Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Experts 'Convinced' Duqu Work of Stuxnet Authors

samzenpus posted more than 2 years ago | from the two-for-one dept.

Security 85

Trailrunner7 writes "Researchers are fairly confident now that whoever wrote the Duqu malware was also involved in developing the Stuxnet worm. They're also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that haven't been documented yet. There was a lot of speculation when Duqu first emerged about whether the attack was the work of the same group--still unknown--that had created Stuxnet and unleashed it on Iran's nuclear facilities last year. Some of that was centered on supposed similarities in the code between the two pieces of malware, but that was before many of the individual components of Duqu had been identified and analyzed. Now that the analysis and research into the Duqu malware have advanced a bit, researchers say they've found more evidence that points to the malware being the work of the Stuxnet authors or their close associates. 'I'm convinced it's the same group,' Costin Raiu, director of global research and analysis at Kaspersky Lab, who has done much of the analysis of Duqu, said."

Sorry! There are no comments related to the filter you selected.

Should the researchers keep quiet? (1, Interesting)

Relayman (1068986) | more than 2 years ago | (#38076286)

If Stuxnet is designed to prevent the total destruction of Israel and Duqu is intended to do something similar, shouldn't these "researchers" keep quiet about what they've found? People who mess with the military often find themselves six feet under (unless they're cremated first). I'm sorry, but I think their egos are taking over their common sense.

I would go further (1, Troll)

SmallFurryCreature (593017) | more than 2 years ago | (#38076356)

Who is funding Kaspersky labs?

Remember that money makes for strange bedfellows. For instance, take Reuters. They been found to be lying in their reporting in this area... but what few THEN ask, why they ALWAYS been found lying to favor one side.

And if these companies are aiding Iran in keeping its nuclear facilities safe are they aiding it in nuclear development which it is not allowed to do according to UN regulations?

This whole case has more depth to it then just the west vs Iran. Somebody is playing games and we so far only got researchers with funny names and shady funding and Iran to prove any of this.

Remember this all originates from a country that blaims earth quakes on short skirts. To some the truth is not just a flexible concept but nothing different from propaganda shouted really loudly.

Re:I would go further (2, Insightful)

Unordained (262962) | more than 2 years ago | (#38076434)

[evidence needed]
[citation needed]
[explicitly stated allegations needed]
[ad hominem needs review]

Re:I would go further (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38076442)

Who is funding Kaspersky labs?

My best guess is AV software sales.

Re:I would go further (3, Informative)

Anonymous Coward | more than 2 years ago | (#38076586)

Kaspersky Labs is funded by the sale of Kaspersky AntiVirus and the other security software that they sell direct on kaspersky.com. Everything else in your post in rambling, incoherent drivel that made my head hurt.

Re:I would go further (2)

Ihmhi (1206036) | more than 2 years ago | (#38079364)

Who is funding Kaspersky labs?

Kaspersky, eh? Sounds awfully Russian. And we all know them commies ain't ever up to no good. Quick Mabel, to the bunker!

Re:I would go further (0)

Anonymous Coward | more than 2 years ago | (#38216928)

2 words: Zbigniew Brezinski

Re:I would go further (1)

lucm (889690) | more than 2 years ago | (#38217740)

Remember that money makes for strange bedfellows. For instance, take Reuters. They been found to be lying in their reporting in this area... but what few THEN ask, why they ALWAYS been found lying to favor one side.

This is exactly why I always watch Fox News. They have never been caught lying because they give me opinions, not facts. It is very convenient because the news I get from them are biased in a way that is compatible with my preconceived notions about the world. I am pretty busy, especially since Skyrim was released, so I don't have time to start shuffling good guys and bad guys around.

Re:Should the researchers keep quiet? (5, Interesting)

Eunuchswear (210685) | more than 2 years ago | (#38076456)

If Stuxnet is designed to prevent the total destruction of Israel

That's a big "if" you're waving around there partner.

Stuxnet could be a weapon designed for use against Iran, possibly by Israel, but "designed to prevent the total destruction of Israel", that's pretty hyperbolic.

People who mess with the military often find themselves six feet under (unless they're cremated first).

Who's military are you talking about here?

Re:Should the researchers keep quiet? (5, Interesting)

Anonymous Coward | more than 2 years ago | (#38076674)

More likely, stuxnet was designed as an alternative to an unpopular military action. Arab neighbors of Iran are eager for Israel to "handle" the issue so they can reap the benefits of an emasculated Iran without getting their own hands dirty. The situation for Israel is more complex; military action will galvanize anti-Israeli sentiments in the ME, and Iran is not their most immediate problem. BUT, neither can Iran be safely ignored. Stuxnet performed its job in buying extra time before Iran could finalize its nuclear program, but that extra time is running out.

Re:Should the researchers keep quiet? (1)

Relayman (1068986) | more than 2 years ago | (#38077286)

that's pretty hyperbolic.

Agreed. As first poster, I wanted to get this off to a rollicking start. But who else would Iran use their nuclear weapons on? Europe? The U.S.? South Africa? Those are even more hyperbolic.

Re:Should the researchers keep quiet? (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38077852)

But who else would Iran use their nuclear weapons on?

Probably the same people who don't want Iran to be a nuclear country as much as Isreal; namely the rest of the Middle East.

I guess its a poor Western mentality that makes illogical group-think become accepted in that all Arab countries stick together. Nothing could be farther from the truth. Just about EVERY ME country does NOT want Iran to get nukes and have been actively encouraging every country (include the US) to militarily intercede into Iran.

Bluntly, most of the people who accuse Israel and the US of engineering these things do so by proudly proclaiming their ignorance of how the world works. The fact is, only crazy nutjobs want Iran to get nukes which means almost the entire world is more than happy to actively work against Iran's nuclear ambitions. And only Israel has interests equal to or slightly greater than all of the other ME countries in the region.

Re:Should the researchers keep quiet? (5, Informative)

Eunuchswear (210685) | more than 2 years ago | (#38078264)

Iran is not an arab country.

Re:Should the researchers keep quiet? (1)

lucm (889690) | more than 2 years ago | (#38217856)

Iran is not an arab country.

This is just semantics. That's the problem with liberals, you think too much, and you end up with all those subcategories.

Foreign policy is so easy: all we need is the Axis of Evil. We put a "good" or "evil" label on every country, and people in "evil" countries can either overthrow Kim Jong Il and join us on the good side, or face the consequences and get nasty viruses.

As for determining if a country is evil, there is a simple solution: we ask ourselves "Would Jack Bauer collaborate with their ambassador or would he commit a B&E in their embassy to extract a prisoner and hijack the cctv".

Re:Should the researchers keep quiet? (1)

Eunuchswear (210685) | more than 2 years ago | (#38219244)

Iran is not an arab country.

This is just semantics. That's the problem with liberals, you think too much, and you end up with all those subcategories.

I'm not a liberal.

I'm a socialist.

Jack Bauer, like all Americans, is a wimp. He's never met a terrorist he wouldn't buckle under to. He only wins because he has the scriptwriters on his side. Unfortunately for the real America the scriptwriter is not on your side.

Re:Should the researchers keep quiet? (1, Redundant)

mr100percent (57156) | more than 2 years ago | (#38081506)

Every ME country doesn't want Israel to have nukes either, but Israel says they don't friggin care what you think. Israel is one of the single-digit holdouts that refused to sign the Nuclear Non-Proliferation Treaty, even Iran signed it (which is why the IAEA routinely inspects Iran).

Why are so many people surprised the Iranian people want nukes? Their democracy was overthrown in a coup that the CIA freely admits orchestrating, they lost over a million people in the Iran-Iraq war, where among other things Saddam Hussein gassed their capital. Israel keeps threatening to nuke Israel and Hebrew-language editorial pages keep agitating for it. The US has put soldiers on both the East and West borders of their country, and Bush and the new GOP candidates are running on an anti-Iran platform.

From Iran's point of view, possessing a nuclear weapon keeps you safe. Look at how Bush treated Iraq and North Korea very differently as a result. Even so, Ayatollahs Khomeini and Khaminei have both said that nuclear weapons are a sin (so if they were caught making one it would undermine their power completely), the IAEA has said that none of the Uraniam has been diverted from power-production to weapons production, and many scholars think Iran's moves over the last few years are a "nuclear latency [juancole.com] " tactic.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38084302)

Every ME country doesn't want Israel to have nukes either, but Israel says they don't friggin care what you think.

Most of the Middle East also wishes the Jews would just lay down and die, but Israel says they're not doing that shit anymore.

Re:Should the researchers keep quiet? (1)

Eunuchswear (210685) | more than 2 years ago | (#38079408)

But who else would Iran use their nuclear weapons on?

I don't know.

Who would the US use their nuclear weapons on? Or the UK, France, Russia, China, Israel?

Re:Should the researchers keep quiet? (1)

antdude (79039) | more than 2 years ago | (#38077388)

Who's = Who is. "Who is military are you talking about here?" :P

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38076458)

If Stuxnet is designed to prevent the total destruction of Israel and Duqu is intended to do something similar, shouldn't these "researchers" keep quiet about what they've found?

No.

Re:Should the researchers keep quiet? (1)

Anonymous Coward | more than 2 years ago | (#38076564)

Well if they suddenly die, vanish, appear in some terrorist video, or step down "for life / health / financial reasons" all of a sudden, we will know they were threatened.
Cause and effect.

I still don't understand how Stuxnet managed to get in so easily, or how this one is to those systems too.
You'd expect the people to have some sense of the security implications of opening random crap.

Also, does anyone have any list on what sort of systems it is infecting?
I find it quite interesting to see these very targeted infections, this one in particular since all it really seems to be doing is bouncing around and collecting a few things before hopping off to other computers.
Admittedly the information it could be collecting is of a very serious security compromising nature, such as port config, software installed, patches, etc.

Re:Should the researchers keep quiet? (1)

tsotha (720379) | more than 2 years ago | (#38079862)

I still don't understand how Stuxnet managed to get in so easily, or how this one is to those systems too. You'd expect the people to have some sense of the security implications of opening random crap.

Do you have any reason to believe Stuxnet got in "easily"? The Iranians don't know how it got there. It may be the Israelis (or whoever) had an agent inject it onto the Natanz network. And nobody had to "open" anything, since it will spread through infected thumb drives.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38147060)

my understanding of the sabotage at the Iranian plant was it was probably imported with controlling software for "components" (pumps or stuff of that ilk) and they probably loaded it as part of installation. I am likely wrong and am just speculating but it seems like most reasonable solution. There was a story I saw once about US manufacturers (conducting business illegally in Iran) who built the pumps it was insinuated that there was room for some type of industrial sabotage with a minimized thumbprint. I am not tech savvy but I believe this on the face, the Stuxnet, and now Duqu are probably state generated, Likely US in origin, and like so many other "good deeds" no real thought has been given to future ramifications. I am fascinated by this story, and the fact that "Happy land" media with talking heads and ad driven "news" are not even commenting on it is in my analog mind proof positive we (the US) are responsible for unleashing this potential tech plague. No the researchers should not keep quiet.
     

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38076578)

If it's the US military, they don't need to go straight to "terminate with extreme prejudice", they can issue a National Security Letter with a gag order. Of course, if that's not followed or they don't trust the researcher, they retain the former option.

Re:Should the researchers keep quiet? (5, Informative)

Baloroth (2370816) | more than 2 years ago | (#38076584)

This is probably the intelligence community at work here. If competent (and from the signs of how well created Stuxnet and Duqu are, they are), people who out these things have nothing to fear. It would almost be an open admission of guilt to "make them disappear." Not to mention the risk of being caught. These worms have worked by subtlety and subterfuge, they won't stop doing that now. And that means not killing people. Really, the idea that intelligence agencies work through murder is mostly (definitely not entirely, but mostly) a Hollywood/ New York Times Bestseller invention. In reality, assassination is way to risky to happen often or be used lightly.

Now, if they were leaking something like a NOC list or exact design documents for thermonuclear warheads, that might be a different story. Stuxnet, however, already did its damage. Duqu probably did too.

Re:Should the researchers keep quiet? (4, Informative)

Jeng (926980) | more than 2 years ago | (#38077082)

Really, the idea that intelligence agencies work through murder is mostly (definitely not entirely, but mostly) a Hollywood/ New York Times Bestseller invention. In reality, assassination is way to risky to happen often or be used lightly.

Remember, we are talking about Israel here, they have no reservations about assassinations.

http://en.wikipedia.org/wiki/List_of_Israeli_assassinations [wikipedia.org]

Re:Should the researchers keep quiet? (2)

rtfa-troll (1340807) | more than 2 years ago | (#38077402)

Israel assassinates enemies; generally either Arabs or former Nazis. Attacking Russian citizens would be something completely different. They would want a bit more finesse and anonymity than they seem to have achieved recently.

Re:Should the researchers keep quiet? (1)

Jeng (926980) | more than 2 years ago | (#38077638)

I mainly brought up that Israel does assassinate people not because of this subject, but because the person stated it that this just does not happen.

