Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Authorities Seize Duqu's C&C Servers In Mumbai

samzenpus posted more than 2 years ago | from the following-the-trail dept.

Security 53

wiredmikey writes "In Mumbai, Indian authorities seized components from servers in a data center after Symantec informed them that they were communicating with the command and control infrastructure used by Duqu, the Trojan that is touted as the precursor to the next Stuxnet. According to a report from Reuters, officials the Department of Information Technology in India seized hard drives and other components from a server hosted in a Mumbai data center. Security vendors and government labs are worried that malware such as Duqu and Stuxnet are the building blocks needed in order for attackers to target critical infrastructure. Based on the initial analysis of Duqu, many researchers warned that it was the second generation development of Stuxnet, but this is still the subject of much debate, with some experts now saying that the connection between the two malicious programs is questionable."

cancel ×

53 comments

ten to one it was the pakis (-1, Troll)

Chrisq (894406) | more than 2 years ago | (#37894230)

They're always trying to undermine India

Re:ten to one it was the pakis (-1)

Anonymous Coward | more than 2 years ago | (#37894646)

Fuckin' racist knuckle-dragger. Please stop fucking your mom, she's getting tired of it.

Re:ten to one it was the pakis (0)

Chrisq (894406) | more than 2 years ago | (#37894744)

Fuckin' racist knuckle-dragger. Please stop fucking your mom, she's getting tired of it.

Racist? perhaps you'd like to explain the difference in race between Indians and Pakis to me, or are you to busy fucking your mom?

Re:ten to one it was the pakis (-1)

Anonymous Coward | more than 2 years ago | (#37894886)

I'm not fucking my mom, I'm fucking your mom. That's how I know she's sick of your syphilitic sore covered dick. Which is why I only fuck her in the ass with 5 rubbers on. And stop pretending you don't know the term you used is racist, you dumb fuck.

Re:ten to one it was the pakis (1)

Chrisq (894406) | more than 2 years ago | (#37894922)

I'm not fucking my mom, I'm fucking your mom. That's how I know she's sick of your syphilitic sore covered dick. Which is why I only fuck her in the ass with 5 rubbers on. And stop pretending you don't know the term you used is racist, you dumb fuck.

I thought you'd not be able to answer the question. I'm not surprised you're fucking my mom, she's been dead for ten years.

Re:ten to one it was the pakis (0)

Anonymous Coward | more than 2 years ago | (#37895840)

People I went to middle school with... is that you?

Re:ten to one it was the pakis (1)

ravenshrike (808508) | more than 2 years ago | (#37899586)

Now now, everyone knows brothers shouldn't fight. Especially when it comes to fucking their mother in public restrooms.

Re:ten to one it was the pakis (2)

RogueyWon (735973) | more than 2 years ago | (#37894996)

The term you used is considered (extremely strong) racial abuse in the UK and some other parts of Europe - basically equal in strength to a certain word beginning with "n". I believe it lacks that association in the US and is used as a simple abbreviation - but given this is a site with an international readership, it's best avoided. It will get a powerful reaction, as you've seen.

Linguistic minefields like this exist in both directions - some terms considered mild in the UK would be fighting talk in the US and vice-versa.

Re:ten to one it was the pakis (0)

Anonymous Coward | more than 2 years ago | (#37895520)

Linguistic minefields like this exist in both directions - some terms considered mild in the UK would be fighting talk in the US and vice-versa.

Blimey!

Someone please explain the abbreviation issue? (-1)

Anonymous Coward | more than 2 years ago | (#37899410)

Seriously? Why is it an insult to abbreviate a nationality name? Why is Japanese OK, but yet not Jap? Same with Paki? Seriously we don't get offended when were are called Yanks. Maybe we should? Why is only part of the nationality offensive? It really defies common sense logic.

Then again, if it defies logic, maybe we aren't dealing with logical people, perhaps?

Re:Someone please explain the abbreviation issue? (1)

RogueyWon (735973) | more than 2 years ago | (#37901492)

The weight attached to words depends heavily on history and context. In the UK, and a few other European nations with similar demographic histories, that word is one that has picked up a lot of baggage. It's associated with skinhead thugs smashing windows and other such unpleasantness.

