Experts 'Convinced' Duqu Work of Stuxnet Authors 85
Trailrunner7 writes "Researchers are fairly confident now that whoever wrote the Duqu malware was also involved in developing the Stuxnet worm. They're also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that haven't been documented yet. There was a lot of speculation when Duqu first emerged about whether the attack was the work of the same group--still unknown--that had created Stuxnet and unleashed it on Iran's nuclear facilities last year. Some of that was centered on supposed similarities in the code between the two pieces of malware, but that was before many of the individual components of Duqu had been identified and analyzed. Now that the analysis and research into the Duqu malware have advanced a bit, researchers say they've found more evidence that points to the malware being the work of the Stuxnet authors or their close associates. 'I'm convinced it's the same group,' Costin Raiu, director of global research and analysis at Kaspersky Lab, who has done much of the analysis of Duqu, said."
Should the researchers keep quiet? (Score:1, Interesting)
Re:Should the researchers keep quiet? (Score:5, Interesting)
If Stuxnet is designed to prevent the total destruction of Israel
That's a big "if" you're waving around there partner.
Stuxnet could be a weapon designed for use against Iran, possibly by Israel, but "designed to prevent the total destruction of Israel", that's pretty hyperbolic.
People who mess with the military often find themselves six feet under (unless they're cremated first).
Who's military are you talking about here?
The group isn't unknown at all. (Score:5, Interesting)
The greatest myth of Stuxnet is that the perpetrators who created it are still a mystery. A retiring Israeli general admitted on _video_ and bragged about the fact that Stuxnet was developed as a joint U.S.-Israeli project to attack Iran's nuclear facilities.
http://www.net-security.org/secworld.php?id=10596 [net-security.org]
Re:What is this telling us? (Score:5, Interesting)
Stuxnet is the first widely reported example of a digital attack on the infrastructure of one nation by (what is believed to be) another nation or nations. This is a big deal. This is one that is likely to be in course syllabuses 50 years from now. If not in the CS department then probably in the PoliSci department. Anything connected to Stuxnet is inherently interesting and potentially newsworthy.
Any actual technical capabilities that Duqu may or may not have is the least interesting part of this story.
Re:Should the researchers keep quiet? (Score:4, Interesting)
It's not exactly a secret that Mossad and the IDF were the chief suspects in the creation of Stuxnet. They were even publicizing [jpost.com] their new cyber-warfare IDF division not too long before Stuxnet emerged. So I doubt Israel considers this a big secret. In fact, they may well want to publicize the "Threaten us and we can blow up your centrifuges" message it sends.
Re:Should the researchers keep quiet? (Score:4, Interesting)
iran going to nuclear war would lead to iran's government to fall - a conventional war would do that as well, it's a card house. messing with their industrial machines only can slow things down though, it can't stop them.
besides, going public with the information straight on would actually protect the researchers, if they're worried about ending up six feet under. but the real reason for going public is that for the researchers the value of the work is going public and going public with it first, so they'll get pageviews.
but.. you could go on further and say that they're doing free r&d for duqu/stuxnet developers. it's a stretch to say that they're the same guys though, just based on analysing the code - it could be just some guy(s) who thought stuxnets architechture was worth looking into as research.
Re:Should the researchers keep quiet? (Score:5, Interesting)
More likely, stuxnet was designed as an alternative to an unpopular military action. Arab neighbors of Iran are eager for Israel to "handle" the issue so they can reap the benefits of an emasculated Iran without getting their own hands dirty. The situation for Israel is more complex; military action will galvanize anti-Israeli sentiments in the ME, and Iran is not their most immediate problem. BUT, neither can Iran be safely ignored. Stuxnet performed its job in buying extra time before Iran could finalize its nuclear program, but that extra time is running out.