New ‘Stuxnet-related’ virus may be set for cyber-attack
Computer virus similar to Stuxnet detected in Europe; designed to capture keystrokes and gain remote access; US issues public alert.
By YAAKOV LAPPIN
A new powerful computer virus has been detected, which gathers information on industrial systems ahead of a potentially crippling cyber-attack, a US Internet security company announced this week, according to a Reuters report.The Symantec Corporation said the virus, named “Duqu,” “must either have been created by the same group that authored Stuxnet, or by a group that somehow managed to obtain Stuxnet’s source code,” an MSNBC report added.Stuxnet is the name of a computer worm that was detected last year, which reportedly caused significant damage to Iran’s uranium-enrichment program. It targeted Siemens supervisory control and data acquisition systems (SCADA), used by Iran to enrich uranium through spinning centrifuges. Foreign media reports speculated that Israel or the US, or both, were behind the attack.Unlike Stuxnet, however, Duqu does not directly attack SCADA systems, but rather, sends back information that would help attackers prepare a future strike, Symantec said.Speaking to The Jerusalem Post, Gabi Siboni, director of the Neubauer Program on Cyber Warfare at Tel Aviv University’s Institute for National Security Studies, said, “Without relating at all to its origin and target, the Reuters report on Duqu shows a deepening of the attempt to find ways to penetrate industrial systems and to stay in them in order to collect information that could, in the future, allow an attack on a target, and disrupt command and control processes operated by the system.”Siboni noted that SCADA forms the basis of most industrial control systems, adding that the controls receive information “from a range of sensors, for example: Pressure sensors, temperature, rate of flow and dozens of additional procedural parameters.”“A cybernetic strike on these systems could damage the reading of the sensors, thereby significantly harming the control process – and in certain cases, could also cause real physical damage alongside environmental and health damages. For example, a cybernetic disruption of pressure readings in a large tank containing chemicals can cause it to explode,” Siboni explained.Siboni said that in the past, industrial-control centers had been exposed to cyber-attacks, causing some plants to take protective measures, such as isolating them from external networks and installing programs that search for suspicious signs of infection.Symantec said that “the attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”Systems infected with Duqu are connected to a command computer that is in an unknown location in India, MSNBC added, quoting Symantec’s Vikrum Thakur.