Duqu Shoots, It Scores!

Duqu goes in where Stuxnet has been . . .

Iran claims defence computer systems hit by another ‘supervirus’

Anti-virus experts last month identified a virus called “Duqu” that they said shared properties with the now famous “Stuxnet” worm, which spread across the world but is thought to have been successfully targeted at the nuclear programme’s centrifuges, the devices that enrich uranium to create nuclear fuel.

It was not clear on Monday from the Iranian statement whether Duqu had also struck nuclear facilities, but it was the first admission of damage.

“We are in the initial phase of fighting the Duqu virus,” Gholamreza Jalali, the head of Iran’s civil defence programme, said. “The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet.

See also:
Iran Working to Control Duqu Virus Attack
Iran detects Duqu virus in system
Duqu Virus Detected in Iran
Iran says has detected Duqu computer virus
Iran finds Duqu-infected systems
Duqu infiltrates Iranian networks
Iran admits Duqu attack; denies report its nukes are for war, not power
Iran detects Duqu infections
Iran wrestles Duqu malware infestation
Security researcher says Iran to blame for its own Duqu infections
Iran claims Duqu virus aimed at sabotaging its nuclear sites
‘Duqu virus aiming at Iran’s nuclear sites’
Iranians say nuke project hit by new computer virus
Iran produces antivirus software against new worm
Iran Develops Software to Thwart Duqu Virus Attack
‘Iran can thwart Duqu spyware’
Iran says Duqu malware under ‘control’
Iran says it has ‘controlled’ Duqu malware attack
Beyond Stuxnet

Duqu is the, arguably more sophisticated, follow on to Stuxnet, which took control of Iranian uranium enrichment centrifuges and spun them at speeds well beyond their design capability until they failed. Stuxnet was an offensive weapon. Unlike Stuxnet, Duqu is, at least so far, strictly a reconnaissance tool, gathering and reporting back information on systems related to Iran’s nuclear program, preparing the battlespace as a prelude to a future attack if you will. Whether the next attack will be another
Stuxnet like cyberstrike or physically digging in the Iranian dirt is a layman’s guess. One thing’s for sure, the next attack on Iran’s nuclear program is coming and Iran won’t be able to stop it.

Iran claims to have thwarted Duqu but, then again, they said the same thing about Stuxnet and Stuxnet blew out their centrifuges. Anyway, if Iran is just now admitting that they’ve been infected by Duqu, Duqu may have already accomplished its reconnaissance mission and gone dormant. Whatever information Iran releases publicly is pretty much a lie, propaganda, you can safely assume that whenever they acknowledge their nuclear program has been compromised, the damage is much worse than they’re letting on.

And remember, whether it’s another cyberattack or airstrikes against Iranian nuclear facilities, all it does is buy us time. Stuxnet set the Iranians back, but it didn’t deter them. Destroying some of their nuclear facilities won’t deter them either, in fact, it’ll probably make them even more defiant. The only endgame that will bring closure is regime change. And think about it, if we do that, we’ve just resolved 70+% of the world’s instability problems.

/my vote is for a comprehensive, all hands on deck, leave no stone unturned, decapitation campaign, Mullahs and the Republican Guard gots to live and work somewhere and I bet we have the GPS coordinates

Advertisements

Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Enriching Uranium Can Be Hazardous To Your Health

Someone’s sending a pretty clear message. Do you want to work on Iran’s nuclear program or do you want to live?

Analysts believe Iran scientist death was a foreign hit

Western security agencies were most likely behind the killing of an Iranian scientist in an operation that underlines the myriad complications in the conflict over Iran’s nuclear program, analysts say.

Darioush Rezaie, 35, a university lecturer, was shot dead by gunmen in eastern Tehran Saturday, the third murder of a scientist since 2009. One was killed in a car bomb, the second by a device detonated remotely.

See also:
Third Iranian nuclear scientist shot dead
Western intelligence killed Iran scientist: Analysts
Iranian Nuclear Scientist ‘Assassinated’
Iranian nuclear scientist killed
Iran blamed US, Israel for killing of scientist
Iran accuses U.S., Israel of being involved in assassinating academic
US rejects Iran accusations in scientist’s death
US denies killing scientist, presses Iran
‘West’s involvement in hit on scientist uncertain’
Report: Iran denies Darioush Rezaie was a nuclear scientist

Granted, killing Iran’s nuclear scientists isn’t the most effective or efficient way to stop Iran from developing nuclear weapons but, then again, it may be one of the only viable options left to the West at this point. That is, if Western intelligence agencies were responsible for the assassinations, which they deny.

/in any case, at least someone is doing something to try and hamstring Iran’s nefarious nuclear ambitions

They Got Fooled Again

Much like the United States, Iran seems to have a real problem protecting its computer networks. Someone seems to be obsessed with sabotaging their nuclear program. I wonder who that might be?

Second computer virus infiltrates Iran’s computer systems

Iran has discovered a second computer virus designed to damage government computer systems.