People who work for legitimate anti-virus companies studying this worm have nothing to fear.

Now as to people who might be studying this worm in Iran for the Iranian government, I would be watching my back.

Re:Should the researchers keep quiet? (1)

rtfa-troll (1340807) | more than 2 years ago | (#38078086)

I think that the assasination of Iranian nuclear scientists [wikipedia.org] has already happened. However, I think you should remember that both the CIA and the FSB (among others) are probably also fully capable of having people they don't like assassinated given the right circumstances. This doesn't in any way prove or disprove links with Israel.

Re:Should the researchers keep quiet? (1)

tsotha (720379) | more than 2 years ago | (#38080076)

And what about Canadian Gerald Bull?

Israel will assassinate whoever it needs to assassinate in the interests of national security. Every country does at one point or another. The Israelis stand out because their national security interests are more immediately pressing than most countries, and because they have a lot of enemies using asymetric warfare.

Having said that let me say I doubt they would bother killing a computer virus researcher, even assuming he was dissecting their virus. There's no real benefit to it, since there are a lot of people looking at the virus, and they would risk having people captured or otherwise exposed.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38081004)

Gerald Bull was a mercenary, working on developing weapons for Iraq. He died, as he lived, by the sword.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38081634)

I would go further and remind that Bull was warned on more than one occasion not to assist Iran in developing a weapon against Israel. Bull did not listen... did he really expect a nation to stand still while another was openly developing a weapon to destroy it? Live by the sword, die by the sword.

Re:Should the researchers keep quiet? (1)

Savantissimo (893682) | more than 2 years ago | (#38081878)

Bull had nothing to do with Iran or nukes. He was developing giant, militarily-useless space-launch artillery for Iraq. He also developed some of the best field artillery bought by countries around the world, as well as some other projects such as an improved SCUD nose cone. He was assassinated in Belgium, likely by Israel.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38082356)

Good, next time the scientists will think before developing weapons for nations that openly declare that they wills tart wars with peaceful countries.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38083292)

So, you're saying it's ok for all scientists working on weapons to be assassinated?

Re:Should the researchers keep quiet? (3, Interesting)

elrous0 (869638) | more than 2 years ago | (#38076590)

It's not exactly a secret that Mossad and the IDF were the chief suspects in the creation of Stuxnet. They were even publicizing [jpost.com] their new cyber-warfare IDF division not too long before Stuxnet emerged. So I doubt Israel considers this a big secret. In fact, they may well want to publicize the "Threaten us and we can blow up your centrifuges" message it sends.

Re:Should the researchers keep quiet? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38076638)

No.

Malware researchers should investigate malware, regardless of its pedigree. The malware doesn't discriminate as to the computer. Duqu and Stuxnet will infect a Windows system regardless its location and use. That was part of the idea behind Stuxnet: wide initial deployment so that it would eventually find its way into the Iranian centrifuge system. The authors don't seem to care if they infect non-affiliated systems along the way.

There is also no reason why the exploits being used in Duqu and Stuxnet, presumably by western governments, can't be rebranded by our more run of the mill botnet farmers and spammers.

Re:Should the researchers keep quiet? (1)

Relayman (1068986) | more than 2 years ago | (#38085980)

Malware researchers are welcome to investigate, issue signatures to eradicate the malware and report the security holes to the proper software vendors. However, when they grandstand like this, they are just doing it to feed their egos and I don't agree with them doing that for malware connected with the military unless our military is screwing with their country (could happen).

Re:Should the researchers keep quiet? (3, Interesting)

gl4ss (559668) | more than 2 years ago | (#38076670)

iran going to nuclear war would lead to iran's government to fall - a conventional war would do that as well, it's a card house. messing with their industrial machines only can slow things down though, it can't stop them.

besides, going public with the information straight on would actually protect the researchers, if they're worried about ending up six feet under. but the real reason for going public is that for the researchers the value of the work is going public and going public with it first, so they'll get pageviews.

but.. you could go on further and say that they're doing free r&d for duqu/stuxnet developers. it's a stretch to say that they're the same guys though, just based on analysing the code - it could be just some guy(s) who thought stuxnets architechture was worth looking into as research.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38076778)

Whoever voted this interesting needs a reality check.

It's one thing for you to condone cyber attack (a blatant act of war) based on Israeli paranoia and self-righteousness. It's totally another thing to impose such hacking on non-Israelis or even think that it's permissible for a foreign nation to infiltrate my machine simply because you and other nutty zealots unconditionally and unquestionably place 100% of your trust in the Israeli authority.

