Son of Stuxnet?

When an unknown entity, most likely some combination of Western and Israeli intelligence agencies, created Stuxnet, the mysterious computer worm widely thought to be targeted at Iran's nuclear program, cybersecurity experts warned that a new digital threat had been unleashed, with potentially dangerous and wideranging consequences.

David Hoffman wrote about Stuxnet for FP back in March:

The Institute for Science and International Security (ISIS), which has closely monitored the Iranian nuclear effort, reported that in late 2009 or early 2010, Iran decommissioned and replaced about 1,000 centrifuges in its uranium-enrichment plant at Natanz. If the goal of Stuxnet was to "set back Iran's progress" while making detection of the malware difficult, an ISIS report stated, "it may have succeeded, at least for a while."

But there are risks of blowback. Langner warns that such malware can proliferate in unexpected ways: "Stuxnet's attack code, available on the Internet, provides an excellent blueprint and jump-start for developing a new generation of cyber warfare weapons." He added, "Unlike bombs, missiles, and guns, cyber weapons can be copied. The proliferation of cyber weapons cannot be controlled. Stuxnet-inspired weapons and weapon technology will soon be in the hands of rogue nation states, terrorists, organized crime, and legions of leisure hackers."

Industrial control systems that were the target of Stuxnet are spread throughout the world and vulnerable to such attacks. In one 11-year-old Australian case, a disenchanted employee of the company that set up the control system at a sewage plant later decided to sabotage it. From his laptop, the worker ordered it to spill 211,337 gallons of raw sewage, and the control system obeyed -- polluting parks, rivers, and the grounds of a hotel, killing marine life and turning a creek's water black.

Now, tech researchers at Symantec and F-Secure have identified a new piece of malware they're calling Duqu, and which they say is very similar to Stuxnet.

According to Symantec, "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

Nobody knows who created Duqu, or why. (Says F-Secure: "Was Duqu written by US Government? Or by Israel? We don't know. Was the target Iran? We don't know.")

But Symantec reports that "the threat was highly targeted toward a limited number of organizations for their specific assets. ... The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party."

So are we seeing another attempt by the same crowd that brought us Stuxnet in the first place? Or disturbing evidence that the predictions of Langner and others are coming true -- that a tool intended to cripple Iran's nuclear enrichment efforts has now been repurposed, possibly by another foreign government or a criminal syndicate?

We may find out in short order. F-Secure's Mikko Hypponen, who has adopted the hashtag #Stuxnet2, warns on his Twitter feed: "If Duqu was indeed an information gathering operation, we should expect the real attack soon."


The Uzbek lobby vs. Herman Cain

The title of this Ben Smith post is slightly misleading. It's not Uzbeks who are angry about Herman Cain's argument that he doesn't need to know the names of silly little countries like Ubeki-beki-beki-stan-stan, it's Ubeki-beki-beki-stan-stan's people in Washi-washi-washington:

And Carolyn Lamm, head of the American Uzbekistan Chamber of Commerce, blasted Cain's comments.

“Anyone who's going to lead our country needs to know about our important foreign relationships,” she said.

“U.S. business in Uzbekistan is very important, some of our top companies are doing excellent business there, including Boeing and Case New Holland,” Lamm said. "It does enhance jobs in the United States. So it's incorrect to think that it doesn’t, and really a conversation with any of our members would probably tell you in great detail why that is and how that is.”

I was interested to see Lamm quoted, and to note that she's now leading the American Uzbek Chamber of Commerce. Back in 2009, FP ran a story after she was named president of the American Bar Association, noting her past work as a lobbyist for Uzbekistan and as a lawyer for company owned by Gulnara Karimova, the globetrotting daughter of the country's president. At the time she was a vice president at the chamber of commerce. The connection was particularly unfortunate given that the ABA's own office promoting rule of law in Uzbekistan had been forced to shut down shortly after the 2005 Andijan massacre. Lamm's response to the article is here.

All the same, there is a very good case to be made, and Joshua Foust makes it here, that Uzbekistan is a country that a wannabe U.S. president ought to have some familiarity with... or at least pretend to.