New ‘Stuxnet-related’ virus may be set for cyber-attack

Computer virus similar to Stuxnet detected in Europe; designed to capture keystrokes and gain remote access; US issues public alert.

October 21, 2011 01:40
2 minute read.
Analysts work at NCCIC

cyber attack 311 R. (photo credit: REUTERS)


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user uxperience almost completely free of ads
  • Access to our Premium Section and our monthly magazine to learn Hebrew, Ivrit
  • Content from the award-winning Jerusalem Repor
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

A new powerful computer virus has been detected, which gathers information on industrial systems ahead of a potentially crippling cyber-attack, a US Internet security company announced this week, according to a Reuters report.

The Symantec Corporation said the virus, named “Duqu,” “must either have been created by the same group that authored Stuxnet, or by a group that somehow managed to obtain Stuxnet’s source code,” an MSNBC report added.

Be the first to know - Join our Facebook page.

Stuxnet is the name of a computer worm that was detected last year, which reportedly caused significant damage to Iran’s uranium-enrichment program. It targeted Siemens supervisory control and data acquisition systems (SCADA), used by Iran to enrich uranium through spinning centrifuges. Foreign media reports speculated that Israel or the US, or both, were behind the attack.

Unlike Stuxnet, however, Duqu does not directly attack SCADA systems, but rather, sends back information that would help attackers prepare a future strike, Symantec said.

Speaking to The Jerusalem Post, Gabi Siboni, director of the Neubauer Program on Cyber Warfare at Tel Aviv University’s Institute for National Security Studies, said, “Without relating at all to its origin and target, the Reuters report on Duqu shows a deepening of the attempt to find ways to penetrate industrial systems and to stay in them in order to collect information that could, in the future, allow an attack on a target, and disrupt command and control processes operated by the system.”

Siboni noted that SCADA forms the basis of most industrial control systems, adding that the controls receive information “from a range of sensors, for example: Pressure sensors, temperature, rate of flow and dozens of additional procedural parameters.”

“A cybernetic strike on these systems could damage the reading of the sensors, thereby significantly harming the control process – and in certain cases, could also cause real physical damage alongside environmental and health damages. For example, a cybernetic disruption of pressure readings in a large tank containing chemicals can cause it to explode,” Siboni explained.

Siboni said that in the past, industrial-control centers had been exposed to cyber-attacks, causing some plants to take protective measures, such as isolating them from external networks and installing programs that search for suspicious signs of infection.

Symantec said that “the attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”

Systems infected with Duqu are connected to a command computer that is in an unknown location in India, MSNBC added, quoting Symantec’s Vikrum Thakur.

“No marching orders have yet been given... But those who control the machines could do virtually anything they wanted,” he said.

Related Content

Holland Park’s forest, north of Eilat.
August 11, 2014
Promising trend of prosecution for environmental crimes, officials say