kind of analogize to aviation … the first military aircraft was bought, I think, in 1908, somewhere around there. So we’re in about 1928,” he said.

“We’ve kind of seen some … biplanes shoot at each other over France,” he added. “But we haven’t really seen kind of what a true cyberconflict is going to look like.”

He warned, however, that there were a few things that appear clear. It is a kind of war that “is going to be … more sophisticated, it’s going to be more damaging, it’s going to be more threatening” than it appears at the present, Lynn said. “And it’s one of the reasons we’re trying to get our arms around the strategy in front of this rather than respond to the event.”

%d bloggers like this: