Sentinel Down

And yet again, after leaving behind a cutting edge stealth helicopter during the bin Laden raid, the U.S. conducts another, involuntary, state-of-the-art military technology transfer to the enemy.

Iran’s capture of US drone shines light on spy mission, but may reveal little

The Iranian capture of a high-tech, stealth U.S. drone shines a light on the American spying mission there, but probably doesn’t tell Tehran much that it didn’t already know, a senior U.S. official said.

The RQ-170 Sentinel was providing surveillance over Iran and didn’t just accidentally wander away from the Afghanistan border region, as first suggested. The official said Wednesday that the Iranians will no doubt be able to tell where the aircraft flew. A bigger U.S. concern, the official said, was that the Iranians are likely to share or sell whatever they have recovered of the aircraft to the Chinese, Russians or others. The official spoke on condition of anonymity because of the sensitive nature of the mission.

Experts and officials acknowledge that there is no self-destruct mechanism on the Sentinels — which are used both by the military and the CIA for classified surveillance and intelligence gathering missions.

. . .

U.S. officials said that while they have enough information to confirm that Iran does have the wreckage, they said they are not sure what the Iranians will be able to glean technologically from what they found. It is unlikely that Iran would be able to recover any surveillance data from the aircraft.

See also:
US admits downed drone spied on Iran
Iran says US spy drone was flying deep inside its airspace when it was downed
Malfunction likely put U.S. drone in Iranian hands
Iran Probably Did Capture a Secret U.S. Drone
U.S. Military Sources: Iran Has Missing U.S. Drone
Drone that crashed in Iran may give away U.S. secrets
China, Russia want to inspect downed U.S. drone
Sentinel unmanned drone lost in Iran among US most valuable warfare assets
Drone belonged to CIA, officials say
Downed drone was on CIA mission
Officials: Drone downed in Iran on CIA mission
Drone Lost in Iran Was Joint CIA-Military Reconnaissance Plane
Iran’s downing of U.S. drone rattles Washington
US ‘concerned’ over drone lost near Iran border
Experts: Iran capture of stealth drone no worry
US considered missions to destroy RQ-170 Sentinel drone lost in Iran
Spy drone may provide little help to Iran
U.S. debated sending commandos into Iran to recover drone
U.S. Made Covert Plan to Retrieve Iran Drone
Iran: The Stealth War Continues
Drone Drama Proves Iran Is Ready to Rumble
Stealth drone highlights tougher U.S. strategy on Iran
U.S. drones have been spying on Iran for years

The good news is that we seem to be paying close attention to what Iran is up to, have been for years, and can penetrate Iranian airspace with near impunity. These past and, hopefully, ongoing intelligence gathering and surveillance activities should help provide a detailed blueprint for when push comes to shove and Iran has to be dealt with militarily, which is sure to eventually become a necessity.

/that said, it’s a total unforced strategic error to just let Iran have this advanced technology drone, to share with or sell to other potential enemies of the United States, would it have killed us, if we didn’t want to risk lives to recover the Sentinel, to at least launch an airstrike package to obliterate the wreckage?

Advertisements

Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities