On the Emptywheel site, a writer named Rayne offers a good look at the threat
posed by the Stuxnet malware and its two siblings, Duqu and Flame. We've been told that Stuxnet was directed against Iran's nuclear capabilities and "accidentally" spread around the globe. But Rayne offers evidence that the "accident" was no accident.
This could be the biggest story of our time:
The government has chosen to deliberately poison the digital waters so that all are contaminated, far beyond the intended initial target.
There’s very little chance of escaping the poison, either.
In the case of both Duqu and Flame, there is a command-and-control network of servers still in operation, still communicating with instances of these two malware cyber weapons. The servers’ locations are global — yet another indicator of the planners’/developers’ intention that these weapons be dispersed widely.
Poison everything, everywhere.
We've not discussed Duqu in these pages before. Like Stuxnet, it targets industrial control systems. In a previous post, we discussed SCADA, software designed to control industrial facilities -- including the plants which provide you with water, gas and electricity. As I wrote earlier of Stuxnet and SCADA:
If it is true that the worm has infected nuclear power plants around the world, we have officially entered James Bond territory. A single malefic individual (feel free to visualize a bald man sitting in a leather chair as he strokes a white cat) could set off dozens of nuclear meltdowns. Simultaneously. Worse, that same malefic individual could also control water systems, electrical systems, gas pipelines -- anything that uses SCADA.
You think I overstated the case? Read on...
We saw a flurry of stories about SCADA in 2011 -- see (for example) here
. The last of those three links includes this passage, which quote Kevin Hayley of Symantec:
“The people behind Stuxnet are not done,” he said. “They've continued to do different things. This was not a one-shot deal.”
Haley declined to name any of the targets, but according to the Symantec blog, the Duqu sample was recovered from computer systems located in Europe, from a limited number of organizations, including those involved in making industrial control systems. Such SCADA, or supervisory control and data acquisition, systems are used to open and shut valves and control machinery and other physical functions at factories, gasoline refineries, and other industrial facilities, many of which are considered critical to the national security of the countries where they're located.
The Wikipedia page on Duqu
contains some astounding information.
Duqu malware is a variety of software components that together provide services to the attackers. Currently this includes information stealing capabilities and in the background, kernel drivers and injection tools.
Outsiders aren't even sure what language the malware was written in.
Duqu looks for information that could be useful in attacking industrial control systems. Its purpose is not to be destructive, the known components are trying to gather information. However, based on the modular structure of Duqu, special payload could be used to attack any type of computer systems by any means and thus cyber-physical attacks based on Duqu might be possible. However, use on personal computer systems has been found to delete all recent information entered on the system, and in some cases total deletion of the computer's hard drive.
This bit is particularly clever:
According to McAfee, one of Duqu's actions is to steal digital certificates (and corresponding private keys, as used in public-key cryptography) from attacked computers to help future viruses appear as secure software.
Arguably, whoever controls SCADA controls the world. If I understand this information aright, it seems possible that the service controlling Stuxnet and Duqu can, with the push of a button, cause the electricity to flicker off in your city. The people who wrote this malware have the ability to send us back to the stone age.
Ever see the pilot to Revolution
? Thanks to Stuxnet and Duqu, you may one day live it.
Let's stop pretending that this is all about Iran's alleged nuclear capability. Let's stop pretending that the thing "just happened" to escape. Let's stop pretending that the Israelis blindsided Obama by making Stuxnet go forth and multiply. Let's stop buying the cover story.
This is about control.
Why aren't we seeing congressional hearings?