Wednesday, October 19, 2011

Researchers warn of new Stuxnet

Researchers have found evidence that the Stuxnet worm, which alarmed governments around the world, could be about to regenerate.

Stuxnet was a highly complex piece of malware created to spy on and disrupt Iran's nuclear programme.

No-one has identified the worm authors but the finger of suspicion fell on the Israeli and US governments.

The new threat, Duqu is, according to those who discovered it, "a precursor to a future Stuxnet-like attack".

Its discovery was made public by security firm Symantec, which in turn was alerted to the threat by one of its customers.

Symantec looked at samples of the threat gathered from computer systems located in Europe.

Initial analysis of the worm found that parts of Duqu are nearly identical to Stuxnet and suggested that it was written by either the same authors or those with access to the Stuxnet source code.

"Unlike Stuxnet, Duqu does not contain any code related to industrial control systems and does not self-replicate," Symantec said in its blog.

"The threat was highly targeted towards a limited number of organisations for their specific assets."

In other words, Duqu is not designed to attack industrial systems, such as Iran's nuclear production facilities, as was the case with Stuxnet, but rather to gather intelligence for a future attack.

The code has, according to Symantec, been found in a "limited number of organisations, including those involved in the manufacturing of industrial control systems".

Symantec's chief technology officer Greg Day told the BBC that the code was highly sophisticated.

"This isn't some hobbyist, it is using bleeding-edge techniques and that generally means it has been created by someone with a specific purpose in mind," he said.

Whether that is state-sponsored and politically motivated is not clear at this stage though.

"If it is the Stuxnet author it could be that they have the same goal as before. But if code has been given to someone else they may have a different motive," Mr Day said.

He added that there was "more than one variant" of Duqu.

"It looks as if they are tweaking and fine-tuning it along the way," he said.

The worm also removes itself from infected computers after 36 days, suggesting that it is designed to remain more hidden than its predecessor.

The code used a "jigsaw" of components including a stolen Symantec digital certificate, said Mr Day.

"We provide digital certificates to validate identity and this certificate was stolen from a customer in Taiwan and reused," said Mr Day.

The certificate in question has since been revoked by Symantec.

Cyber warfare

The discovery of the Stuxnet worm was a game-changer in the world of malware and forced governments around the world to beef up the security behind critical systems such as power and water.

It brought the issues of cyber warfare, government-to-government espionage and cyber terrorism firmly to the top of the agenda.

Experts who have studied the Stuxnet worm say that it was configured to damage motors used in uranium-enrichment centrifuges by sending them spinning out of control.

Iran later admitted that some of its centrifuges had been sabotaged although it downplayed the significance of Stuxnet in that.

Stuxnet is not the only example of malware designed to cause government-level disruption.

In 2009 China was accused of spying on Google and in the summer US defence firm Lockheed Martin was victim of a "significant cyber-attack" although it said that none of its programmes had been compromised.

This week the US Department for Homeland Security warned that politically-motivated hackers such as the Anonymous co-operative could begin to target industrial control systems.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement

Android shows Ice Cream Sandwich

Google has unveiled the latest version of its industry-leading Android smartphone software.

Ice Cream Sandwich adds a range of new features and a redesigned interface.

The system was launched in partnership with Samsung, whose Galaxy Nexus handset will be the first to use it.

Android's main rival, Apple, released an update to its iOS software last week, although many owners were unable to download it immediately due to overwhelming demand.

Ice Cream Sandwich - also known as Android 4.0 - follows the tradition of naming versions after cakes, confectionary or frozen desserts.

Previous releases have been codenamed Cupcake, Donut, Eclair, Froyo and Gingerbread.

Design changes for Android 4.0 include:

  • Replacing physical buttons on devices with equivalent on-screen icons.
  • New lock screen features - the ability to access camera and notifications.
  • Ability to group apps and shortcuts by dragging icons onto each other.
  • Redesigned multi-tasking screen. Applications are represented by scrollable tiles.

Other software changes include:

  • Face recognition unlocking. Rather than entering a pattern code as in previous versions, users can opt to look into their camera.
  • Enhanced email capability - support for nested subfolders
  • Android Beam - users can swap web content or links to apps by touching their phones together.
  • Enhanced voice input featuring a continuously open microphone - meaning phones listen out for instructions.
Phoney war

Android - which is owned by Google - and Apple are continually leap-frogging each other in terms of design and functions, as both compete for customers in the fast-growing global smartphone market.

According to figures published by Canalsys in August, Android handsets accounted for 48% of smartphones shipped to retailers, compared to 19% for Apple devices. However, many more Android models are available, from manufacturers such as HTC, Motorola, Samsung and Sony Ericsson.

The fierce competition has, on occasion, brought the two sides into direct conflict.

Apple and Samsung are currently engaged in a number of legal battles, around the world, some of which involve claims of patent infringement and "copying" of device look and feel.

To date, Apple has obtained injunctions on Samsung Galaxy tablets being sold in Germany and Australia, with a ban on some smartphones due to come into effect in the Netherlands.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement