Tuesday, December 13, 2011

India's Superpower and I


  • 0
  • 0
By Jim Finkle and Supantha Mukherjee | December 12, 2011 1:42 PM EST
(REUTERS) -- Indian authorities are investigating a computer server in Mumbai for links to the Duqu malicious software that some security experts warned could be the next big cyber threat.
(Photo: REUTERS / Tim Wimborne)
Computer virus Duqu linked to Microsoft bug
Related Articles
Get World Emails&Alerts
Get summaries of the top business news from a global perspective Sample
Web Werks, a Mumbai-based Web-hosting company, said it had given an image of the suspicious virtual private server to officials from the Indian Computer Emergency Response Team (CERT-In), after security firm Symantec Corp found the server was communicating with computers infected with the Duqu virus.
The virtual private server was leased to a client in Milan, Italy, according to Nikhil Rathi, founder of Web Werks. "This is an unmanaged server. So, you just make it and let the customer access it," he said. "When you hand over a server to a customer, that's it, it's his. He can change his password and do whatever he wants with it."
Like us on Facebook
News of Duqu first surfaced on October 18 when Symantec said in a report that a research lab with international connections had alerted it to a mysterious computer virus that "appeared to be very similar to Stuxnet," a piece of malicious software believed to have wreaked havoc on Iran's nuclear program.
Government and private investigators around the world are racing to unlock the secret of Duqu, with early analysis suggesting that it was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.
The image from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said.
"This one is challenging," said Marty Edwards, director of the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."
He declined to comment on the investigation by authorities in India, but said that his agency was working with counterparts in other countries to learn more about Duqu.
An official in India's Department of Information Technology who investigates cyber attacks also declined to discuss the matter. "I am not able to comment on any investigations," said Gulshan Rai, director of CERT-In.
UNLOCKING THE SECRET
Stuxnet is malicious software designed to target widely used industrial control systems built by Germany's Siemens. It is believed to have crippled centrifuges that Iran uses to enrich uranium for what the United States and some European nations have charged is a covert nuclear weapons program. [ID:nL3E7LI1PL]
Duqu appears to be more narrowly targeted than Stuxnet as researchers estimate the new Trojan virus has infected at most dozens of machines so far. By comparison, Stuxnet spread much more quickly, popping up on thousands of computer systems.
Security firms including Dell Inc's SecureWorks, Intel Corp's McAfee, Kaspersky Lab and Symantec say they found Duqu victims in Europe, Iran, Sudan and the United States. They declined to provide their identities.
Duqu -- so named because it creates files with "DQ" in the prefix -- was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches.
Experts suspect that information is being gathered for use in developing future cyber weapons that would target the control systems of critical infrastructure.
The hackers behind Duqu are unknown, but their sophistication suggests they are backed by a government, researchers say.
"A cyber saboteur should understand the engineering specifications of every component that could be targeted for destruction in an operation," said John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit.
That is exactly what the authors of Stuxnet did when they built that cyber weapon, said Bumgarner, who is writing a paper on the development of Stuxnet.
"They studied the technical details of gas centrifuges and figured out how they could be destroyed," he said.
Such cyber reconnaissance missions are examples of an increasingly common phenomenon known as "blended" attacks, where elite hackers infiltrate one target to facilitate access to another.
Hackers who infiltrated Nasdaq's computer systems last year installed malware that allowed them to spy on the directors of publicly held companies.
In March, hackers stole digital security keys from EMC Corp's RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin Corp.
Researchers said they are still trying to figure out what the next phase of Duqu attacks might be.
"We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."
(Reporting by Supantha Mukherjee in New York, Jim Finkle in Boston; Additional reporting by Henry Foy in Mumbai; editing by Tiffany Wu)
(This story corrects fourth paragraph to show that Symantec did not claim that it had found Duqu, but that it said a research lab with international connections had alerted it to the virus.)
(This story corrects paragraphs one and two after Web Werks said Indian authorities made copies of the suspicious server and did not seize equipment; adds Web Werks comment on client in paragraph three; removes paragraphs eight and nine that referred to equipment being seized)
Follow us on LinkedIn Follow IBTimes LinkedIn LinkedIn
  • Rate this Story
  • 0
  • 0
Copyright 2011 Thomson Reuters. All rights reserved.
Get World Emails&Alerts
Get summaries of the top business news from a global perspective
View Sample
world
Your Email
We value your privacy. Your email address will not be shared.

Join the Conversation


  • Share on:

    Facebook

  • Chinese (government) hackers have wormed their ways into Indian government's super secret agencies, not very long time ago. Central Bureau of Investigation, CBI, Indian variation of American (dreaded) CIA hushed up the claim. CBI has been in this business for long time. Only few months earlier, the prime minister, Dr Manmohan Singh, inaugurated a fancy, modern facility in New Delhi, announcing to the (under) world that India can match their wits, so to say, with any other witless, when it comes to (super) computerization.Ah, well. India boasts about their (IIT) academic factories producing the best IT experts, innovators and few millionaires, less few billionaires, whose combined riches are running America. I ain't kidding. Everybody who is somebody is packing their (carpet) bags and rushing to California, new Jersey shores to find the (IT) gold. Make it a platinum rush. There ain't no gold in them thar hills of Cali four nia aye.
    ...and I am Sid harth@sidileaks.net



...and I am Sid Harth@cogitoergosuminc.com
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)