Sentinel Down

And yet again, after leaving behind a cutting edge stealth helicopter during the bin Laden raid, the U.S. conducts another, involuntary, state-of-the-art military technology transfer to the enemy.

Iran’s capture of US drone shines light on spy mission, but may reveal little

The Iranian capture of a high-tech, stealth U.S. drone shines a light on the American spying mission there, but probably doesn’t tell Tehran much that it didn’t already know, a senior U.S. official said.

The RQ-170 Sentinel was providing surveillance over Iran and didn’t just accidentally wander away from the Afghanistan border region, as first suggested. The official said Wednesday that the Iranians will no doubt be able to tell where the aircraft flew. A bigger U.S. concern, the official said, was that the Iranians are likely to share or sell whatever they have recovered of the aircraft to the Chinese, Russians or others. The official spoke on condition of anonymity because of the sensitive nature of the mission.

Experts and officials acknowledge that there is no self-destruct mechanism on the Sentinels — which are used both by the military and the CIA for classified surveillance and intelligence gathering missions.

. . .

U.S. officials said that while they have enough information to confirm that Iran does have the wreckage, they said they are not sure what the Iranians will be able to glean technologically from what they found. It is unlikely that Iran would be able to recover any surveillance data from the aircraft.

See also:
US admits downed drone spied on Iran
Iran says US spy drone was flying deep inside its airspace when it was downed
Malfunction likely put U.S. drone in Iranian hands
Iran Probably Did Capture a Secret U.S. Drone
U.S. Military Sources: Iran Has Missing U.S. Drone
Drone that crashed in Iran may give away U.S. secrets
China, Russia want to inspect downed U.S. drone
Sentinel unmanned drone lost in Iran among US most valuable warfare assets
Drone belonged to CIA, officials say
Downed drone was on CIA mission
Officials: Drone downed in Iran on CIA mission
Drone Lost in Iran Was Joint CIA-Military Reconnaissance Plane
Iran’s downing of U.S. drone rattles Washington
US ‘concerned’ over drone lost near Iran border
Experts: Iran capture of stealth drone no worry
US considered missions to destroy RQ-170 Sentinel drone lost in Iran
Spy drone may provide little help to Iran
U.S. debated sending commandos into Iran to recover drone
U.S. Made Covert Plan to Retrieve Iran Drone
Iran: The Stealth War Continues
Drone Drama Proves Iran Is Ready to Rumble
Stealth drone highlights tougher U.S. strategy on Iran
U.S. drones have been spying on Iran for years

The good news is that we seem to be paying close attention to what Iran is up to, have been for years, and can penetrate Iranian airspace with near impunity. These past and, hopefully, ongoing intelligence gathering and surveillance activities should help provide a detailed blueprint for when push comes to shove and Iran has to be dealt with militarily, which is sure to eventually become a necessity.

/that said, it’s a total unforced strategic error to just let Iran have this advanced technology drone, to share with or sell to other potential enemies of the United States, would it have killed us, if we didn’t want to risk lives to recover the Sentinel, to at least launch an airstrike package to obliterate the wreckage?

Advertisements

Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

Back In The Soyuz Again?

The good news is that we probably won’t have to abandon the International Space Station after all. The bad news is that we’re still dependent on the Russians to get our astronauts there.

NASA Confirms Russian Soyuz Failure Findings

An independent NASA panel reviewing data related to the Aug. 24 failure of the Russian Soyuz rocket transporting cargo to the International Space Station has confirmed that the Russian space agency correctly identified the cause of the problem and is taking appropriate steps to resolve it before the rocket’s next launch scheduled for Oct. 30, said William H. Gerstenmaier, associate administrator for NASA’s Human Exploration and Operations Mission Directorate.

The Russian space agency, Roscosmos, determined that the most likely cause of the failure was contamination in the rocket’s fuel lines or stabilizer valve, which caused low fuel supply to the gas generator, Gerstenmaier told lawmakers Oct. 12 during a hearing of the House Science, Space and Technology Committee’s space and aeronautics panel.

See also:
NASA review clears way for manned Soyuz flights
Russian Soyuz Recovery Strategy Endorsed
NASA ‘confident’ Russia’s Soyuz rocket safe
NASA says Soyuz rockets safe for American astronauts
Russian Rocket Failure Shouldn’t Force Space Station Evacuation, NASA Tells Lawmakers
NASA Gives Blessing for Soyuz Rocket, Which is Ready for Takeoff [PHOTOS]
August’s Russian rocket failure is unlikely to force evacuation of the International Space Station
NASA Says Russian Soyuz Flight Risk Low
NASA offers Congress assurances over space station

Hopefully, the Russians have come to the correct conclusion as to what the glitch was on last August’s failed resupply flight and have taken the proper actions to fix the problem.

/although I’d feel a whole lot better if the next Soyuz flight, the first since the August crash, wasn’t manned, just in case the Russians still have it wrong

Night Dragon Strikes

How many intrusions by Chinese hackers does it take and how much technology data has to be stolen before U.S. companies start seriously defending themselves?

‘Sloppy’ Chinese hackers scored data-theft coup with ‘Night Dragon’

Chinese hackers who were “incredibly sloppy” still managed to steal gigabytes of data from Western energy companies, a McAfee executive said today.

“They were very unsophisticated,” said Dmitri Alperovitch, vice president of threat research at McAfee, speaking of the attackers. “They were incredibly sloppy, made mistakes and left lots of evidence.”

The attacks, which McAfee has dubbed “Night Dragon” and had tracked since November 2009, may have started two years earlier. They are still occurring.