If you want to be penetrated, go ahead lube up. I never gave Israel any permission to install malware and pass it as secure for future virus installations. This is a crime in the United States.

Re:Should the researchers keep quiet? (1)

Hentes (2461350) | more than 2 years ago | (#38076838)

If Stuxnet is designed to prevent the total destruction of Israel and Duqu is intended to do something similar

They are designed to attack industrial complexes. And as any weapon, they can also be used for bad were someone with malicious intent copy them. Thus, owners of vulnerable hardware should have the information necessary to defend themselves. The researchers are doing their job, it wouldn't be independent research if they let politics into it.

Re:Should the researchers keep quiet? (1)

Relayman (1068986) | more than 2 years ago | (#38077382)

Wow. And in the year since Stuxnet has been discovered, how many of the exploits it uses are still unpatched?

Re:Should the researchers keep quiet? (-1)

Anonymous Coward | more than 2 years ago | (#38076938)

Ummm... Israel is the only nation in the region attacking its neighbors. Get past the propaganda, and it is pretty apparent who the real terrorists are.

Re:Should the researchers keep quiet? (3, Insightful)

ColdWetDog (752185) | more than 2 years ago | (#38078032)

Ummm... Israel is the only nation in the region attacking its neighbors. Get past the propaganda, and it is pretty apparent who the real terrorists are.

Right. The missiles shot from Gaza into Israeli territory were launched by whom? The Mossad? Not that I condone a lot of what the Israeli government is doing these days, but even for an AC, you seem remarkably dense.

Re:Should the researchers keep quiet? (0)

Eunuchswear (210685) | more than 2 years ago | (#38079496)

Oh, so you recognize Palestine as a nation now?

Do you float in water?

Re:Should the researchers keep quiet? (-1)

Anonymous Coward | more than 2 years ago | (#38081936)

"The missiles shot from Gaza into Israeli territory were launched by whom? The Mossad?"

Quite possibly some of the more conveniently timed model-rocket attacks were carried out by Israel. In any event, those have a lethal radius of less than a hand grenade and no guidance - the odds of them doing any damage is pretty remote. Israel has agents in many "terrorist" organizations, often as agents provocateur, too. The stories you see in the media never investigate what is really going on - all of the major flare ups in the past decade have been due to unilateral Israeli action which they then lie about.

Re:Should the researchers keep quiet? (1)

jrumney (197329) | more than 2 years ago | (#38084968)

Israel is the only nation in the region attacking its neighbors.

Right. The missiles shot from Gaza into Israeli territory were launched by whom?

Not by any officially government backed forces of any recognized nation. Meanwhile Israel continues to turn a blind eye to, and even encourage, an even bigger PR problem which is entirely within their control - settlement construction in occupied territories. This isn't the actions of a country that wants to live peacefully with its neighbors. As long as they have the sympathetic ear of the US government and public, they will do what they can to keep their status as "victims".

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38077314)

No, they shouldn't be quiet. If a state can't keep their tools under wraps, that's on them. Besides, I think you overestimate how dangerous the US and/or Israel are. There are a LOT of people that they don't like. Very few of them are assassinated and generally for a lot more.

Besides, it could also play in their favor. If the Stuxnet/Duqu team turn into the technological version of the nuclear bomb, they can also be used at a deterrent.

Re:Should the researchers keep quiet? (1)

JDG1980 (2438906) | more than 2 years ago | (#38077390)

Well, for starters, civilian users have been affected by Duqu, so of course the antivirus researchers should go after it.

Secondly, your basic premise ("prevent the total destruction of Israel") is fundamentally flawed. Rulers far worse than Ahmadinejad (and Ali Khamenei, the real ruler of Iran) have had nuclear weapons in the past. Stalin and Mao were about as evil as it gets, but they still didn't blow up the world. You might say that the Iranians are different because they're fanatics. And I suppose that Mao, who starved millions to death in the "Great Leap Forward," was a pragmatic realist? The truth is that nuclear weapons don't start war; they keep the peace. People who crave martyrdom that badly usually get their wish fairly early on; they don't become leaders of nations.

Israel isn't worried about being blown up. They're worried that if they have to face another regional power of equal might, they might not be able to bully their neighbors quite so much any more.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38078776)

Maybe not as big, but Israel also has a decision to make whether to admit they have nukes or not. You can't play MAD if you don't go public with the weapons.

Israel and the US have kept it quiet to minimize the motivation of Israel's neighbors to get nukes, but judging by the last couple decades that hasn't worked too well motivation-wise (Iraq, Syria and now Iran).

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38081970)

Not that it couldn't easily be changed, but there is a law on the books in the US, the 1976 Symington amendment to Foreign Assistance Act of 1961, which "banned U.S. economic, and military assistance, and export credits to countries that deliver or receive, acquire or transfer nuclear enrichment technology when they do not comply with IAEA regulations and inspections." [wikipedia]

All aid to Israel since has been illegal, but there is a mutual agreement to pretend the Israelis not only don't have nukes, but don't have enrichment technology.

Re:Should the researchers keep quiet? (0)

Anonymous Coward | more than 2 years ago | (#38086320)

Maybe you should learn something about enriched uranium and bombs first. Or realize you've been outed as an astroturfing war-mongering propagandist.

Iran uses slightly enriched uranium for research and medical radioisotope reactors. You can't use anything else. Bombs requires highly enriched uranium which costs orders of magnitude (100s-1000s of times) more than slightly enriched uranium. Iran is only creating slightly enriched uranium for the former and has only been doing so for the past 20 years. The UN IAEA knows this and as precisely reported this in past reports and even in the most recent report. It's always been monitored and disclosed precisely as required and defined by UN and US signed non-proliferation treaties: Iran has been and still is 100% within treaty-allowed limits and requirements! Arguing otherwise is a lie. And a lie that is primarily being being foisted on the world to trigger a War or Aggression [wikipedia.org] (which is a legal term with a specific meaning in a War Crimes context).

/tinfoil hat (0)

Anonymous Coward | more than 2 years ago | (#38076296)

Of course its the CIA.

Re:/tinfoil hat (4, Funny)

masternerdguy (2468142) | more than 2 years ago | (#38076416)

The CIA is backed up by a covert organization called the NID which wants to regulate the Stargate in Area 51. It's true.

Re:/tinfoil hat (0)

Anonymous Coward | more than 2 years ago | (#38079576)

Excuse me, but do you have a newsletter I can subscribe to?

My powers have doubled (5, Funny)

Spy Handler (822350) | more than 2 years ago | (#38076310)

since the last time we met, Duqu!

What is this telling us? (4, Insightful)

plover (150551) | more than 2 years ago | (#38076326)

So Duqu is estimated to have infected about 50 machines. It's a piece of scouting software that collects and maps information, but doesn't attack. It doesn't even phone home yet. It's obviously not news because of its impact to the broad population of computers on the Internet.

So what exactly is this story telling us? Panic now, because the Stuxnet authors are still on the loose and writing malware? Don't panic at all, because Duqu is obviously targeting an Enemy of the State (like Iran) and not generic PCs? Buy Symantec or Kaspersky antivirus software because their detection has gotten better since Stuxnet?

Re:What is this telling us? (4, Interesting)

Telvin_3d (855514) | more than 2 years ago | (#38076576)

Stuxnet is the first widely reported example of a digital attack on the infrastructure of one nation by (what is believed to be) another nation or nations. This is a big deal. This is one that is likely to be in course syllabuses 50 years from now. If not in the CS department then probably in the PoliSci department. Anything connected to Stuxnet is inherently interesting and potentially newsworthy.

Any actual technical capabilities that Duqu may or may not have is the least interesting part of this story.

Re:What is this telling us? (2)

MozeeToby (1163751) | more than 2 years ago | (#38076612)

Maybe it's telling us "this is what we see when we look at the code, we offer no conclusions beyond that". Seriously though, the writers of Stuxnet could be just about anyone, from the US, to Isreal, to Saudi Arabia, to Russia, to a group amateurs in their garage. Without knowing their identity, it's impossible to say what their overall motives could be. The only thing known nearly for sure (and that's assuming the researchers are correct in connecting Duqu and Stuxnet) is the authors are willing to do physical damage to equipment to meet their objectives; presumably up to and including risking other people's lives. The fact that the virus doesn't do anything so far is a bit concerning to me, it shows more planning and thought than normally goes into these things. When it finally receives the packet that updates it to 'active' mode, there's no telling at this point what it could do.

Re:What is this telling us? (1)

medv4380 (1604309) | more than 2 years ago | (#38077004)

It's mostly just information at the moment about what appears to be actually cyber warfare. Though, lackluster cyber warfare to me, but still cyber warfare. Duqu also clearly does something else but what that is is anyone's guess. It is a bit risky for even a government entry to just up and make a virus. There is always a risk of unintended consequences with them unless you're just some vandal who just wants to see computer systems halt with no real goal.

