The computer security company Kaspersky acknowledges having been infected with Duqu 2.0, a powerful computer worm. Several clues indicate the responsibility of Israel.
Duqu is back. The Russian computer security company Kaspersky revealed to have detected in its own internal networks a program similar to malware that occurred in 2011. This new worm, dubbed “Duqu 2.0″, is considered the “most advanced in its category” by the anti-virus vendor. If Kaspersky is careful to identify a culprit, he believes that only a State is able to design this software, he estimated at $ 50 million.
Kaspersky also identified other victims of Duqu 2.0 . The company counts one hundred affected systems in Western countries, the Middle East and Asia. But Kaspersky also notes two events in which the sponsors of the software were interested. 2.0 Duqu have prevailed during the negotiations of the “P5 + 1″ on Iran’s nuclear, February and March 2014. The hotels had hosted the Iranian delegation, Austria, were targeted, according to Kaspersky. The traces of the worm were also found during the 70th anniversary of the liberation of Auschwitz, attended many international officials.
Israel denies its involvement
The allocation a hacking or malware is always a delicate task. Nevertheless, several indicators suggest that Israel is involved in the design of Duqu 2.0. First, the first version of Duqu, dating from 2011, is itself a derivative of Stuxnet. The latter was developed by the United States in cooperation with Israel to attack Iran’s nuclear program, in particular centrifuges, to try to slow the efforts of Tehran, suspected of wanting to develop nuclear weapons.
In March, US officials that Israel spied talks between the P5 + 1 and Iran in 2014, according to the Wall Street Journal . The US daily reported other clues that make the link between the worm and the Israeli state. For example, the first version of the company’s technical report called “The Duqu Bet,” which means both “bet” in English, which is the second letter of the Hebrew alphabet.
Through the voice of its vice foreign minister, Tzipi Hotovely, Israel has denied spying negotiations on the Iranian nuclear issue. “International news about Israel’s involvement in this affair are baseless,” she said. Austria and Switzerland, for their part, had already started investigations before the public revelations of Kaspersky. “Computer equipment was seized under a search warrant on May 12,” said the prosecutor.
Using three flaws “zero-day”
The worm identified Kaspersky is built for espionage. “Duqu 2.0 is a comprehensive tool theft of information that is designed to maintain a discreet and lasting presence in the target’s network,” said Kaspersky team in one of its reports. Both discreet and versatile, it is composed of numerous modules, which enable it to collect a variety of information. It can for example operate microphones in hotel lifts that have them. The company believes that if she was attacked is the entity behind Duqu 2.0 thought his program was undetectable. The worm exploits no less than three faults “zero-day”. These are flaws that are unknown and unprotected, in this case, in the Microsoft Windows operating system.
It may seem paradoxical that a company that sells anti-virus make a report 50 pages and a news conference on software that is able to infect. “To think that reveal that kind of incident takes place primarily at the expense of our reputation is false and dangerous” replies Kaspersky. “In fact, any company may be a victim of a targeted and sophisticated attacks.” By targeting a computer security firm, Duqu 2.0 designer clearly state seeks to have a step ahead for its operations espionage. “This is a very dangerous trend,” commented Eugene Kaspersky, CEO of the firm. Kaspersky believes, however, that “information obtained by the attackers are in any case critical for the company.”
No comments:
Post a Comment