Iran: Sanctions siege turns into cyberwarfare

by pat c Sat Mar 05, 2011 16:41

More confirmation of the Israeli/US role in the creation of Stuxnet. Full text at link.

Israel and the United States created the Stuxnet worm to sabotage Iran's nuclear programme, a leading security expert has claimed.Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb. Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment.

Speaking at the TED conference in Long Beach, California, Mr Langner said: "My opinion is that Mossad [Israel's intelligence agency] is involved."However he speculated that Israel was not the main driver behind the creation of Stuxnet.

"There is only one leading source, and that is the United States," said Mr Langner.

In a recent report on Stuxnet, the security firm Symantec said that it would have taken a team of between five and 10 developers, six months to create the worm.

Mr Langner said that the project would have required "inside information", so detailed that "they probably knew the shoe size of the operator."

Stuxnet first came to light in July 2010. Nearly 60% of reported infections were inside Iran.

by pat c Thu Oct 20, 2011 14:22

The Zionist & Imperialist hackers are busy again with a new version of Stuxnet.

Researchers warn of new Stuxnet worm

Researchers have found evidence that the Stuxnet worm, which alarmed governments around the world, could be about to regenerate. Stuxnet was a highly complex piece of malware created to spy on and disrupt Iran's nuclear programme.

No-one has identified the worm authors but the finger of suspicion fell on the Israeli and US governments. The new threat, Duqu, is, according to those who discovered it, "a precursor to a future Stuxnet-like attack".

Its discovery was made public by security firm Symantec, which in turn was alerted to the threat by one of its customers. The worm was named Duqu because it creates files with the prefix DQ.

Symantec looked at samples of the threat gathered from computer systems located in Europe. Initial analysis of the worm found that parts of Duqu are nearly identical to Stuxnet and suggested that it was written by either the same authors or those with access to the Stuxnet source code.

by opus diablos - the regressive hypocrite party Thu Oct 20, 2011 18:10

..pat, is that when the going gets tough....the toughs are gonna pull the plugs on our incipient nets.

 Be prepared, as the girl guides say, we may be back to smoke signals before we calculate. If they can do it in China ....Meantime build while we can.

by pat c Tue Jun 12, 2012 23:59

More news on Stuxnet, its related to flame.

The game appears to be up for the US and Israeli intelligence agencies who created the potent Stuxnet worm and Duqu trojan: analysis by software engineers at Kaspersky Lab in Moscow shows they also created Flame, the powerful espionage software that has mainly been infecting computers in Iran.

Kaspersky Lab, which was commissioned by the UN to investigate the cause of massive document losses in a raft of Middle Eastern computer networks, identified Flame last week. In a bulletin issued today, Kaspersky says that a module from Stuxnet, known as "Resource 207" is actually a Flame plugin that allows the malicious code to spread via USB devices. "The code of the USB drive infection mechanism is identical in Flame and Stuxnet," says Kaspersky.

Coming soon after the New York Times detailed classified White House meetings that confirmed the US is behind Stuxnet, this is a further embarrassment for the Obama administration, which is now seen to be preaching cybersecurity defence at home while deploying a battery of offensive cyber threats abroad - and ones that undermine the software integrity of America's software champion, Microsoft, to do so.

Flame works by using cryptological skulduggery to scupper Microsoft's update system. And Stuxnet used vulnerabilities in Microsoft operating systems that, ordinarily, would be reported to Microsoft, repaired and sent out to millions of users as an update patch. Worse, perhaps, a coding error (the US reportedly blames Israel and vice versa) allowed Stuxnet to escape into the wild and reveal its existence - which a secret cyberweapon should of course not do.

It means the taxpayer-funded US National Security Agency is working at odds with the Department of Homeland Security, which is attempting to bolster online defences. Only last week, US homeland security secretary Janet Napolitano met industrialists at the White House to "discuss DHS's current efforts to secure cyberspace".

