SEARCH

Entries in McAfee (2)

Tuesday
Oct182011

Son of Stuxnet? Researchers Warn of Impending Cyber Attack

Jupiterimages/Thinkstock(MOUNTAINVIEW, Calif.) -- A new computer virus using "nearly identical" parts of the cyber superweapon Stuxnet has been detected on computer systems in Europe and is believed to be a precursor to a new Stuxnet-like attack, a major U.S.-based cyber security company said Tuesday.

Stuxnet was a highly sophisticated computer worm that was discovered last year and was thought to have successfully targeted and disrupted systems at a nuclear enrichment plant in Iran. At the time, U.S. officials said the worm's unprecedented complexity and potential ability to physically sabotage industrial control systems -- which run everything from water plants to the power grid in the U.S. and in many countries around the world -- marked a new era in cyber warfare.

Though no group claimed responsibility for the Stuxnet worm, several cyber security experts have said it is likely a nation-state created it and that the U.S. and Israel were on a short list of possible culprits.

Whoever it was, the same group may be at it again, researchers said, as the authors of the new virus apparently had access to original Stuxnet code that was never made public.

The new threat, discovered by the Europe-based research lab dubbed "Duqu," is not designed to physically affect industrial systems like Stuxnet was, but apparently is only used to gather information on potential targets that could be helpful in a future cyber attack, cyber security giant Symantec said in a report Tuesday.

"Duqu shares a great deal of code with Stuxnet; however, the payload is completely different," Symantec said in a blog post.

Duqu is designed to record key strokes and gather other system information at companies in the industrial control system field and then send that information back to whomever planted the bug, Symantec said.

If successful, the information gleaned from those companies through Duqu could be used in a future attack on any industrial control system in the world where the companies' products are used -- from a power plant in Europe to an oil rig in the Gulf of Mexico.

"Right now it's in the reconnaissance stage, you could say," Symantec senior director for Security Technology and Response, Gerry Egan, told ABC News. "[But] there's a clear indication an attack is being planned."

Duqu is also not designed to spread on its own, so researchers believe its targets were the computer systems it had already infiltrated, Egan said.

The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team issued an alert Tuesday to "critical infrastructure owners and operators" on Duqu, urging them to take steps to secure their systems.

"The extent of the threat posed by [Duqu] is currently being evaluated," the alert says.

Another cyber security company, F-Secure Security Labs, also examined Duqu and said on its website that parts of its code were so similar to Stuxnet that its virus-detection system believed it was dealing with the same virus over again.

A representative for Symantec said they were made aware of the new threat after the unnamed European research lab forwarded them a sample of the code along with their analysis comparing it with Stuxnet, which Symantec then confirmed. McAfee Labs, another cyber security power player, said they too had been given a sample of the Duqu code for analysis.

"One thing for sure is the Stuxnet team is still active..." McAfee said on its website.

Copyright 2011 ABC News Radio

Thursday
Oct062011

China Still Spies the Old Fashioned Way, Russia Says

Stockbyte/Thinkstock(WASHINGTON) -- A day after a top American lawmaker accused China of exercising "an intolerable level" of espionage in the U.S., Russia's spy service announced it has detained a Chinese national for allegedly attempting to steal secrets about a Russian missile system.

While the accusations out of the U.S. primarily refer to cyber intrusions of American corporations, the Russian government is accusing China of an old standby in the tradecraft playbook: outright bribery.

Russia's secretive spy agency, the Federal Security Service (FSB), issued a rare statement Wednesday claiming the state had arrested a Chinese citizen who, posing as a translator for official delegations, was working under the direction of the Chinese government in an attempt to buy state secrets from Russians about Russia's S-300 missile system.

The Chinese national, identified as Tong Shenyun, was reportedly detained last year but the arrest was not made public until earlier this week. Russia has already supplied the Chinese with the relatively dated missile system and Beijing has the license to manufacture it, Russian state news said, but the FSB accused Shenyun of trying to obtain "technical and repair documentation" about the system.

The announcement of Shenyun's arrest came just hours after a top U.S. lawmaker in the House Intelligence Committee issued the strongest yet condemnation of China's alleged widespread cyber campaign against American corporations, which has allegedly reached into "nearly every sector" of U.S. industry.

"I don't believe that there is a precedent in history for such a massive and sustained intelligence effort by a government agency to blatantly steal commercial data and intellectual property," House Intelligence Committee Chairman Rep. Mike Rogers (R-Mich.) said in an open committee meeting Tuesday. "Chinese espionage has reached an intolerable level... Beijing is waging a massive trade war on all of us."

Rogers said that cyber intrusions of American and other Western corporations by hackers working behalf of Beijing -- allegedly including attacks on corporate giants like Google and Lockheed Martin -- amounted to "brazen and widespread theft."

In one attack on Google, the company claimed Chinese hackers attempted to breach private emails of senior U.S. government officials, prompting Secretary of State Hillary Clinton to say the U.S. government was "very concerned" about the possible connection to China.

In August, a documentary broadcast on Chinese state-run television showed what appeared to be a cyber attack in progress aimed at an I.P. address based at an Alabama university.

The same month the documentary aired, U.S.-based cyber security giant McAfee released a report which it suggested a nation-state was likely behind "relentless" cyber attacks on up to 70 global companies, governments, and non-profit organizations over the last half-decade. Included in the list of victims was a U.S. satellite communication company, several defense contractors, real estate firms, the International Olympic Committee and several Asia-based targets -- but none based in China.

Though China was not named as a suspect in the report, Chinese state-run media blasted its reasoning when responding to suggestions by other experts that China was the most likely culprit.

"McAfee's new report alleges that 'a government' carried out a large-scale Internet espionage hacking action but its analysis of the justification is obviously groundless," China's People's Daily said.

Chinese officials in the U.S. did not return requests for comments on this report, but, like in the case of the McAfee report, officials have repeatedly said the hacking accusations are "groundless."

Copyright 2011 ABC News Radio







ABC News Radio