Duqu Shoots, It Scores!

Duqu goes in where Stuxnet has been . . .

Iran claims defence computer systems hit by another ‘supervirus’

Anti-virus experts last month identified a virus called “Duqu” that they said shared properties with the now famous “Stuxnet” worm, which spread across the world but is thought to have been successfully targeted at the nuclear programme’s centrifuges, the devices that enrich uranium to create nuclear fuel.

It was not clear on Monday from the Iranian statement whether Duqu had also struck nuclear facilities, but it was the first admission of damage.

“We are in the initial phase of fighting the Duqu virus,” Gholamreza Jalali, the head of Iran’s civil defence programme, said. “The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet.

See also:
Iran Working to Control Duqu Virus Attack
Iran detects Duqu virus in system
Duqu Virus Detected in Iran
Iran says has detected Duqu computer virus
Iran finds Duqu-infected systems
Duqu infiltrates Iranian networks
Iran admits Duqu attack; denies report its nukes are for war, not power
Iran detects Duqu infections
Iran wrestles Duqu malware infestation
Security researcher says Iran to blame for its own Duqu infections
Iran claims Duqu virus aimed at sabotaging its nuclear sites
‘Duqu virus aiming at Iran’s nuclear sites’
Iranians say nuke project hit by new computer virus
Iran produces antivirus software against new worm
Iran Develops Software to Thwart Duqu Virus Attack
‘Iran can thwart Duqu spyware’
Iran says Duqu malware under ‘control’
Iran says it has ‘controlled’ Duqu malware attack
Beyond Stuxnet

Duqu is the, arguably more sophisticated, follow on to Stuxnet, which took control of Iranian uranium enrichment centrifuges and spun them at speeds well beyond their design capability until they failed. Stuxnet was an offensive weapon. Unlike Stuxnet, Duqu is, at least so far, strictly a reconnaissance tool, gathering and reporting back information on systems related to Iran’s nuclear program, preparing the battlespace as a prelude to a future attack if you will. Whether the next attack will be another
Stuxnet like cyberstrike or physically digging in the Iranian dirt is a layman’s guess. One thing’s for sure, the next attack on Iran’s nuclear program is coming and Iran won’t be able to stop it.

Iran claims to have thwarted Duqu but, then again, they said the same thing about Stuxnet and Stuxnet blew out their centrifuges. Anyway, if Iran is just now admitting that they’ve been infected by Duqu, Duqu may have already accomplished its reconnaissance mission and gone dormant. Whatever information Iran releases publicly is pretty much a lie, propaganda, you can safely assume that whenever they acknowledge their nuclear program has been compromised, the damage is much worse than they’re letting on.

And remember, whether it’s another cyberattack or airstrikes against Iranian nuclear facilities, all it does is buy us time. Stuxnet set the Iranians back, but it didn’t deter them. Destroying some of their nuclear facilities won’t deter them either, in fact, it’ll probably make them even more defiant. The only endgame that will bring closure is regime change. And think about it, if we do that, we’ve just resolved 70+% of the world’s instability problems.

/my vote is for a comprehensive, all hands on deck, leave no stone unturned, decapitation campaign, Mullahs and the Republican Guard gots to live and work somewhere and I bet we have the GPS coordinates

Have We Attacked China Yet?

No sooner was it publicly revealed that the United States would now treat damaging cyberattacks by other nations as an act of war, threatening retaliation with conventional weapons, the new, bold, some say foolish, policy, was immediately put to the test.

China Google hackers’ goal: Spying on U.S. Govt.

It’s the second time Google has blamed a major computer hacking scheme on China, reports CBS News correspondent Wyatt Andrews.

This time Google says unknown hackers from Jinan, China, a city with a military command center, stole the personal Gmail passwords of hundreds of senior U.S .government officials.

Google said the hackers’ “goal” was to eavesdrop on the officials — “to monitor the content of the users’ emails.”

That suggestion — of spying — rang alarm bells in the Administration.

