Skip to content


Boomerang! Is the Pentagon Field-Testing ‘Son of Stuxnet’?

Dissident Voice Article

By Tom Burghardt

When the cybersecurity firm Symantec announced they had discovered a sophisticated Trojan which shared many of the characteristics of the Stuxnet virus, I wondered: was the Pentagon and/or their Israeli partners in crime field-testing insidious new spyware?

According to researchers, the malicious program was dubbed “Duqu” because it creates files with the prefix “~DQ.” It is a remote access Trojan (RAT) that “is essentially the precursor to a future Stuxnet-like attack.” Mark that carefully.

In simple terms, a Trojan is malicious software that appears to perform a desirable function prior to its installation but, in fact, steals information from users spoofed into installing it, oftentimes via viral email attachments.

In the hands of enterprising security agencies, or criminals (the two are functionally synonymous), Trojans are primarily deployed for data theft, industrial or financial espionage, keystroke logging (surveillance) or the capture of screenshots which may reveal proprietary information.

“The threat” Symantec averred, “was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered.”

The malware, which began popping-up on the networks of several European firms, captured lists of running processes, account and domain information, network drives, user keystrokes and screenshots from active sessions and did so by using a valid, not a forged certificate, stolen from the Taipei-based firm, C-Media.

Whereas Stuxnet, believed to be a co-production of U.S. and Israeli cyber-saboteurs, was a weaponized virus programmed to destroy Iran’s civilian nuclear power infrastructure by targeting centrifuges that enrich uranium, Duqu is a stealthy bit of spy kit that filches data from manufacturers who produce systems that control oil pipelines, water systems and other critical infrastructure.

Sergey Golovanov, a malware expert at Kaspersky Labs told Forbes that Duqu is “is likely the brainchild of a government security apparatus. And it’s that government’s best work yet.”

Speaking from Moscow, Golovanov told Forbes in a telephone interview that “right now we are pretty sure that it is the next generation of Stuxnet.”

“We are pretty sure that Duqu is a government cyber tool and are 70% sure it is coming from the same source as Stuxnet,” Golovanov said.

“The victims’ computer systems were infected several days ago. Whatever it is,” Golovanov noted, “it is still in those systems, and still scanning for information. But what exactly it is scanning for, we don’t know. It could be gathering internal information for encryption devices. We only know that it is data mining right now, but we don’t know what kind of data and to what end it is collecting it.”

Whom, pray tell, would have “access to Stuxnet source code”?

While no government has claimed ownership of Stuxnet, IT experts told Forbes “with 100% certainty it was a government agency who created it.”

Suspects include cryptologists at the National Security Agency, or as is more likely given the outsourcing of intelligence work by the secret state, a combination of designers drawn from NSA, “black world” privateers from large defense firms along with specialists from Israel’s cryptologic division, Unit 8200, operating from the Israeli nuclear weapons lab at the Dimona complex, as The New York Times disclosed.

Analyst George Smith noted:

Stuxnet was widely distributed to many computer security experts. Many of them do contract work for government agencies, labor that would perhaps require a variety of security clearances and which would involve doing what would be seen by others to be black hat in nature. When that happened all bets were off.

Smith averred, “once a thing is in world circulation it is not protected or proprietary property.”

While one cannot demonstrably prove that Duqu is the product of one or another secret state satrapy, one can reasonably inquire: who has the means, motive and opportunity for launching this particular bit of nastiness into the wild?

“Duqu’s purpose,” Symantec researchers inform us, “is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.”

In other words, while Stuxnet was programmed to destroy industrial systems, Duqu is an espionage tool that will enable attackers “looking for information such as design documents that could help them mount a future attack on an industrial control facility.”

Although it can be argued, as Smith does, that “source code for malware has never been secure,” and “always becomes something coveted by many, often in direct proportion to its fame,” it also can’t be ruled out that military-intelligence agencies or corporate clones with more than a dog or two in the “cyberwar” hunt wouldn’t be very interested in obtaining a Trojan that clips “industrial design” information from friend and foe alike.