Just as the "n" word I mentioned has unsavoury connotations in the US, particularly in the southern States, so too this is a word you should never use in polite company. I admit it's a bit odd... nobody has ever found... say... "Afghan" to be an obscenity. But unfortunately, it's an abbreviation that's picked up a lot of unfortunate politics and history.

"Jap" is probably offensive because, when it came into common usage during WW2, it was meant to be offensive (understandable in the context of the times). "Yank" can be offensive in some circumstances - when I hear it at a London dinner party, I often hear a deep anti-American undertone to it that genuinely nasty. But at the same time, many Americans have adopted the term themselves, which robs it of a lot of its power. We Brits have a similar relationship with the term "Limey". Australians and others use it as a term of abuse (though often in jest) - but for us, it's a nice reminder that we were smart enough to work out how to avoid scurvy at sea.

As I say, history and context are everything.

Re:ten to one it was the pakis (0)

BangaIorean (1848966) | more than 2 years ago | (#37898552)

Don't worry about the Paki who is posting abuse here. You carry on commenting. Just because those pathetic creatures find some word offensive, doesn't mean the rest of the world has to pander to their insecurities and whines. Hell, these Pakis go around literally looking for ways to get offended.

Yet another win for the GDI over NOD and Kane (1)

kannibal_klown (531544) | more than 2 years ago | (#37894250)

Honestly, unless I see it spelled out in the title or whatever... whenever I see "C&C" I simply think of the ol' Command & Conquer game.

Re:Yet another win for the GDI over NOD and Kane (1)

Yvan256 (722131) | more than 2 years ago | (#37894322)

I'd bet that at least 25 to 50% of slashdot readers think the same way.

Re:Yet another win for the GDI over NOD and Kane (1)

FoolishOwl (1698506) | more than 2 years ago | (#37894540)

Partly it's the subject: it sounds just like a Command & Conquer scenario. I can just see the commando shooting the exploding barrels to take out a tank, so the engineer can reach the data center.

Speaking of which, do you ever find yourself getting out of bed in the morning and saying, "I've got the codes"?

Re:Yet another win for the GDI over NOD and Kane (0)

Anonymous Coward | more than 2 years ago | (#37895266)

ever find yourself getting out of bed in the morning and saying, "I've got the codes"?

I prefer "No fear, Tanya's here!" personally.

Re:Yet another win for the GDI over NOD and Kane (1)

qubezz (520511) | more than 2 years ago | (#37900716)

Exactly, I was like, "wait, there's no server, it runs IPX over the LAN...." The good ol days, where C&C came with two game discs, so you can give the second to a buddy without needing to buy a second copy, and play LAN without constant permission needed to play the game you bought from game manufacturer's "command and control" DRM servers (tell me India couldn't shut down BF3 through a grand firewall because of DRM.)

Re:Yet another win for the GDI over NOD and Kane (1)

bmo (77928) | more than 2 years ago | (#37894412)

As an old usenetter, whenever I see C&C, I think of "coffee and cats warning" as in "put down the coffee and push the cat off your lap before you read this."

Authorities Seize Duqu's Coffee and Cats Servers In Mumbai

--
BMO

Re:Yet another win for the GDI over NOD and Kane (0)

Anonymous Coward | more than 2 years ago | (#37897604)

as a gamer I see C&C as "Command and Conquer"

Re:Yet another win for the GDI over NOD and Kane (1)

tqk (413719) | more than 2 years ago | (#37904088)

As an old usenetter, whenever I see C&C, I think of "coffee and cats warning" as in "put down the coffee and push the cat off your lap before you read this."

I'm an old Usenetter, and I've never seen that one. Thanks. The equivalent I saw was C|N>K ("Coke piped through nose to keyboard", or something. :-)

Re:Yet another win for the GDI over NOD and Kane (1)

RogueyWon (735973) | more than 2 years ago | (#37894474)

Surely you should know better with this headline. I don't think C&C ever had dedicated server support.