“These allegations are very serious,” said Secretary of State Hillary Clinton. “We take them seriously. We’re looking into them.”

See also:
Clinton: Google’s China Hacking Claims ‘Very Serious’
Hillary Clinton says FBI will probe Gmail hacker attack
US Investigating Google Claim of China Hacking
FBI Investigating Google Claim that China Hacked Them
Google breach gives way to diplomatic, high-tech tensions
China Denies Accessing High Profile Gmail Accounts
Google’s groundless accuses hurt global trust on Internet
The Google-China Saga Continues
Admin: Gmail phishers stalked victims for months
Gmail Hack Targeted White House
Cyber war: Google, China in fresh spat over email hacking
Google, what exactly is the China connection for the phishing scare?
Is Google an agent of the US Government? It certainly gives that impression

So far, the U.S. has uncovered a successful espionage phishing expedition, against top level U.S. Government officials, tracked back to a specific Chinese city. Why aren’t we bombing China, isn’t this a perfect situation to show how our new military policy will treat hacking intrusions like this as acts of war? Unfortunately for us, China denies the attack and, as I pointed out yesterday, it’s extremely difficult to be absolutely sure as to the origins of cyberattacks like this, so we do nothing and our brand new policy looks foolish and radiates national weakness.

/instead of making toothless threats to send missile strikes in response to hack attacks, why don’t we just send the Chinese back a nice Stuxnet worm or take down Baidu with a complimentary DoS attack

They Got Fooled Again

Much like the United States, Iran seems to have a real problem protecting its computer networks. Someone seems to be obsessed with sabotaging their nuclear program. I wonder who that might be?

Second computer virus infiltrates Iran’s computer systems

Iran has discovered a second computer virus designed to damage government computer systems.

The discovery of the virus, called Stars, was announced Monday by a senior Iranian official, Gholam-Reza Jalali, head of an Iranian cyberdefense agency, according to reports.

Jalali said in a statement that the damage from the virus, which looks like a regular government computer file, has been minimal and that Iranian scientists are currently studying the virus.

The virus was aimed at nuclear facilities, according to the Washington Post, and seems to suggest “a broader campaign by foreign saboteurs to undermine Iran’s atomic energy program.”

See also:
New Computer Strike Could Target Iranian Atomic Sites
Fresh Virus Outbreak Affects Iran’s Computer Systems
Iran discovers 2nd virus attack
New cyber attack targets Iran
Iran Claims Stars Virus a Second Cyber-Attack
Iranian official: New computer worm discovered
Iran investigates Stars virus
Iran Says It Was Targeted With Second Worm, Stars
As the Worm Turns: Iran Sees Stars
Iran says is uncovers second cyber attack
Iran Under Fresh Malware Attack
Security experts can’t verify Iran’s claims of new worm
Is the Stars Worm Just a Hoax?

Well, I certainly hope the Stars virus attack on Iran’s nuclear program isn’t a hoax and does as much damage as the Stuxnet worm, which was apparently wildly more effective than Iran is admitting to.

/you’ll note that Iran still hasn’t managed to power up the Bushehr reactor, which is as good a yardstick as any that their nuclear program has been ground to a halt

Stuxnet Shoots, It Scores!

Gee, sounds like the pump was continuously running well outside its design parameters while indicating normal operation on its control instrumentation, which is is exactly what Stuxnet was designed to do, run machinery beyond tolerance limits while spoofing the performance display readouts with fake data.

IAEA says Iran’s Bushehr delays were caused by pump

Iran was believed to have told the UN atomic watchdog that a broken pump had made it necessary to remove fuel from its first nuclear power reactor, independent experts familiar with the issue said on Monday.

The experts, who declined to be named due to the sensitivity of the issue, said it was a potentially serious problem likely to cause more delays for the Russian-built Bushehr plant, which has yet to start injecting power into Iran’s national grid.

“I think what happened is that the pump failed but it didn’t just fail, it broke up, so that … there are pieces of metal that are now circulated throughout the primary cooling system,” one of them said.

See also:
Breakage in Iranian Reactor Forced Fuel Removal: Russia
Iranian reactor stalled by damaged pump
New setback at Iran’s Bushehr plant
Iran blames broken pump for atom fuel removal-experts
Russia says why Iranian nuclear plant was unloaded
In setback, Iran to unload fuel from nuclear plant
Iran Pulls Fuel From Bushehr Plant Just Before Power Project Scheduled to Go Online
Iran removing nuclear fuel from plant
Iran to unload nuclear fuel from Bushehr plant
Bushehr plant fuel delayed
Bushehr reactor to be emptied
Iran: Removal of fuel rods has nothing to do with Stuxnet

Of course it’s just speculation and no one will actually admit that the pump disintegration was cased by Stuxnet. However, a pump like this would normally give some manner of warning to the operators that the pump was malfunctioning, this one didn’t, it continued to run until it “broke up”. Coincidentally, Stuxnet was designed to cause precisely this type of damage, with no warning, to industrial equipment. Believe it or not.

/in any case, with tiny pieces of metal strewn throughout the reactor’s cooling system and possibly contaminating the nuclear fuel rods, this mess is going to take quite some time to clean up and then it just might happen again

It’s Another New Record And For All The Wrong Reasons

It’s Tuesday, and we all know what fun event happens on Tuesdays.

Patch Tuesday brings record harvest of security fixes

Run Windows? Notice a little icon toward the bottom right of the screen that wasn’t there last night? Please don’t ignore it. That icon is your cue to take part in the monthly Microsoft ritual called Patch Tuesday.

For this month, Microsoft shipped a set of 16 patches that close a record 49 vulnerabilities in such software as Internet Explorer, Word and Windows Media Player.

Many of these holes allow a remote takeover of your computer, in some cases after you do nothing wrong beside visit the wrong Web page. One such opening has frequently been exploited by the Stuxnet worm that’s been running around the world.

Your computer should at least download, if not download and install, these updates for you. But if not, don’t reject Windows’ attempt to help you out. Click that icon, look over the resulting list of security updates, and install them.

See also:
Microsoft security updates for October 2010
Microsoft Plugs a Record 49 Security Holes
It’s Microsoft Patch Tuesday: October 2010
Microsoft Unleashes Massive Security Patch
Microsoft fixes record 49 holes, including Stuxnet flaw
Microsoft Releases Biggest-ever Security Update
Patch Tuesday: Critical flaws haunt Microsoft Office, IE browser
Microsoft Patches Stuxnet Vulnerability in Massive Security Update
Microsoft releases fixes for record number of vulns
Microsoft aims barrage of fixes at Stuxnet and more

So, you know what to do, clean up after Microsoft’s crappy software before someone remotely takes over your computer with a worm and you become part of the problem.

/unless you’re Iranian, in which case there’s a special set of patches coming out for your computers and they download and install themselves so you don’t even need to worry about this latest bulletin

Pushing The Cyberwarfare Envelope

A computer worm so sophisticated that it attacks specific targets in specific countries, gee I wonder who would be capable of developing something that advanced?

Stuxnet Compromise at Iranian Nuclear Plant May Be By Design

Iran has confirmed that more than 30,000 PCs have been infected by the Stuxnet worm in that country, including some at the Bushehr nuclear power plant. The nature of the Stuxnet worm and the infiltration of Iranian nuclear facilities has led to speculation about whether the worm was developed by the United States or its allies expressly for that purpose.

The Pentagon response to the implication is the standard cagey reply given for just about anything related to national security or military engagements. Fox News reports that, “Pentagon Spokesman Col. David Lapan said Monday the Department of Defense can “neither confirm nor deny” reports that it launched this attack.”