Napolitano says the DHS is "working with partners at universities and the private sector...to protect against evolving cyber threats". Whether those threats will be variants of this new breed of home-grown cyberweapon remains to be seen.

by pat c Tue Jun 19, 2012 23:13

More on Flame/Stuxnet.

The United States and Israel are responsible for developing the sophisticated espionage rootkit known as Flame, according to anonymous Western sources quoted in a news report.

The malware was designed to provide intelligence about Iran’s computer networks and spy on Iranian officials through their computers as part of an ongoing cyberwarfare campaign, according to the Washington Post.

The program was a joint effort of the National Security Agency, the CIA and Israel’s military, which also produced the Stuxnet worm that is believed to have sabotaged centrifuges used for Iran’s uranium enrichment program in 2009 and 2010.

“This is about preparing the battlefield for another type of covert action,” a former high-ranking US intelligence official told the Post. “Cyber collection against the Iranian program is way further down the road than this.”

Flame was discovered last month by Russia-based antivirus firm Kaspersky Lab, following reports in Iran that malware aimed at computers belonging to that country’s oil industry had wiped data from the computers. In trying to investigate that issue, Kaspersky came across components of the Flame malware, which the researcher believed was not directly connected to the malware that wiped the Iranian computers clean but which they believed was created by the same nation states behind Stuxnet.

Kaspersky disclosed last week that Flame in fact contained some of the same code as Stuxnet, directly tying the two pieces of malware together.

According to the Post Flame was designed to infiltrate highly secure networks in order to siphon intelligence from them, including information that would help the attackers map a target network. Flame, as previously reported, can activate a computer’s internal microphone to record conversations conducted via Skype or in the vicinity of the computer. It also contains modules that log keyboard strokes, take screen shots of what’s occurring on a machine, extract geolocation data from images and turn an infected computer into a Bluetooth beacon to siphon information from Bluetooth-enabled phones that are near the computer.

Flame exploited a vulnerability in Microsoft’s terminal service system to allow the attackers to obtain a fraudulent Microsoft digital certificate to sign their code, so that it could masquerade as legitimate Microsoft code and be installed on a target machine via the Microsoft software update function.

Flame was developed at least five years ago as part of a classified program code-named Olympic Games, the same program that produced Stuxnet.

“It is far more difficult to penetrate a network, learn about it, reside on it forever and extract information from it without being detected than it is to go in and stomp around inside the network causing damage,” said Michael V. Hayden, a former NSA director and CIA director who left office in 2009, told the Post.

It’s still unclear whether the malware used to attack computers in Iran’s oil ministry is the same malware now known as Flame. According to the Post, the attack on the oil ministry computers was directed by Israel alone, a matter which apparently caught US officials off guard, according to anonymous sources who spoke with the newspaper.

by pat c Thu Aug 30, 2012 11:29

Wiper has some similarities to Stuxnet but theres no smoking gun yet. Kaspersky Lab works on. Full text at link.

How does a security company study a strain of malware that systematically wipes a hard drive clean, including any traces of its own code? And is there any evidence that Wiper, one particular flavor of malware that hit computers in Iran’s oil industry in the spring, is connected to nation-state tools such as Stuxnet?

In an attempt to answer these questions and others about several pieces of malware that have cropped up recently, Kaspersky Lab has released new details about its investigation of Wiper.

According to Kaspersky, Wiper shares a couple of characteristics with the DuQu and Stuxnet attacks that suggest it might have been developed by Israel and the U.S. – the nations believed to be behind DuQu and Stuxnet. But, the researchers say in a blog post published Wednesday, that the similarities are circumstantial and not enough to draw firm conclusions just yet.

Wiper was an aggressive piece of malware that targeted machines belonging to the Iranian Oil Ministry and the National Iranian Oil Company in April. Iranian officials said at the time the malware was uncovered that it was designed to steal and destroy data.

Wiper left a trace of its existence on some hard drives, in the form of a registry key (highlighted in blue at left). Image courtesy of Kaspersky Lab