A Preview Of Coming Attractions

So much for Homeland Security. From Russia, without love, hitting us where it really hurts.

Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says

Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.

Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.

See also:
Was U.S. water utility hacked last week?
Foreign cyber attack hits US infrastructure: expert
Illinois Water Utility Pump Destroyed After Hack
H(ackers)2O: Attack on City Water Station Destroys Pump
Cyberattack investigation centers on Curran-Gardner water pump
Feds investigating whether Illinois “pump failure” was cyber attack
Broken water pump in Illinois caused by cyber-attack from Russia, claims expert, but DOH denies terrorism
Cyberattack on Illinois water utility may confirm Stuxnet warnings
Water utility hackers destroy pump, expert says
UPDATE 3-U.S. probes cyber attack on water system

The SCADA vulnerabilities to a remote attack have been known for years. The solution is real simple, DON’T CONNECT YOUR CRITICAL INFRASTRUCTURE TO THE INTERNET!

/how hard is that, is it going to take a disaster for us to learn this basic lesson?

Duqu Shoots, It Scores!

Duqu goes in where Stuxnet has been . . .

Iran claims defence computer systems hit by another ‘supervirus’

Anti-virus experts last month identified a virus called “Duqu” that they said shared properties with the now famous “Stuxnet” worm, which spread across the world but is thought to have been successfully targeted at the nuclear programme’s centrifuges, the devices that enrich uranium to create nuclear fuel.

It was not clear on Monday from the Iranian statement whether Duqu had also struck nuclear facilities, but it was the first admission of damage.

“We are in the initial phase of fighting the Duqu virus,” Gholamreza Jalali, the head of Iran’s civil defence programme, said. “The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet.

See also:
Iran Working to Control Duqu Virus Attack
Iran detects Duqu virus in system
Duqu Virus Detected in Iran
Iran says has detected Duqu computer virus
Iran finds Duqu-infected systems
Duqu infiltrates Iranian networks
Iran admits Duqu attack; denies report its nukes are for war, not power
Iran detects Duqu infections
Iran wrestles Duqu malware infestation
Security researcher says Iran to blame for its own Duqu infections
Iran claims Duqu virus aimed at sabotaging its nuclear sites
‘Duqu virus aiming at Iran’s nuclear sites’
Iranians say nuke project hit by new computer virus
Iran produces antivirus software against new worm
Iran Develops Software to Thwart Duqu Virus Attack
‘Iran can thwart Duqu spyware’
Iran says Duqu malware under ‘control’
Iran says it has ‘controlled’ Duqu malware attack
Beyond Stuxnet

Duqu is the, arguably more sophisticated, follow on to Stuxnet, which took control of Iranian uranium enrichment centrifuges and spun them at speeds well beyond their design capability until they failed. Stuxnet was an offensive weapon. Unlike Stuxnet, Duqu is, at least so far, strictly a reconnaissance tool, gathering and reporting back information on systems related to Iran’s nuclear program, preparing the battlespace as a prelude to a future attack if you will. Whether the next attack will be another
Stuxnet like cyberstrike or physically digging in the Iranian dirt is a layman’s guess. One thing’s for sure, the next attack on Iran’s nuclear program is coming and Iran won’t be able to stop it.

Iran claims to have thwarted Duqu but, then again, they said the same thing about Stuxnet and Stuxnet blew out their centrifuges. Anyway, if Iran is just now admitting that they’ve been infected by Duqu, Duqu may have already accomplished its reconnaissance mission and gone dormant. Whatever information Iran releases publicly is pretty much a lie, propaganda, you can safely assume that whenever they acknowledge their nuclear program has been compromised, the damage is much worse than they’re letting on.

And remember, whether it’s another cyberattack or airstrikes against Iranian nuclear facilities, all it does is buy us time. Stuxnet set the Iranians back, but it didn’t deter them. Destroying some of their nuclear facilities won’t deter them either, in fact, it’ll probably make them even more defiant. The only endgame that will bring closure is regime change. And think about it, if we do that, we’ve just resolved 70+% of the world’s instability problems.

/my vote is for a comprehensive, all hands on deck, leave no stone unturned, decapitation campaign, Mullahs and the Republican Guard gots to live and work somewhere and I bet we have the GPS coordinates

Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

No Jews Allowed

Here you go boys and girls, here’s the new Libya that Obama threw billions of dollars at and the full weight of the United States behind, freedom and democracy for all unless, you know, you’re a Jew.

Exiled Libyan Jew blocked from restoring synagogue

A Libyan Jewish man who returned from exile to try to restore Tripoli’s main synagogue has been blocked from the building a day after knocking down the wall in front of its entrance.

A visibly angry David Gerbi went to clean garbage from the synagogue on Monday only to be told by men at the scene that they had received warnings he would be targeted by violence and that he should stop his efforts.

Gerbi, who fled with his family to Italy in 1967, said he had secured permission from the local sheik to restore the synagogue and that he was surprised he was now being blocked from completing the work. Gerbi’s colleague Richard Peters said that several men armed with assault rifles later appeared to guard the building.

Breaking down in tears, Gerbi said Monday that Libya needs to decide if it’s going to be a racist country or a democratic one.