McAfee AVERT Labs has a thorough analysis of the Stuxnet worm which explains the threat in detail. “Stuxnet is a highly complex virus targeting Siemens’ SCADA software. The threat exploits a previously unpatched vulnerability in Siemens SIMATIC WinCC/STEP 7 (CVE-2010-2772) and four vulnerabilities in Microsoft Windows, two of which have been patched at this time (CVE-2010-2568, CVE-2010-2729). It also utilizes a rootkit to conceal its presence, as well as 2 different stolen digital certificates.”

Another interesting tidbit from McAfee supporting the speculation that Iran may have been the intended target of Stuxnet is that the initial discovery seemed to be primarily focused in the Middle East.

Speaking on the subject of whether the threat may have been specifically crafted for Iran, Randy Abrams, director of technical education at ESET said, “It appears that it is possible that Stuxnet may have been responsible for problems in Iran’s nuclear program over the past year, however that is speculation and it is unlikely that the Iranian government is going to say if that was the case. It is even possible that it was the case and they don’t know it.”

Abrams added, “It is entirely possible that Stuxnet was created by the United States working alone or in conjunction with allies. The fact that it is possible does not indicate it is true however. There have been a number of recent defections in Iran. It is also possible that this was an internal attack. There is still a legitimate question as to whether or not Iran was actually the target.”

See also:
Stuxnet Update
Iranian power plant infected by Stuxnet, allegedly undamaged
Iran admits Stuxnet worm infected PCs at nuclear reactor
Pentagon Silent on Iranian Nuke Virus
Stuxnet Worm Affects 30,000 Computers in Iran
Stuxnet worm assault on Iranian nuclear facilities’ computers may be Western cyber attack: experts
Computer worm infects Iran’s nuclear station
Stuxnet: Future of warfare? Or just lax security?
Stuxnet – a new age in cyber warfare says Eugene Kaspersky
Has the West declared cyber war on Iran?
Web virus aimed at nuclear work, says Tehran
Report: Stuxnet Worm Attacks Iran, Who is Behind It?
US, Israel behind cyber-attack on Iran?

Well, diplomacy sure as hell isn’t working and no one really wants to launch airstrikes against the Iranian nuclear facilities, especially fraidy cat Obama. So, maybe this is a third option, use the Iranians’ own computers to remotely destroy their nuclear related equipment, perfect, if it actually works. I know I’ve got my fingers crossed. Go U.S. or go Israel or go whoever is responsible for this brilliant plan!

/all your nuclear related computers are belong to us!

Just Another Jumbo Sized, Incomplete Microsoft Patch Tuesday

Microsoft should just hire some of these hackers to code their software in the first place so they wouldn’t have to try and fix it every few weeks. It’d be cheaper and less of a hassle for everyone involved. Here’s the latest futile attempt at patching Windows.

Microsoft Patch Tuesday Bulletins Fix 11 Vulnerabilities

Microsoft has released nine security bulletins as part of its Patch Tuesday software update scheme.

The nine bulletins fix 11 security vulnerabilities found on Microsoft software.

According to the advisory, four security bulletins were marked as critical, out which, MS10-061 and MS10-062 ran the greatest risk of being exploited in the wild.

MS10-061 addressed a vulnerability in the Printer Spooler service, which could allow remote code execution from a malicious print request, tech news site eWeek reports.

The other critical vulnerability most likely to be exploited in the wild, MS10-062, could allow remote code execution by exploiting a vulnerability found in the way in which MPEG-4 codec dealt with media files.

See also:
Microsoft Security Bulletin Summary for September 2010
Microsoft Patch Tuesday for September 2010: nine bulletins
It’s Microsoft Patch Tuesday: September 2010
Large Patch Tuesday from Microsoft this month
Microsoft Patch Tuesday includes protection against Stuxnet worm
Patch Tuesday Fixes Another Stuxnet Vulnerability
Microsoft overlooks four Stuxnet zero-day bugs in Patch Tuesday
Microsoft Patch Tuesday halts two live attacks but offers no help for others
Microsoft Windows Update

Well, what are you waiting for? Get on with it, those updates aren’t going to install themselves!

/so, until the next Patch Tuesday . . .