cyber attack 311 R.
(photo credit: REUTERS)
A new powerful computer virus has been detected, which gathers information on
industrial systems ahead of a potentially crippling cyber-attack, a US Internet
security company announced this week, according to a Reuters report.
Symantec Corporation said the virus, named “Duqu,” “must either have been
created by the same group that authored Stuxnet, or by a group that somehow
managed to obtain Stuxnet’s source code,” an MSNBC report added.
is the name of a computer worm that was detected last year, which reportedly
caused significant damage to Iran’s uranium-enrichment program. It targeted
Siemens supervisory control and data acquisition systems (SCADA), used by Iran
to enrich uranium through spinning centrifuges. Foreign media reports speculated
that Israel or the US, or both, were behind the attack.
however, Duqu does not directly attack SCADA systems, but rather, sends back
information that would help attackers prepare a future strike, Symantec
Speaking to The Jerusalem Post, Gabi Siboni, director of the
Neubauer Program on Cyber Warfare at Tel Aviv University’s Institute for
National Security Studies, said, “Without relating at all to its origin and
target, the Reuters report on Duqu shows a deepening of the attempt to find ways
to penetrate industrial systems and to stay in them in order to collect
information that could, in the future, allow an attack on a target, and disrupt
command and control processes operated by the system.”
Siboni noted that
SCADA forms the basis of most industrial control systems, adding that the
controls receive information “from a range of sensors, for example: Pressure
sensors, temperature, rate of flow and dozens of additional procedural
“A cybernetic strike on these systems could damage the
reading of the sensors, thereby significantly harming the control process – and
in certain cases, could also cause real physical damage alongside environmental
and health damages. For example, a cybernetic disruption of pressure readings in
a large tank containing chemicals can cause it to explode,” Siboni
Siboni said that in the past, industrial-control centers had
been exposed to cyber-attacks, causing some plants to take protective measures,
such as isolating them from external networks and installing programs that
search for suspicious signs of infection.
Symantec said that “the
attackers are looking for information such as design documents that could help
them mount a future attack on an industrial control facility.”
infected with Duqu are connected to a command computer that is in an unknown
location in India, MSNBC added, quoting Symantec’s Vikrum Thakur.
marching orders have yet been given... But those who control the machines could
do virtually anything they wanted,” he said.