Son of Stuxnet?

When an unknown entity, most likely some combination of Western and Israeli intelligence agencies, created Stuxnet, the mysterious computer worm widely thought to be targeted at Iran’s nuclear program, cybersecurity experts warned that a new digital threat had been unleashed, with potentially dangerous and wideranging consequences. David Hoffman wrote about Stuxnet for FP back in ...

When an unknown entity, most likely some combination of Western and Israeli intelligence agencies, created Stuxnet, the mysterious computer worm widely thought to be targeted at Iran's nuclear program, cybersecurity experts warned that a new digital threat had been unleashed, with potentially dangerous and wideranging consequences.

David Hoffman wrote about Stuxnet for FP back in March:

The Institute for Science and International Security (ISIS), which has closely monitored the Iranian nuclear effort, reported that in late 2009 or early 2010, Iran decommissioned and replaced about 1,000 centrifuges in its uranium-enrichment plant at Natanz. If the goal of Stuxnet was to "set back Iran's progress" while making detection of the malware difficult, an ISIS report stated, "it may have succeeded, at least for a while."

When an unknown entity, most likely some combination of Western and Israeli intelligence agencies, created Stuxnet, the mysterious computer worm widely thought to be targeted at Iran’s nuclear program, cybersecurity experts warned that a new digital threat had been unleashed, with potentially dangerous and wideranging consequences.

David Hoffman wrote about Stuxnet for FP back in March:

The Institute for Science and International Security (ISIS), which has closely monitored the Iranian nuclear effort, reported that in late 2009 or early 2010, Iran decommissioned and replaced about 1,000 centrifuges in its uranium-enrichment plant at Natanz. If the goal of Stuxnet was to "set back Iran’s progress" while making detection of the malware difficult, an ISIS report stated, "it may have succeeded, at least for a while."

But there are risks of blowback. Langner warns that such malware can proliferate in unexpected ways: "Stuxnet’s attack code, available on the Internet, provides an excellent blueprint and jump-start for developing a new generation of cyber warfare weapons." He added, "Unlike bombs, missiles, and guns, cyber weapons can be copied. The proliferation of cyber weapons cannot be controlled. Stuxnet-inspired weapons and weapon technology will soon be in the hands of rogue nation states, terrorists, organized crime, and legions of leisure hackers."

Industrial control systems that were the target of Stuxnet are spread throughout the world and vulnerable to such attacks. In one 11-year-old Australian case, a disenchanted employee of the company that set up the control system at a sewage plant later decided to sabotage it. From his laptop, the worker ordered it to spill 211,337 gallons of raw sewage, and the control system obeyed — polluting parks, rivers, and the grounds of a hotel, killing marine life and turning a creek’s water black.

Now, tech researchers at Symantec and F-Secure have identified a new piece of malware they’re calling Duqu, and which they say is very similar to Stuxnet.

According to Symantec, "Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

Nobody knows who created Duqu, or why. (Says F-Secure: "Was Duqu written by US Government? Or by Israel? We don’t know. Was the target Iran? We don’t know.")

But Symantec reports that "the threat was highly targeted toward a limited number of organizations for their specific assets. … The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party."

So are we seeing another attempt by the same crowd that brought us Stuxnet in the first place? Or disturbing evidence that the predictions of Langner and others are coming true — that a tool intended to cripple Iran’s nuclear enrichment efforts has now been repurposed, possibly by another foreign government or a criminal syndicate?

We may find out in short order. F-Secure’s Mikko Hypponen, who has adopted the hashtag #Stuxnet2, warns on his Twitter feed: "If Duqu was indeed an information gathering operation, we should expect the real attack soon."

Tag: Iran

More from Foreign Policy

Russian President Vladimir Putin chairs a commission on military-technical cooperation with foreign states in 2017.
Russian President Vladimir Putin chairs a commission on military-technical cooperation with foreign states in 2017.

What’s the Harm in Talking to Russia? A Lot, Actually.

Diplomacy is neither intrinsically moral nor always strategically wise.

Officers with the Security Service of Ukraine (SBU) wait outside an apartment in Kharkiv oblast, Ukraine.
Officers with the Security Service of Ukraine (SBU) wait outside an apartment in Kharkiv oblast, Ukraine.

Ukraine Has a Secret Resistance Operating Behind Russian Lines

Modern-day Ukrainian partisans are quietly working to undermine the occupation.

German Chancellor Olaf Scholz and French President Emmanuel Macron wave as they visit the landmark Brandenburg Gate illuminated in the colors of the Ukrainian flag in Berlin on May 9, 2022.
German Chancellor Olaf Scholz and French President Emmanuel Macron wave as they visit the landmark Brandenburg Gate illuminated in the colors of the Ukrainian flag in Berlin on May 9, 2022.

The Franco-German Motor Is on Fire

The war in Ukraine has turned Europe’s most powerful countries against each other like hardly ever before.

U.S. President Joe Biden holds a semiconductor during his remarks before signing an executive order on the economy in the State Dining Room of the White House in Washington, D.C.
U.S. President Joe Biden holds a semiconductor during his remarks before signing an executive order on the economy in the State Dining Room of the White House in Washington, D.C.

How the U.S.-Chinese Technology War Is Changing the World

Washington’s crackdown on technology access is creating a new kind of global conflict.