′Son of Stuxnet′ hits European computer networks | Science| In-depth reporting on science and technology | DW | 21.10.2011
  1. Inhalt
  2. Navigation
  3. Weitere Inhalte
  4. Metanavigation
  5. Suche
  6. Choose from 30 Languages
Advertisement

Science

'Son of Stuxnet' hits European computer networks

The discovery of a new computer virus called Duqu has raised talk of preemptive cyberattacks. But the IT security firm Symantec says preemptive strikes are unrealistic because it's so hard to know what to target.

Symbol of a Trojan Horse computer virus

Duqu is a relative of the malicious virus Stuxnet

Internet security firms have raised the specter of a new round of cyber warfare with last week's detection of the Duqu virus - a "relative" of last year's Stuxnet malware, which is thought to have slowed down at least one Iranian nuclear facility.

Duqu's detection comes amid growing talk in Europe about launching pre-emptive strikes to stop cyberattacks before they happen. But the nature of malware like Duqu and Stuxnet make pre-emptive strikes unrealistic.

"The problem is you can't really say where they come from," Candid Wüest, a virus expert at IT security firm Symantec told Deutsche Welle.

"You need evidence about who is behind an attack before you can strike pre-emptively," said Wüest, "but you can never be sure - you can't attack infrastructure, or even send in a stealth bomber, because any information about a location could be a red herring."

Malware makers can hide their tracks using spoofing, VPNs, proxy services and other means to make it look like they are based in any number of countries - when in truth they are somewhere completely different.

Symantec logo

Symantec has been analyzing Duqu since October 14

Not spreading, but waiting

Wüest is one of the experts at Symantec, who is currently analyzing the source code behind Duqu. Symantec says it was alerted to the new threat on October 14 by a laboratory that has "international connections."

Since then, Symantec's investigations suggest that a "few hundred systems have been infected at a handful of companies," many of which are in Europe.

Another IT security firm, McAfee, is also working on the virus. McAfee and Symantec both believe that Duqu shares strong similarities with the Stuxnet virus.

Some of its source code matches that of Stuxnet and because the Stuxnet code is not known to be available online, they say it is likely that Duqu was created by the same people or that they sold the code to another group. While it remains unclear where Stuxnet came from, the New York Times reported in January 2011 that Stuxnet was developed by the American and Israeli governments.

But there are significant differences as well between Duqu and Stuxnet.

"Duqu is not spreading like Stuxnet," said Wüest, "Duqu was carefully placed and can be controlled remotely."

Experts believe that Duqu has been used to target only a limited number of organizations for the specific assets.

"Its warhead is not aimed at the technology industry, it's being used to steal information, so it's more like industrial espionage," Wüest added.

Stuxnet graphic

Stuxnet specifically targeted Siemens control systems

Industrial control systems

By contrast, Stuxnet was created to attack particular computer control systems made by the German firm Siemens.

These control systems are typically used to manage water supplies, oil rigs, power plants and other critical infrastructure.

Stuxnet infections were also found at Iranian nuclear facilities in 2010, leading some to speculate that the virus may have been designed by state actors - by governments or state security services who had wanted to disrupt Iran's nuclear program.

A year later, Siemens spokesman Wieland Simon is keen to stress that "no customers reported any disruptions" of their control systems because of Stuxnet.

Siemens products have also so far not been affected by Duqu.

"We learnt quite a bit through our experience with Stuxnet," said Simon, "but we tell everyone that security starts with awareness of the problem at managerial levels and right down to the front desk."

British Foreign Minister William Hague

British Foreign Minister William Hague said the UK would adopt a cyber first-strike policy

Government intervention

It is a slightly more "internal" approach than the one being adopted by the United Kingdom.

British Foreign Minister William Hague has said his country is developing an unspecified electronic weapons that could be used to defend Britain against cyber attacks or prevent them.

Earlier this week, he told The Sun, a British newspaper that the United Kingdom was prepared to strike first in a cyber conflict, and that there was potential for a cyber arms to grow out of control.

Hague's comments could soon be echoed in Germany, where the Criminal Police Union (BDK) called this week for a specialized federal ministry for the Internet.

Andre Schulz, the head of the BDK, told Deutsche Welle there was no danger that such a ministry would politicize issues around cyber warfare.

"It's a sad situation," said Schulz, "to realize that the government considers the Chaos Computer Club as its experts on IT security - we need a centralized body and I think that would be in the interest of business too."

The CCC revealed nearly two weeks ago that a German government tool designed to perform digital surveillance domestically, went well beyond its legal guidelines.

Wieland Simon, the Siemens spokesperson, was less than encouraging, suggesting that "no government can guarantee it can protect a country or entity against cyber attack."

But there is still pressure for governments to do something.

"In future wars, there will be a cyber element," said Mikko Hypponen, the chief research officer of F-Secure, a computer security firm, in an interview with Deutsche Welle. "Countries hope that if they threaten to use missiles to retaliate against a cyber attack, others will think twice about launching one."

Author: Zulfikar Abbany
Editor: Cyrus Farivar

DW recommends

Advertisement