See also:
Exiled Libyan Jew says armed men block him from synagogue day after he opened it
Gunmen bar Libyan Jew from entering Tripoli synagogue
Exiled Libyan Jew says synagogue efforts blocked
UPDATE 1-Returned Libyan Jew says driven from Tripoli synagogue
Returning Libyan Jew says threatened over temple
Exiled Libyan Jew says synagogue efforts blocked
Libyan Jew returns home after 44-year exile
Libyan “revolutionary Jew” to restore synagogue
Libyan Jew Reopens Tripoli’s Lone Temple
Libyan Jew stopped from restoring Tripoli synagogue
Libya’s New Rulers Hate Jews Too?

If you check the “Arab Spring” scorecard, you’ll notice that every time Obama has taken a side in an uprising, it’s been the side inhabited by radical Islamists, who openly hate Jews and pray for Israel’s destruction.

/Obama and the entire U.S. State Department just can’t be that dumb or naive, it has to be a deliberate policy

Is Our Back Door Open?

Gee, I wonder which computer component manufacturing country might be responsible for this? Hmmm, let me think.

(you might want to skip to 51:47)

U.S. Suspects Contaminated Foreign-Made Components Threaten Cyber Security

Some foreign-made computer components are being manufactured to make it easier to launch cyber attacks on U.S. companies and consumers, a security official at the the Department of Homeland Security said.

“I am aware of instances where that has happened,” said Greg Schaffer, who is the Acting Deputy Undersecretary National Protection and Programs Director at the DHS.

Schaffer did not say where specifically these components are coming from or elaborate on how they could be manufactured in such a way as to facilitate a cyber attack.

But Schaffer’s comment confirms that the U.S. government believes some electronics manufacturers have included parts in products that could make U.S. consumers and corporations more vulnerable to targeted cyber attacks.

A device tampered with prior to distribution or sale could act as a “Trojan horse” in the opening wave of an international cyberwar. Contaminated products could be used to jeopardize the entire network.

See also:
DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools
Tomorrow’s cyberwarfare may be carried out by pre-infected electronics: DHS
Malware Comes with Many Gadgets, Homeland Security Admits
Supply chain security – DHS finds imported software and hardware contain attack tools
U.S. official says pre-infected computer tech entering country
Homeland Security Admits Hidden Malware in Foreign-Made Devices
Homeland Security Finds Your Electronic Device Poses Risks?
Threat of destructive coding on foreign-manufactured technology is real
Homeland Security Official: Some Foreign-Made Electronics Compromise Cybersecurity
White House’s Cyberspace Policy Review (PDF)

So, Mr. Schaffer “did not say where specifically these components are coming from.” Well, here, let me help, it’s obviously China. There, how hard was that? The next question is, what are we doing about it?

Our national power grid, electronics infrastructure, you name it, very few of the critical components are manufactured in the U.S. anymore and if there exists a series of back doors, enabling a hostile country, like China, to preemptively take it all down at once, we’re in serious, catastrophic trouble territory, so far up the proverbial [expletive deleted] creek without a paddle we’re no longer visible. And we’d be down for the count too, because we don’t have the U.S. manufacturing capability to pick ourselves up off the canvas

/the end game scenario this revelation portends would make Pearl Harbor look like a sorority pillow fight

Night Dragon Strikes

How many intrusions by Chinese hackers does it take and how much technology data has to be stolen before U.S. companies start seriously defending themselves?

‘Sloppy’ Chinese hackers scored data-theft coup with ‘Night Dragon’

Chinese hackers who were “incredibly sloppy” still managed to steal gigabytes of data from Western energy companies, a McAfee executive said today.

“They were very unsophisticated,” said Dmitri Alperovitch, vice president of threat research at McAfee, speaking of the attackers. “They were incredibly sloppy, made mistakes and left lots of evidence.”

The attacks, which McAfee has dubbed “Night Dragon” and had tracked since November 2009, may have started two years earlier. They are still occurring.

Night Dragon targeted at least five Western oil, gas and petrochemical companies, all multinational corporations, said Alperovitch, who declined to identify the firms. Some are clients of McAfee, which was called in to investigate.

According to McAfee, the attacks infiltrated energy companies’ networks, and made off with gigabytes of proprietary information about contracts, oil- and gas-field operations, and the details on the SCADA (supervisory control and data acquisition) systems used to manage and monitor the firms’ facilities.

See also:
McAfee: Night Dragon Cyber-Attack Unsophisticated but Effective
‘Night Dragon’ Attacks From China Strike Energy Companies
Oil Firms Hit by Hackers From China, Report Says
Chinese hackers targeted energy multinationals, claims McAfee
Night dragon attacks petrol companies
China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks, McAfee says
Hackers in China have hit oil and gas companies: McAfee report
Chinese hackers steal “confidential information” of five global oil companies: McAfee
Chinese Technician Denies Knowledge of Hacking
China Hacks Big Oil
Chinese hackers break into five oil multinationals
Chinese hackers ‘hit Western oil firms’

Repeat after me, China is not our friend. They don’t create innovative technology, they steal it. Hacking in China is a state-sponsored industry. Furthermore, the oil and gas industry is critical infrastructure, vital to our national security.

/these were unsophisticated attacks, meant only to steal data, and these energy companies couldn’t defend against them, what will happen when Chinese hackers unleash much more sophisticated attacks against our energy infrastructure, with the intent to inflict maximum damage and destruction?