The discovery of the virus, called Stars, was announced Monday by a senior Iranian official, Gholam-Reza Jalali, head of an Iranian cyberdefense agency, according to reports.

Jalali said in a statement that the damage from the virus, which looks like a regular government computer file, has been minimal and that Iranian scientists are currently studying the virus.

The virus was aimed at nuclear facilities, according to the Washington Post, and seems to suggest “a broader campaign by foreign saboteurs to undermine Iran’s atomic energy program.”

See also:
New Computer Strike Could Target Iranian Atomic Sites
Fresh Virus Outbreak Affects Iran’s Computer Systems
Iran discovers 2nd virus attack
New cyber attack targets Iran
Iran Claims Stars Virus a Second Cyber-Attack
Iranian official: New computer worm discovered
Iran investigates Stars virus
Iran Says It Was Targeted With Second Worm, Stars
As the Worm Turns: Iran Sees Stars
Iran says is uncovers second cyber attack
Iran Under Fresh Malware Attack
Security experts can’t verify Iran’s claims of new worm
Is the Stars Worm Just a Hoax?

Well, I certainly hope the Stars virus attack on Iran’s nuclear program isn’t a hoax and does as much damage as the Stuxnet worm, which was apparently wildly more effective than Iran is admitting to.

/you’ll note that Iran still hasn’t managed to power up the Bushehr reactor, which is as good a yardstick as any that their nuclear program has been ground to a halt

Pushing The Cyberwarfare Envelope

A computer worm so sophisticated that it attacks specific targets in specific countries, gee I wonder who would be capable of developing something that advanced?

Stuxnet Compromise at Iranian Nuclear Plant May Be By Design

Iran has confirmed that more than 30,000 PCs have been infected by the Stuxnet worm in that country, including some at the Bushehr nuclear power plant. The nature of the Stuxnet worm and the infiltration of Iranian nuclear facilities has led to speculation about whether the worm was developed by the United States or its allies expressly for that purpose.

The Pentagon response to the implication is the standard cagey reply given for just about anything related to national security or military engagements. Fox News reports that, “Pentagon Spokesman Col. David Lapan said Monday the Department of Defense can “neither confirm nor deny” reports that it launched this attack.”

McAfee AVERT Labs has a thorough analysis of the Stuxnet worm which explains the threat in detail. “Stuxnet is a highly complex virus targeting Siemens’ SCADA software. The threat exploits a previously unpatched vulnerability in Siemens SIMATIC WinCC/STEP 7 (CVE-2010-2772) and four vulnerabilities in Microsoft Windows, two of which have been patched at this time (CVE-2010-2568, CVE-2010-2729). It also utilizes a rootkit to conceal its presence, as well as 2 different stolen digital certificates.”

Another interesting tidbit from McAfee supporting the speculation that Iran may have been the intended target of Stuxnet is that the initial discovery seemed to be primarily focused in the Middle East.

Speaking on the subject of whether the threat may have been specifically crafted for Iran, Randy Abrams, director of technical education at ESET said, “It appears that it is possible that Stuxnet may have been responsible for problems in Iran’s nuclear program over the past year, however that is speculation and it is unlikely that the Iranian government is going to say if that was the case. It is even possible that it was the case and they don’t know it.”

Abrams added, “It is entirely possible that Stuxnet was created by the United States working alone or in conjunction with allies. The fact that it is possible does not indicate it is true however. There have been a number of recent defections in Iran. It is also possible that this was an internal attack. There is still a legitimate question as to whether or not Iran was actually the target.”

See also:
Stuxnet Update
Iranian power plant infected by Stuxnet, allegedly undamaged
Iran admits Stuxnet worm infected PCs at nuclear reactor
Pentagon Silent on Iranian Nuke Virus
Stuxnet Worm Affects 30,000 Computers in Iran
Stuxnet worm assault on Iranian nuclear facilities’ computers may be Western cyber attack: experts
Computer worm infects Iran’s nuclear station
Stuxnet: Future of warfare? Or just lax security?
Stuxnet – a new age in cyber warfare says Eugene Kaspersky
Has the West declared cyber war on Iran?
Web virus aimed at nuclear work, says Tehran
Report: Stuxnet Worm Attacks Iran, Who is Behind It?
US, Israel behind cyber-attack on Iran?

Well, diplomacy sure as hell isn’t working and no one really wants to launch airstrikes against the Iranian nuclear facilities, especially fraidy cat Obama. So, maybe this is a third option, use the Iranians’ own computers to remotely destroy their nuclear related equipment, perfect, if it actually works. I know I’ve got my fingers crossed. Go U.S. or go Israel or go whoever is responsible for this brilliant plan!

/all your nuclear related computers are belong to us!

Great Prophet 5, Can We Play Too?

Iran war games begin with new ‘ultra fast’ speed boats

At the start of three days of war games in the Persian Gulf, Iran is trumpeting the launch of a new weapon: an “ultra-fast” watercraft.