Unless you mean the tottering DRM-"disguising" atrocity that was the back-end for C&C4. But you can't have meant that. Because C&C4 didn't exist and wasn't the last nail in the coffin of a once proud series. And if anybody says otherwise I'm going to stick my fingers in my ears and go "NANANANANANANANANA" until they go away.

But yes, after too many hours of my student years wasted to playing that game over the college network, it is now the only thing the acronym "C&C" could ever mean to me.

Re:Yet another win for the GDI over NOD and Kane (1)

flimflammer (956759) | more than 2 years ago | (#37898352)

There was never a C&C4. Ever.

Ever.

Re:Yet another win for the GDI over NOD and Kane (1)

kelemvor4 (1980226) | more than 2 years ago | (#37894792)

Honestly, unless I see it spelled out in the title or whatever... whenever I see "C&C" I simply think of the ol' Command & Conquer game.

I always think of the old school hippity hoppity band "C&C Music Factory".

Re:Yet another win for the GDI over NOD and Kane (1)

Suicidal Teapot (820232) | more than 2 years ago | (#37895132)

I guess it shows my age, I thought it was Crossbows & Catapults :(

Re:Yet another win for the GDI over NOD and Kane (1)

MacGyver2210 (1053110) | more than 2 years ago | (#37895588)

Totally dude. The server was sharing ten year old pirated software, so they seized it...

Re:Yet another win for the GDI over NOD and Kane (1)

TheRaven64 (641858) | more than 2 years ago | (#37896740)

Pirated? EA made C&C a free download [gamershell.com] a few years ago for the twelfth anniversary.

Re:Yet another win for the GDI over NOD and Kane (1)

powerchord84 (2483118) | more than 2 years ago | (#37895602)

Oh, man, I was thinking the same thing...time to go home and dust off Red Alert!

Figures. (3, Insightful)

WindBourne (631190) | more than 2 years ago | (#37894272)

So they grabbed the drive/system, rather than watching and find out who is controlling it and then grab them. And ppl wonder why there are so many crackers out there.

Re:Figures. (1)

marcello_dl (667940) | more than 2 years ago | (#37894532)

I concur, this way they may make headlines immediately instead of patiently waiting and maybe triggering some alarm that the blackhat admins have set up, sure, but it's a poor replacement for getting the responsible people which will just rebuild something more carefully. Back to square one.

Heck, it could be seen as a form of cover up, or a way to keep oneself in business by throwing the fish back in the river.

Re:Figures. (1, Funny)

Lumpy (12016) | more than 2 years ago | (#37894738)

"And ppl wonder why there are so many crackers out there."

Mostly because the keep having children...

Oh wait, are we talking about the same thing?

Re:Figures. (0)

Anonymous Coward | more than 2 years ago | (#37895584)

On a more serious note, no, it is not the same thing. Anyone can buy server space anywhere. There is no citizenship requirement. Ever heard about this new cool Cloud thingy kids are talking about these days?

Re:Figures. (0)

Anonymous Coward | more than 2 years ago | (#37895192)

It's extremely unlikely that any person associated with the C&C code, or any person who installed it, or any person who used it - has ever been in the same country as those physical servers. (I work for a security co)

Correct (2)

WindBourne (631190) | more than 2 years ago | (#37897136)

All the more reason to not announce it and follow it back to where it came from. There is an international community on this. We need to trace this ALL the way back.

Re:Figures. (1)

El Torico (732160) | more than 2 years ago | (#37895360)

And ppl wonder why there are so many crackers out there.

Hey, didn't you see RogueyWon's post about name calling?

Re:Figures. (0)

Anonymous Coward | more than 2 years ago | (#37897970)

"What's the French word for 'stakeout,' huh?" ~Conklin, The Bourne Identity, 2002

Servers? (3, Interesting)

Hatta (162192) | more than 2 years ago | (#37894274)

I'm kind of surprised that cutting edge malware depends on a central server for command and control. What about P2P? Or steganographic embedding of commands in forum posts or images? It seems like a robust and deniable control system would be one of the first things you implement in malware like this.