Night Dragon targeted at least five Western oil, gas and petrochemical companies, all multinational corporations, said Alperovitch, who declined to identify the firms. Some are clients of McAfee, which was called in to investigate.

According to McAfee, the attacks infiltrated energy companies’ networks, and made off with gigabytes of proprietary information about contracts, oil- and gas-field operations, and the details on the SCADA (supervisory control and data acquisition) systems used to manage and monitor the firms’ facilities.

See also:
McAfee: Night Dragon Cyber-Attack Unsophisticated but Effective
‘Night Dragon’ Attacks From China Strike Energy Companies
Oil Firms Hit by Hackers From China, Report Says
Chinese hackers targeted energy multinationals, claims McAfee
Night dragon attacks petrol companies
China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks, McAfee says
Hackers in China have hit oil and gas companies: McAfee report
Chinese hackers steal “confidential information” of five global oil companies: McAfee
Chinese Technician Denies Knowledge of Hacking
China Hacks Big Oil
Chinese hackers break into five oil multinationals
Chinese hackers ‘hit Western oil firms’

Repeat after me, China is not our friend. They don’t create innovative technology, they steal it. Hacking in China is a state-sponsored industry. Furthermore, the oil and gas industry is critical infrastructure, vital to our national security.

/these were unsophisticated attacks, meant only to steal data, and these energy companies couldn’t defend against them, what will happen when Chinese hackers unleash much more sophisticated attacks against our energy infrastructure, with the intent to inflict maximum damage and destruction?

Goldilocks And The Five Planets

Book your travel plans early, the closest one is millions of years of travel time away.

NASA finds dozens of planets that might support life

A catalog of possible planets discovered far out in space includes more than 50 candidates that could possibly support life, NASA scientists said Wednesday. If, as expected, most of the planets are confirmed as real, the Kepler mission — now finishing its second year — would nearly triple the number of planets discovered over the last decade and a half.

With 1,235 planetary candidates surrounding a collective 997 stars in an area 500 to 3,000 light-years away, the tally to date provides a wealth of data for scientists to sift through in search of Earth-like planets.

“This is the first step in understanding the possible distribution of life in our galaxy,” said William Borucki, principal investigator for the Kepler mission at NASA Ames Research Center in the Bay Area’s Moffett Field.

He noted that of the candidate planets, 54 reside in the so-called Goldilocks range — in a “just right” distance from its star to be neither too hot nor too cold to permit liquid water and therefore the presence of life as we know it. Five of those 54 are close to Earth’s size.

The space-based Kepler telescope, which circles the sun trailing Earth’s orbit, observes more than 155,000 stars and every half-hour measures the amount of light they give off. If a planet is orbiting a star, it is detectable because it temporarily blocks a bit of light each time it crosses in front of its star.

See also:
5 Earth-sized planets spied in ‘habitable zone’
NASA spots 54 potentially life-friendly planets
NASA spots 54 potentially life-friendly planets
1,235 alien planets out there?
Kepler space telescope is finding a cornucopia of possible planets
NASA reveals more than 1,200 potential planets
Hunt for planets yields surprises
Kepler space telescope spots five Earth-sized planets in our galaxy
NASA Detects Potential ‘Habitable Zone’ Planets
Kepler: Home Page
Kepler (spacecraft)

Well, this is a great scientific achievement, but I’m not sure what practical value there is in it. Okay, so there’s all these possibly habitable planets, so what?

/we’ll never get there to find out for sure.

All Your Internet Are Belong To China For 18 Minutes

Well, this is certainly disconcerting news.

Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic

For 18 minutes in April, China’s state-controlled telecommunications company hijacked 15 percent of the world’s Internet traffic, including data from U.S. military, civilian organizations and those of other U.S. allies.

This massive redirection of data has received scant attention in the mainstream media because the mechanics of how the hijacking was carried out and the implications of the incident are difficult for those outside the cybersecurity community to grasp, said a top security expert at McAfee, the world’s largest dedicated Internet security company.

In short, the Chinese could have carried out eavesdropping on unprotected communications — including emails and instant messaging — manipulated data passing through their country or decrypted messages, Dmitri Alperovitch, vice president of threat research at McAfee said.

Nobody outside of China can say, at least publicly, what happened to the terabytes of data after the traffic entered China.

The incident may receive more attention when the U.S.-China Economic and Security Review Commission, a congressional committee, releases its annual report on the bilateral relationship Nov. 17. A commission press release said the 2010 report will address “the increasingly sophisticated nature of malicious computer activity associated with China.”

Said Alperovitch: “This is one of the biggest — if not the biggest hijacks — we have ever seen.” And it could happen again, anywhere and anytime. It’s just the way the Internet works, he explained. “What happened to the traffic while it was in China? No one knows.”

See also:
U.S.-China Economic and Security Review Commission
Release of 2010 Annual Report to Congress

Report: China hijacked U.S. Internet data
Internet Traffic from U.S. Government Websites Was Redirected Via Chinese Servers
Internet traffic was routed via Chinese servers
15 percent of the world’s Internet traffic was hijacked to China, in April
Worldwide Internet Security Breach Points to China
15 Percent of Internet Traffic Was Redirected Through Chinese Servers, Report
China Hijacked 15% of US Internet Traffic-and no one noticed
China hijacks 15% of internet, inluding military data
Internet Traffic from U.S. Government Websites Was Reportedly Routed Via Chinese Servers

It’s just another episode in China’s ongoing undeclared covert war against the United States and other Western countries. Hopefully, we’re fighting back.

/one thing’s for sure, China is not our friend