Sunday, June 14, 2015

Hackers & Iran's Nukes

By Micah Halpern

The Wall Street Journal is reporting that a computer virus infected three hotels in Lausanne, Switzerland. Lausanne is where the nuclear talks with Iran have been taking place and where they will continue to take place. The report has set off a maelstrom - throughout Europe, the Middle East and here at home.

The source for this information is Kaspersky, one of the world's biggest antivirus companies. Kaspersky found out about the virus because they themselves were infected.
This virus is called Duqu 2.0. It does no damage. It is an advanced version of the Duqu virus of 2011which attacked Iran and it is very similar to the Stuxent virus of 2009-2010. The original Stuxnet successfully destroyed thousands of Iranian nuclear centrifuges.

Wired Magazine and The New York Times have asserted that Stuxent was a joint creation of Israel and the United States. From the point of view of resources, that makes sense.

On home and work computers, malware and worms slow down our systems.

We know that they are there. Not so with this kind of spyware.
Stuxnet, for example, was housed in the BIOS. No one ever even looks in the BIOS. Most of us don't even know what it is let alone where to look.

Duqu and Stuxnet are not the only worm warriors in today's ongoing cyber war. Only the two most glaring and talked about. There are at least two other very similar and extremely powerful worms that have been launched. There has been no press coverage of those worms.

They are Viper which came out in 2012 and Flame in 2013.

Kaspersky has said that computer spyware programs as sophisticated and stealth as these can only be the product of a country dedicated to cyber warfare. The company asserts that at least 5,000 programmers were at work designing these cyber weapons. Interestingly, Israel and the Palestinian Authority have also been hit. Kaspersky says that they have found the spyware Flame inserted into both Israeli and PA computer systems.

This brings the number of Stuxnet-type viruses to at least five.

The newly discovered Duqu 2.0 virus uses the computer as a relay. It can watch and hear everything going on in the room and everything that is on the computer can be seen and sent to its own home base. The computer's activation light for the microphone and for the camera are disabled by Duqu.
The virus takes over the entire computer.

There are only a few companies and governments that have the tools to even detect this virus. If the code is written well, no one can ever even know that the spyware was there. It even eliminates its point of entry making it impossible to find computer patient #ZERO -- the very first computer that was infected.

Both the Wall Street Journal and Kaspersky imply that Israel is
behind the spying in Lausanne.

The WSJ put it this way: Duqu 2.0 was "a virus widely believed to be used by Israeli spies."
And in their report, Kaspersky referred to Duqu 2.0 as Duqu Bet. "Bet" is the second letter of the Hebrew language. All letters in the Hebrew alphabet are assigned numerical value and the numerical value of "bet" is "two". They are clearly hinting that Israel is behind the hack. But there is no tangible evidence.

Tzipi Hotovely, Israel's deputy foreign minister, the person who is now effectively the foreign minister, addressed the innuendo during an interview on Israeli Army Radio. She said: "The international reports of Israeli involvement in the matter are baseless." She said that this is a waste of time and the main issue is to prevent a bad deal from being signed between Iran and the P5+1.

The Duqu 2.0 was also found on the computers of representatives attending the 70th anniversary of the liberation of Auschwitz. Why there? Why those computers? Because in attendance at that event were dozens of heads of state, foreign ministers, diplomats and power brokers and advisers. Several of the people involved in negotiations with Iran were there. It was the perfect place to infect the phones and computers of those one (anyone!) would want to spy on.

The Swiss are investigating. The Austrians are investigating because some of the talks took place in Vienna. The United States has said that they are aware of the threat and that they are always careful and, more than that, they will not comment.

One thing is for certain, this is not the work of a lone hacker or talented high school kid. This attack bears all the markings of a highly complex worm that cannot be found. This kind of computer spyware is created by countries - they are called APTs or Advanced Persistent Threats. They are the most sophisticated and complicated and stealth of all the computer threats out there.

By the time they are discovered, APTs have already done their harm. And most of the time, most of them go undetected. They do their job and then they go dormant. Kaput. All done. Good bye. Until next time.

Micah@MicahHalpern.com 

Read my latest book THUGS. It's easy. Just click. http://www.amazon.com/s/ref=nb_ss_gw?url=search-alias%3Daps&field-keywords=halpern%2C+micah
To reprint my essays contact sales (at) www.featurewell.com

No comments:

Post a Comment