SHHHHHHHHH (2)

Moheeheeko (1682914) | more than 2 years ago | (#37894350)

Don't give them ideas.

Re:Servers? (0)

Anonymous Coward | more than 2 years ago | (#37894470)

Embedding cmds in images has been done a long time already.

Re:Servers? (2)

jesseck (942036) | more than 2 years ago | (#37894824)

Maybe they do... and the C&C servers are just there for extra noise. The C&C may act functional, and send / receive commands which are received by targets, but those targets don't have to do anything with the commands. While Symantec and India proclaim "We've stopped Duku" the virus may still be hard at work, collecting information.

Re:Servers? (0)

Anonymous Coward | more than 2 years ago | (#37895234)

White hats have had Honeypots for years. Maybe botnets learned that trick too?

Is this thing seriously not yet reverse engineered (1)

ani23 (899493) | more than 2 years ago | (#37894442)

or is the government just letting it thrive. I cannot imagine that software could be so self aware that upon being aware of its presence competent people cannot figure out a way to stop it once and for all or at least secure vulnerable systems from it.

See what I did here? (0)

Anonymous Coward | more than 2 years ago | (#37898494)

1) Its called encryption

2) Its called a subject line, not the 1st half of your sentence.

I thank you 7or your time (-1)

Anonymous Coward | more than 2 years ago | (#37894518)

sh4re, th1s news [goat.cx]

If critical infrastructure wasn't online... (4, Interesting)

Viol8 (599362) | more than 2 years ago | (#37894610)

... this wouldn't be an issue. And make sure workers can't plug in USB sticks or DVD/CD-ROMS. Really , I do wonder whether people running IT in critical industries have all had a collective lobotomy.

Re:If critical infrastructure wasn't online... (1)

gl4ss (559668) | more than 2 years ago | (#37895286)

and what, run them only on custom microcontrollers and dos machines??

oh wait that would be perfect.

Re:If critical infrastructure wasn't online... (1)

Viol8 (599362) | more than 2 years ago | (#37895676)

Maybe, who knows, Depends on the task. But thats besides the point, which is that even an unpatched Win95 machine is safe if its totally locked down and there's no way for any software or data to be loaded onto it either via a network connection or via the machine itself.

Re:If critical infrastructure wasn't online... (0)

Anonymous Coward | more than 2 years ago | (#37896926)

He has a point. Does every system really have to be online? I've worked with classified networks and they aren't connected in any way to the rest of the world yet they somehow manage to function. Not as convenient, sure, but no one ever broke into them.

Re:If critical infrastructure wasn't online... (1)

chronoglass (1353185) | more than 2 years ago | (#37897478)

I've often wondered why there isn't a proper setup here.
I mean why are they connected?
if not
why can people access them directly?

I mean.. you can whitelist traffic instead of blacklisting.. you KNOW what is supposed to happen between the "critical side" and it's controller machine.. block anything that doesn't fit that mold.. done

as an override have a terminal that connects to the control box with a door that sets off every siren in the world when opened. basically saying, something went horribly wrong.

Re:If critical infrastructure wasn't online... (0)

Anonymous Coward | more than 2 years ago | (#37900400)

IT workers are not the problem here or there.
This falls squarely under "stupid management tricks"
Twenty-six years ago IS/IT was taken over by business types.
Technical Management soon became non-existant.
With morons in charge stupidity is limitless.

If Westwood didn't team up with EA (0)

Anonymous Coward | more than 2 years ago | (#37895058)

Then proprietary Command and Conquer servers wouldn't have to be the only option for playing the game.

C & C (0)

Anonymous Coward | more than 2 years ago | (#37895318)

Meh, I stopped playing Command & Conquer years ago.

Looks like (1)

Nanosphere (1867972) | more than 2 years ago | (#37895916)

Duqu was cut off at the head.

*sunglasses*
YEEAHHH!!!

Anyone else read this... (0)

Anonymous Coward | more than 2 years ago | (#37896242)

...as Command and Conquer servers? I was about to throw a fit, wondering why some online gaming group's game servers were nabbed!

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...