Black Programs

The circulation of malicious code such as Duqu’s is highly destabilizing. Considering that the U.S. Defense Department now considers computer sabotage originating in another country the equivalent to an act of war for which a military response is appropriate, the world is on dangerous new ground.

Speaking with MIT’s Technology Review, Ronald Deibert, the director of Citizen Lab, a University of Toronto think tank that researches cyberwarfare, censorship and espionage, told the publication that “in the context of the militarization of cyberspace, policymakers around the world should be concerned.”

Indeed, given the fact that it is the United States that is now the biggest proliferator in the so-called cyber “arms race,” and that billions of dollars are being spent by Washington to secure such weapons, recent history is not encouraging.

With shades of 9/11, the anthrax mailings and the Iraq invasion as a backdrop, one cannot rule out that a provocative act assigned to an “official enemy” by ruling elites just might originate from inside the U.S. security complex itself and serve as a convenient pretext for some future war.

A hint of what the Pentagon is up to came in the form of a controlled leak to The Washington Post.

Last spring, we were informed that “the Pentagon has developed a list of cyber-weapons and -tools, including viruses that can sabotage an adversary’s critical networks, to streamline how the United States engages in computer warfare.”

The list of “approved weapons” or “fires” are indicative of the military’s intention to integrate “cyberwar” capabilities into its overall military doctrine.

According to Ellen Nakashima, the “classified list of capabilities has been in use for several months and has been approved by other agencies, including the CIA.”

The Post reported that the new “framework clarifies, for instance, that the military needs presidential authorization to penetrate a foreign computer network and leave a cyber-virus that can be activated later.”

On the other hand, and here’s where Duqu may enter the frame, the “military does not need such approval, however, to penetrate foreign networks for a variety of other activities. These include studying the cyber-capabilities of adversaries or examining how power plants or other networks operate.”

Additionally, Nakashima wrote, Pentagon cyberwarriors “can also, without presidential authorization, leave beacons to mark spots for later targeting by viruses, the official said.”

As part of Washington’s on-going commitment to the rule of law and human rights, as the recent due process-free drone assassination of American citizen Anwar Al-Awlaki, followed by that of his teenage son and the revenge killing of former Libyan leader Muammar Qaddafi by–surprise!–Al Qaeda-linked militias funded by the CIA clearly demonstrate, the “use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties.”

Try selling that to the more than 3,600 people killed or injured by CIA drone strikes, as Pakistan Body Count reported, since our Nobel laureate ascended to his Oval Office throne.

As George Mason University researchers Jerry Brito and Tate Watkins described in their recent paper, Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy, despite overheated “rhetoric of ‘cyber doom’ employed by proponents of increased federal intervention,” there is a lack of “clear evidence of a serious threat that can be verified by the public.”

However, as Brito and Watkins warned, “the United States may be witnessing a bout of threat inflation similar to that seen in the run-up to the Iraq War,” one where “a cyber-industrial complex is emerging, much like the military-industrial complex of the Cold War. This complex may serve to not only supply cybersecurity solutions to the federal government, but to drum up demand for them as well.”

A “demand” which will inevitably feed the production, proliferation and deployment of a host of viral attack tools (Stuxnet) and assorted spybots (Duqu) that can and will be used by America’s shadow warriors and well-connected corporate spies seeking to get a leg-up on the competition.

While evidence of “a serious threat” may be lacking, and while proponents of increased “cybersecurity” spending advanced “no evidence … that opponents have ‘mapped vulnerabilities’ and ‘planned attacks’,” Brito and Watkins noted there is growing evidence these are precisely the policies being pursued by Washington.

Why might that be the case?

As a declining imperialist Empire possessing formidable military and technological capabilities, researcher Stephen Graham has pointed out in Cities Under Siege: The New Military Urbanism, the United States has embarked on a multibillion dollar program “to militarize the world’s global electronic infrastructures” with a stated aim to “gain access to, and control over, any and all networked computers, anywhere on Earth.”

