On Dec. 29th, 2011, Fox News reported on a new twist in the Stuxnet story. The article summarized research from Kaspersky Lab, a well-noted Russian anti-virus firm. Kaspersky Labs have discovered that Stuxnet was one of five cyber weapons developed on a single platform, and that Duqu was likely built off of the same platform.
The article explains that "the platform" is a group of software modules that can basically be reassembled like Legos. In effect, you can create different pieces of malware using the same foundational code. Thus, "developers can build new cyber weapons by simply adding and removing modules."
The article goes on to say that Kaspersky Labs believe that there are 3 other pieces of malware built off of the same platform that created Stuxnet. Kaspersky named the platform Tilded. Kaspersky didn't find the other pieces of malware, but Kaspersky are almost certain that they exist.
This is where things get really interesting. Kaspersky discovered that Duqu and Stuxnet seek out each other on infected computers. Moreover, Stuxnet and Duqu are also seeking out "three other unique registry keys." This is what ultimately led Kaspersky to conclude that three other pieces of malware are somehow involved.
The Fox News source article can be found here.
***
ZDNet quoted Kaspersky on the same news:
"New information on the infections with the Duqu and Stuxnet Trojans confirms that one team is behind this family of malicious programs, and also permits the assumption that a single platform was used, which is flexibly adaptable to specific targets . . . This platform may have been developed long before the Stuxnet epidemic and used more actively than has been thought up to now."
***
Wow.
This is extremely interesting, for several reasons.
First, the news that Stuxnet and Duqu seek each other out seems to say that Duqu and Stuxnet are strongly related. Both pieces of malware seem to have a common goal. This caught my attention in light of this earlier blog post, explaining how Duqu, Conficker, and Stuxnet may all be working together (and seemingly did work together to temporarily bring down the Iranian nuclear program).
Second, if Stuxnet and Duqu are strongly related, then that strengthens the connection between the US and Duqu. A few cybersecurity firms have concluded that the US/Israel is behind Stuxnet. If Stuxnet and Duqu are built off of the same platform and communicate with each other, there is a pretty strong inference that the US/Israel had a strong hand in Duqu. At the very least, whoever was behind Stuxnet is very likely behind Duqu.
Third, if the US is behind Stuxnet and Duqu (and possibly even Conficker), the US may have a more advanced offensive cyber capability than once thought. The general consensus has always been that the US lags behind other countries (notably China) in the cyberwarfare realm. However, Stuxnet's code was so complex that it was once described as "alien." Now there is the possibility that 3 other equally complex pieces of malware are floating around, all built off of the same Tilded platform. If the US truly did have a hand in Stuxnet, it had a hand in the Tilded platform. That means that the US may be a whole lot better at offensive cyber-operations than anyone previously thought. Granted, we still can't defend our networks for a damn, but it's a start.
Which brings me to my last point. The US had a hand in creating and deploying Stuxnet. It had to. Kaspersky concluded that Stuxnet's complexity required the resources of a nation-state. The US and Israel had a motive to delay the Iranian nuclear program. Duqu, Stuxnet, and 3 other pieces of malware were all created on the same software platform from the same team. Finally, my humor theory: Stuxnet attacked on April Fool's day 2009, the date Ahmadinejad declared that Iran would pursue its nuclear program despite international condemnation, and the date of Ahmadinejad's visit to Columbia University in NYC. Who else can combine that level of resources, with that level of expertise, with the motive to delay the Iranian program, with that much biting sarcasm? China? C'mon. Russia? With their sense of humor? We may never know for sure, but my money is on the US/Israel.
Leave a Reply