On October 20th, 2011, Paul Wagenseil reported for MSNBC on the mystery that is Duqu. Again, Duqu is a new variant on the Stuxnet worm and has been aptly named "the son of Stuxnet." However, it is unclear who exactly is behind Duqu. Stuxnet was designed to disrupt operations at Iranian nuclear-weapons facilities, and is generally regarded as a joint effort between the United States and Israel. Although Stuxnet's source code has never been released, Duqu shares unmistakable similarities with Stuxnet, according to the article at MSNBC by Paul Wagenseil. Specifically, Duqu has been found snooping around industrial control systems, much like Stuxnet did at the Iranian facilities. This raises the question: is the United States and/or Israel behind Duqu?
The article notes that cybersecurity experts are divided. Some experts argue that there is still no firm evidence that the US or Israel is behind Stuxnet. Some argue that even if the US and Israel were behind Stuxnet, they could have hired a third party to code the worm for them; this third party could have then re-used sections of Stuxnet to create Duqu. Finally, some experts believe that the intelligence agencies of the US and Israel are involved with Duqu. Graham Cluley, a cybersecurity expert, noted that "regardless of the authorship of Stuxnet and Duqu, I would be very surprised if the USA and Israel weren't using malware to spy on others via the Internet . . . as are just about every other country in the world."
What, then, is Duqu doing? Mikko Hypponen of the Finnish anti-virus company F-Secure wrote that "My best guess is that the attackers are gathering information for the next attack. It's perfectly possible they did a similar information-gathering phase in 2008 or 2009 for the original Stuxnet and we just missed it."
The source article, entitled Who's behind worm Duqu, 'son of Stuxnet'? and copyrighted by SecurityNewsDaily, can be found here.
Leave a Reply