European industries, possibly including nuclear power stations, have been targeted by cyber spies preparing physical sabotage of the kind that wrecked Iran’s nuclear complex last year.
Researchers suspect whoever was behind the Iranian attack using the Stuxnet worm, which wrecked centrifuges used to enrich uranium at Natanz, is likely to be behind the reconnaissance operation in Europe.
The European attack, spotted by cyber security investigators and confirmed by Symantec in their Dublin laboratories, uses source code which can only have come from whoever developed the original Stuxnet infection.
Stuxnet revolutionised thinking on cyber war by demonstrating that a programme can leap from the virtual world into the real to do physical damage.
Its development shocked governments and major industries around the world into upgrading their security and increasing spending on cyber defence.
This latest version of the Stuxnet worm, dubbed “Duqu”, does not spread itself through a system and thereby reveal itself.
Instead it has been tailored to remain covert while sending back data on the vulnerabilities of major industrial processes.
“What we have seen is probably the early stages of an attack – a reconnaissance and intelligence gathering operation to steal information which could then be used to develop the ability to conduct what is likely to be some form of sabotage,” said Orla Cox, a lead researcher at Symantec in Dublin.
The company would not say which countries and industries had been singled out by Duqu only that it was very carefully tailored and had infected “less than 10 companies”.
Stuxnet was developed to attack equipment manufactured by Seimens, who have the largest market share for electrical generating systems in the world.
But there is no reason why it could not have been adapted for use against other industrial processes.
According to Symantec, Duqu is configured to vanish from an infected system 36 days after encrypting and sending information on systems to its masters.
“The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party,” Symantec said.
Duqu captures system information and covertly logs the keystrokes of people working on the manufacture of industrial systems.
Israel and the US have been widely suspected of the original Stuxnet attack against Iran.
But the targeting on European targets may indicated that the US, at least, is unlikely to be behind the Duqu espionage programme.
In September, Mitsubishi Heavy Industries in Japan, which manufactures equipment for guided missiles, submarines and other strategic weapons was penetrated in a spear phishing attack which targeted individual employees.
Last week a Raytheon employee said that the manufacturer of the Paveway bombs and Javelin missiles had been similarly penetrated.
Earlier this year Lockheed-Martin, which is building the F-35 Jet for the USAF, was forced to change the passwords of 100,000 employees after its cyber defences were breached.
And the US drone aircraft fleet has also been infected by a virus – the US department of defence has insisted that this infection is benign.
Meanwhile, it is now clear the world is locked into an ever-escalating cyber conflict which verges on an undeclared war.
The problem is that no one really knows who is fighting who.
Source : Sky News