Graham writes that “the sorts of on-the-ground realities that result from attacks on ordinary civilian infrastructure are far from the abstract niceties portrayed in military theory.”

Indeed, as “the experiences of Iraq and Gaza forcefully remind us,” robotized drone attacks and already-existent cyberwar capabilities buried in CIA and Pentagon black programs demonstrate that “the euphemisms of theory distract from the hard fact that targeting essential infrastructure in highly urbanized societies kills the weak, the old and the ill just as surely as carpet bombing.”

A Glimpse Inside the Complex

In the wake of the HBGary hack by Anonymous earlier this year, the secrecy-shredding web site Public Intelligence released a 2009 Defense Department contract proposal from the firm.

Among other things, it revealed that the Pentagon is standing-up offensive programs that “examine the architecture, engineering, functionality, interface and interoperability of Cyber Warfare systems, services and capabilities at the tactical, operational and strategic levels, to include all enabling technologies.”

HBGary, and one can assume other juiced defense contractors, are planning “operations and requirements analysis, concept formulation and development, feasibility demonstrations and operational support.”

“This will include,” according to the leaked proposal, “efforts to analyze and engineer operational, functional and system requirements in order to establish national, theater and force level architecture and engineering plans, interface and systems specifications and definitions, implementation, including hardware acquisition for turnkey systems.”

Indeed, the company will “perform analyses of existing and emerging Operational and Functional Requirements at the force, theater, Combatant Commands (COCOM) and national levels to support the formulation, development and assessment of doctrine, strategy, plans, concepts of operations, and tactics, techniques and procedures in order to provide the full spectrum of Cyber Warfare and enabling capabilities to the warfighter.”

During the course of their analysis Symantec learned that Duqu “uses HTTP and HTTPS to communicate with a command-and-control (C&C) server that at the time of writing is still operational.”

“The attackers were able to download additional executables through the C&C server, including an infostealer that can perform actions such as enumerating the network, recording keystrokes, and gathering system information. The information is logged to a lightly encrypted and compressed local file, which then must be exfiltrated out.”

To where, and more importantly by whom was that information “exfiltrated” is of course, the $64,000 question.

A working hypothesis may be provided by additional documents published by Public Intelligence.

According to a cyberwar proposal to the Pentagon by General Dynamics and HBGary, “Project C” is described as a program for the development “of a software application targeting the Windows XP Operating System that, when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk (or other remotely called commands) over a connected serial port to a remote device.”

We’re informed that Project C’s “primary objectives” was the design of an implant “that is clearly able to exfiltrate an on-disk file, opening of the CD tray, blinking of the keyboard lights, opening and deleting a file, and a memory buffer exfiltration over a connected serial line to a collection station.”

“As part of the exploit delivery package,” HBGary and General Dynamics told their prospective customers, presumably the NSA, that “a usermode trojan will assist in the loading of the implant, which will clearly demonstrate the full capability of the implant.”

Duqu, according to Symantec researchers, “uses a custom C&C protocol, primarily downloading or uploading what appear to be JPG files. However, in addition to transferring dummy JPG files, additional data for exfiltration is encrypted and sent, and likewise received.”

While we don’t know which firms were involved in the design of Stuxnet and now, Duqu, we do know, thanks to Anonymous, that HBGary had a Stuxnet copy, shared it amongst themselves and quite plausibly, given what we’ve learned about Duqu, Stuxnet source code may have been related to the above-mentioned “Project C.”

Kevin Haley, Symantec’s director of product management told The Register that “the people behind Stuxnet are not done. They’ve continued to do different things. This was not a one-shot deal.”

View the original article at dissidentvoice.org

Related Posts with Thumbnails

Posted in Health & Medical, Internet, Middle East, Politics.

Tagged with , , , , , .

Support #altnews & keep Dark Politricks alive

Remember I told you over 5 years ago that they would be trying to shut down sites and YouTube channels that are not promoting the "Official" view. Well it's happening big time. Peoples Channels get no money from YouTube any more and Google is being fishy with their AdSense giving money for some clicks but not others. The time is here, it's not "Obama's Internet Cut Off Switch" it's "Trumps Sell Everyones Internet Dirty Laundry Garage Sale".

It's not just Google/YouTube defunding altenative chanels (mine was shut), but Facebook is also removing content, shutting pages, profiles and groups and removing funds from #altnews that way as well. I was recently kicked off FB and had a page "unpublished" with no reason given. If you don't know already all Facebooks Private Messages and Secret Groups are still analysed and checked for words related to drugs, sex, war etc against their own TOS. Personally IU know there are undercover Irish police moving from group to group cloning peoples accounts and getting people booted. Worse than that I know people in court at the moment for the content they had on their secret private group. Use Telegrams secret chat mode to chat on, or if you prefer if you need to or buy a dumb phone with nothing for the NSA to hack into if you are that paranoid.

So if your not supporting this site already which brings you news from the Left to the Right (really the same war mongering bollox) then I could do with some. Even if it's just £5 or tick the monthly subscription box it will be much appreciated. Read on to find out why/

Why?

Any support to keep this site would be appreciated. You could set up a monthly subscription for £2 like some people do or you could pay a one off donation as a gift.
I am not asking you to pay me for other people's articles, this is a clearing house as well as place to put my own views out into the world. I am asking for help to write more articles like my recent
false flag gas attack to get WWIII started in Syria, and Trump away from Putin. Hopefully a few missiles won't mean a WikiLeaks release of that infamous video Trump apparently made in a Russian bedroom with Prostitutes. Also please note that this article was written just an hour after the papers came out, and I always come back and update them.

If you want to read JUST my own articles then use the top menu I have written hundreds of articles for this site and I host numerous amounts of material that has seen me the victim of hacks, DOS plus I have been kicked off multiple hosting companies, free blogging sites, and I have even had threats to cease and desist from the US armed forces. Therefore I have to pay for my own server which is NOT cheap. The more people who read these article on this site the more it costs me so some support would be much appreciated.

I have backups of removed reports shown, then taken down after pressure, that show collusion between nations and the media. I have the full redacted 28/29 pages from the 9.11 commission on the site which seems to have been forgotten about as we help Saudi Arabia bomb Yemeni kids hiding in the rubble with white phosphorus, an illegal weaapon. One that the Israeli's even used when they bombed the UN compound in Gaza during Operation Cast Lead. We complain about Syrian troops (US Controlled ISIS) using chemical weapons to kill "beautiful babies". I suppose all those babies we kill in Iraq, Yemen, Somalia and Syria are just not beautiful enough for Trumps beautiful baby ratio. Plus we kill about 100 times as many as ISIS or the Syrian army have managed by a factor of about 1000 to 1.

I also have a backup of the FOX News series that looked into Israeli connections to 9.11. Obviously FOX removed that as soon as AIPAC, ADL and the rest of the Hasbra brigade protested.

I also have a copy of the the original Liberal Democrats Freedom Bill which was quickly and quietly removed from their site once they enacted and replaced with some watered down rubbish instead once they got into power. No change to police tactics, protesting or our unfair extradition treaty with the USA but we did get a stop to being clamped on private land instead of the mny great ideas in the original.

So ANY support to keep this site running would be much appreciated! I don't have much money after leaving my job and it is a choice between shutting the server or selling the domain or paying a lot of money just so I can show this material. Material like the FSB Bombings that put Putin in power or the Google no 1 spot when you search for protecting yourself from UK Police with "how to give a no comment interview". If you see any adverts that interest you then please visit them as it helps me without you even needing to give me any money. A few clicks per visit is all it takes to help keep the servers running and #altnews alive!

However if you don't want to use the very obvious and cost free ways (to you) to help the site and keep me writing for it then please consider making a small donation. Especially if you have a few quid sitting in your PayPal account doing nothing useful. Why not do a monthly subscription for less money instead. Will you really notice £5 a month?


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.



css.php