Iranian television Wednesday showed dozens of speedboats with flags flying as they raced across shimmering waters toward mock target ships, firing rockets and heavy machine guns with a fusillade that caused explosions and columns of billowing black smoke.

State-run PressTV reported that “Iran is showing off its military might” and that the “world got its first glimpse” of the boat. The annual war games were launched months earlier than usual by Revolutionary Guard, as international pressure builds on Iran over its nuclear program.

. . .

Great Prophet: the fifth sequel

Called “Great Prophet V,” the exercise included more than 300 speedboats in combination with ground forces and air units. Iranian news footage showed commandos landing on one of the target ships amid the smoke.

“The most important message from the exercises in the face of American nuclear threats is that we will strongly resist them,” said Ali Shirazi, the representative of Ayatollah Khamenei to Revolutionary Guard naval forces, according to Iran’s official news agency IRNA.

Military spokesman Ali Reza Tangsiri said the new “Ya Mahdi” attack boat – named after the Shiite Muslim messiah who is expected to one day return and bring universal justice – was “less detectable by radar” because of its “high speed.”

“The Strait of Hormuz belongs to the region and foreigners must not intervene in it. We want to keep it safe and secure,” Mr. Tangsiri said according to the ISNA news agency, as translated by Agence France-Presse.

See also:
Iran Begins War Games In Persian Gulf, Strait of Hormuz
Iran: First Day of War Games a Success
Iran begins war games in Persian Gulf oil route
Decrying U.S., Iran Begins War Games
Iran Launches War Games, Lobbies Against Sanctions
Iran Unveils Stealth Warship In Persian Gulf War Game
Iran Claims Launch Of Speed Boat Capable Of Destroying Enemy Ships
IRAN: Revolutionary Guard to conduct war games amid heightened nuclear tensions
IRGC to Test Fire Different Missiles in Naval Wargames

Great Prophet 5 looks more like a water ski show than a military exercise, nothing helicopters and Mark 75 3″ guns can’t handle. “Less detectable by radar”? I’ll bet there’s quite a few U.S. Navy radar operators laughing their asses off right about now.

/color me unimpressed, we sank their navy once, we can sink it again

Well, Well, Look What We Found

EXCLUSIVE: Iran Nuclear Scientist Defects to U.S. In CIA ‘Intelligence Coup’

An award-winning Iranian nuclear scientist, who disappeared last year under mysterious circumstances, has defected to the CIA and been resettled in the United States, according to people briefed on the operation by intelligence officials.

Award-winning nuclear physicist helped CIA spy on Iran’s nuclear program.The officials were said to have termed the defection of the scientist, Shahram Amiri, “an intelligence coup” in the continuing CIA operation to spy on and undermine Iran’s nuclear program.

A spokesperson for the CIA declined to comment. In its declassified annual report to Congress, the CIA said, “Iran is keeping open the option to develop nuclear weapons though we do not know whether Tehran eventually will decide to produce nuclear weapons.”

Amiri, a nuclear physicist in his early 30s, went missing last June three days after arriving in Saudi Arabia on a pilgrimage, according to the Iranian government. He worked at Tehran’s Malek Ashtar University, which is closely connected to Iran’s Revolutionary Guard, according to the Associated Press.

“The significance of the coup will depend on how much the scientist knew in the compartmentalized Iranian nuclear program,” said former White House counter-terrorism official Richard Clarke, an ABC News consultant. “Just taking one scientist out of the program will not really disrupt it.”

Iran’s Foreign Minister, Manouchehr Mottaki, and other Iranian officials last year blamed the U.S. for “kidnapping” Amiri, but his whereabouts had remained a mystery until now.

See also:
Defection of Iranian nuclear scientist Shahram Amiri ‘a CIA coup’
Iranian scientist defects: US covert ops hurt Iran nuclear program
Report: Nuclear Scientist Quits Iran for US
The CIA organized the escape of an Iranian nuclear scientist
Espionage helps sow seeds of paranoia in Tehran
Report: Iranian nuclear scientist defects to US
A defect(ion) in Iran’s nuclear program
Shahram Amiri
All Your Iranian Nuclear Scientists Are Belong To US

Although this is surely a nice bit of U.S. espionage, it’s highly unlikely that the defection of this one Iranian scientist yielded enough information for us to fully pinpoint the extent of Iran’s nuclear weapons program. In fact, it’s been so long without any meaningful punitive sanctions or military action, that Iran has had more than enough time to surreptitiously disperse their nuclear research facilities to the point where any attempted military action against them would almost certainly be an exercise in futility. Iran has also had enough uninterrupted time to perfect the nuclear fuel cycle and weaponization processes. In other words, at this point, it’s highly probable that Iran’s nuclear weapons program is now unstoppable and the Iranians will eventually field a deliverable nuclear device. We’re now totally screwed by our own decades of handwringing and inaction.

/I can only pray to God that we don’t give up on our missile defense technology too, it might be our last trump card left