The group isn't unknown at all. (5, Interesting)

Anonymous Coward | more than 2 years ago | (#38076498)

The greatest myth of Stuxnet is that the perpetrators who created it are still a mystery. A retiring Israeli general admitted on _video_ and bragged about the fact that Stuxnet was developed as a joint U.S.-Israeli project to attack Iran's nuclear facilities.

http://www.net-security.org/secworld.php?id=10596 [net-security.org]

Re:The group isn't unknown at all. (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38076922)

Well if some random guy took the credit it must be true. No one lies about what their accomplishments.

Re:The group isn't unknown at all. (0)

Anonymous Coward | more than 2 years ago | (#38080858)

I wouldn't consider a high ranking officer in the Israeli military "some random guy" when the political context is considered, but feel free to live in ignorance, it is your right.

Re:The group isn't unknown at all. (1)

ColdWetDog (752185) | more than 2 years ago | (#38078094)

The greatest myth of Stuxnet is that the perpetrators who created it are still a mystery. A retiring Israeli general admitted on _video_ and bragged about the fact that Stuxnet was developed as a joint U.S.-Israeli project to attack Iran's nuclear facilities.

http://www.net-security.org/secworld.php?id=10596 [net-security.org]

He's full of it.

I did it.

its cause we dont have amazing researchers (4, Informative)

Tyrannosaur (2485772) | more than 2 years ago | (#38076608)

Ralph Langner was the genius behind our knowing about what Stuxnet did. But his team of researchers aren't studying Duqu much because "please note that we don’t research Duqu as it appears to be unrelated to control systems." We don't have that genius picking apart Duqu as we do Stuxnet. But Duqu is not the next stuxnet. It's not nearly as cool. Stuxnet was a very unique virus for several reasons. Duqu is more like just a standard virus. I don't understand why Stuxnet was underplaid and Duqu is so overplayed. If you want the cool information on Stuxnet http://www.langner.com/en/2011/11/09/two-years-later/ [langner.com] is Langner's latest post.

Re:its cause we dont have amazing researchers (0)

Anonymous Coward | more than 2 years ago | (#38077792)

Stuxnet was a complete work of art. Duqu is a work in progress (apparently) by the same masters. It doesn't look like it is finished. Will it rise to the (malicious) beauty of the previous? Hard to say. But when you see that the process is underway you wonder if it will fall short, meet, or possibly even exceed the previous work. It's the possibility of that latter option that is especially intriguing.

Re:its cause we dont have amazing researchers (0)

Anonymous Coward | more than 2 years ago | (#38081238)

It is also theorized that duqu is an info gathering bot and that stuxnet would have had a similar info gathering version that predates it.

Plausible but who knows if its true.

'Convinced' (0)

u17 (1730558) | more than 2 years ago | (#38076732)

I can never tell if these words in quotes are meant to be taken as literary citations or an indication of sarcasm. I think this 'style' of writing should be 'retired'.

Re:'Convinced' (1)

Relayman (1068986) | more than 2 years ago | (#38085904)

In this case, they are a short version of a quote. I agree, don't use quotes for sarcasm.

Not so difficult (1)

MacGyver2210 (1053110) | more than 2 years ago | (#38076754)

I was checking out the Zeus source the other day, and these worms and botnets really aren't that complicated. I'd be surprised if we didn't see a boom of new worms/botnets because this looks like something any computer science major could come up with in a few days. The real way to avoid these would be to fix the grievous security holes in the main operating systems affected.

Why are they so sure? (2)

Hentes (2461350) | more than 2 years ago | (#38076764)

Stuxnet has leaked to the public, someone could just copy and modify it.

Re:Why are they so sure? (1)

Chninkel (1396241) | more than 2 years ago | (#38077464)

They don't explain in TFA, but maybe they found new pieces of code in Duqu that (compared with stuxnet) are written in a very similar "spirit" although not being part of the original Stuxnet. Sometimes it's very obvious who wrote a piece of code just by the way he implements things that can be implemented in several different ways (I'm not talking about code indentation of course)

Re:Why are they so sure? (0)

Anonymous Coward | more than 2 years ago | (#38078702)

Exactly! Mod parent up! This is the way most malware evolves and why we have malware families. Not many people write malware from scratch. Most take existing code and tweak it.

