Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

Advertisements

Taking Questionable Sides In A Foreign Civil War

It’s official, we’re no longer hiding behind the fictitious fig leaf of “responsibility to protect” civilians (R2P), we’re now showing our true colors. We’re in Libya for regime change. I’m not quite sure when the United Nations approved that?

US, allies formally recognize Libya rebels

The United States granted Libyan rebel leaders full diplomatic recognition as the governing authority of Libya yesterday, after five months of fighting to oust longtime ruler Moammar Khadafy.

The decision at a meeting here of more than 30 Western and Arab nations is the first step in giving the rebels access to Libya’s frozen US assets, worth more than $30 billion.

“I am announcing today that, until an interim authority is in place, the United States will recognize the TNC as the legitimate governing authority for Libya,’’ Secretary of State Hillary Rodham Clinton said, referring to the rebels’ Transitional National Council, prompting other ministers to break out in applause.

Who, exactly, are we now in bed with?

Rights group: Libyan rebels looted and beat civilians

Libyan rebels have looted and burned homes and abused civilians, a human rights group said Wednesday.

The New York-based Human Rights Watch said that, in “four towns captured by rebels in the Nafusa Mountains over the past month, rebel fighters and supporters have damaged property, burned some homes, looted from hospitals, homes, and shops, and beaten some individuals alleged to have supported government forces.”

See also:
U.S. recognition of the Libyan rebel government leaves many questions unanswered
US Formally Recognizes Libyan Rebels
United States recognizes Libyan rebels as legitimate government
U.S. recognizes Libyan rebels as ruling authority
Libyan Rebels Get U.S. Recognition, Await Cash
Libyan rebels win recognition and promise of financial support
Libyan Rebels Get U.S. Recognition Yet Must Wait for Cash
Mary E. Stonaker: What formal recognition given to Libyan rebels means for the oil markets
Rights Group: Libyan Rebels Loot Seized Towns
Rights group accuses Libyan rebels of abuse
Libya rebels loot seized towns, says rights group
Human Rights Watch criticizes Libyan rebels
Rights group exposes Libyan rebel abuses

Lets recap: The United States has now formally aligned itself with accused war criminals we hardly know, in a foreign civil war that we have absolutely no business being militarily involved with in the first place, and our mission creep to regime change isn’t even authorized or approved under international law. Is that about it?

/well played Obama administration, what are we now, a rogue nation?