I've been using the apk superhosts++ file (0)

Anonymous Coward | more than 2 years ago | (#38076972)

And haven't been infected by Duqu OR Stuxnet in YEARS. Take that, Linus.

Re:I've been using the apk superhosts++ file (0, Offtopic)

Anonymous Coward | more than 2 years ago | (#38077374)

Hey guys, Peter is back ! Come quick before he runs away ... again

So, how have you been Peter ? Is everything alright for you my friend ?

Hope to see you soon Peter ...

Re:I've been using the apk superhosts++ file (0)

Anonymous Coward | more than 2 years ago | (#38083032)

whoever modded this down and not GP as well has no idea who GP actually is and what he is (offtopicly) talking about (GP does not know either) ...
[citation] see over there [slashdot.org] [/citation]

Sounds like the book Zero Day (1)

micsaund (12591) | more than 2 years ago | (#38077012)

Reading all of these comments on these 00ber-worms really parallels a book called Zero Day [amazon.com] that I'm reading. It's fairly entertaining so far, just in case anyone else is interested in a story revolving around Stuxnet/Duqu type stuff. It's probably old news around here, but anyway...

It's me... (0)

Anonymous Coward | more than 2 years ago | (#38077158)

I confess, I wrote Stuxnet and Duqu with BASIC on my Sinclair, during commercial breaks in Married with Children.
Mea culpa.
I promise not to do it again. Really. I promise.

Militarized Malware (1)

koan (80826) | more than 2 years ago | (#38077716)

This is fascinating, a team potentially responsible for an military attack on Iran is now in business for themselves? This and the alleged HBgary root kit make it seem as though "The Powers That Be" are taking the low road on the Internet.

As jaded as I am I guess there was still something in me left to turn cynical rather than hopeful.

All I want to know is.... (1)

IceFoot (256699) | more than 2 years ago | (#38077880)

How the heck do you pronounce "Duqu"?

Re:All I want to know is.... (3, Informative)

Thud457 (234763) | more than 2 years ago | (#38078250)

How the heck do you pronounce " Duqu "?

It's pronounced : "for God's sake, keep Lucas away from writing any more Star Wars"

researchers that Make Crap Up (tm)???? Noooo!!!! (0)

Anonymous Coward | more than 2 years ago | (#38078000)

Utter horse-crap. Gotta post anon, but look.... the evidence for identifying individual actors thru their code is slim-to-none. No, worse, it's complete crap.

To wit: First, There are tons of Stuxnet and Duqu code samples around. Not hard to get -- for example, stored somewhere close by with hundred of people with access including poorly-vetted vendors of all diff nationalities. Kaspersky and Symantec are also both sieves, and so are many other relevant orgs.
Second.... Got IDA Pro? Got a decent IDE? If the bar to entry is $500, pretty much anyone can disassemble the code, and a competent programmer can easily look at the elegant structure and made use of it (re-use, that is). What, it's hard when all the classes and variables are generically named? Oh, please, just looking at the structure and modular payload management, and emulating the evasion functions selected by someone else's good risk/design process would be incredibly useful, and it's not hard to reuse large sections of code wholsesale. I'm surprised that it took this long for good copycats to come along.
That said, prove it wasn't the guy in the next room. Or your netadmin buddy who's always babbling about hacktivism. Once it's in the wild, code similarity doesn't tell you shit about specific actors. It's nonsense, and the fools at Synamtec and Kaspersky should be ashamed to keep pushing it.

Humanity continues to amaze me. (1)

wvmarle (1070040) | more than 2 years ago | (#38082216)

Isn't it amazing how much effort humans put into the purpose of destroying one another?

I started to realise this recently while visiting some pre-WWII military sites, mostly former anti-ship and anti-aircraft batteries. So much effort it must have take to build them. It goes to show how much effort other groups must have put in to try and destroy that again. Now if only all that effort would have been put to different, more peaceful uses...

Stuxnet and Duqu are no different. They must have taken a lot of resources to create (in research and software development). Resources lost for other uses. The same accounts for the Iranians of course: the effort they put into building up nuclear facilities and (allegedly) making nuclear bombs is lost on the effort they could put into making their country a better place to live.

AC 'Convinced' Dupes Work of Slashdot Authors (0)

Anonymous Coward | more than 2 years ago | (#38084396)

AC 'Convinced' Dupes Work of Slashdot Authors... (lame filter /. so lame ; )

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?