What's new

'Complete takeover': Israel unleashed one of the world's most sophisticated cyberweapons on the Iran

kamrananvaar

FULL MEMBER
Joined
Dec 2, 2011
Messages
698
Reaction score
1
REUTERS/Ruben Sprich) US Secretary of State John Kerry looks out of his room at the Beau Rivage Palace Hotel during a break during the Iran nuclear program talks in Lausanne April 1, 2015.

The computers in three luxury hotels that hosted high-stakes negotiations on Iran's nuclear program were infected with an improved version of one of the world's most powerful computer viruses, The Wall Street Journal reports.

The discovery of the Duqu virus — a collection of malware used primarily for sensitive intelligence-collection operations — by cybersecurity firm Kaspersky Lab ZAO provides the first solid evidence that Israel had in fact been spying on the talks, a suspicion that was first reported in March 2015.

Kaspersky has not officially named Israel as the source of the attack. But the uncovered virus "was so complex and borrowed so heavily from Duqu that it 'could not have been created by anyone without access to the original Duqu source code," according to the Journal and Kaspersky's report.

Duqu — and malware linked to it — has been used by Israel to spy on Iran in the past, copying blueprints of Iran’s nuclear program. The malware has a variety of functions to suck up information.

"Since Duqu uses root capabilities and exploits vulnerabilities that allows for an elevation of privileges, Duqu can be used to install other code that can keystroke log, record conversations, record video, extract files, track any activity that occurs on the infected Windows PC or laptop," Jeff Bardin, chief intelligence officer of Treadstone 71, told Business Insider. "This includes the capturing of user ids, passwords, and sensitive files."

Bardian added: "Once the code is installed, most anti-virus software cannot detect or remove this malware. Duqu allows for the complete takeover of the target Windows devices."


(Raheb Homavandi/REUTERS) A security official stands in front of the Bushehr nuclear reactor, 1,200 km (746 miles) south of Tehran, August 21, 2010.


In 2012, Kasperskpy told The New York Times that that it believed that Duqu was created by the same state-sponsored program as the Stuxnet and Flame viruses, which also targeted Iran's nuclear program.

Stuxnet, a joint US-Israel project, is known for reportedly destroying roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out of control. Flame is a massive program that leaves a back door (i.e., Trojan) on computers through which it sucks information from networks by actions Bardin described as functions of Duqu.

Chris Weber, cofounder of Casaba Security, told Business Insider that the improved version of Duqu, dubbed Duqu 2.0, "is extremely advanced malware platform with delivery mechanisms on par with Stuxnet."

"Once infected, the Duqu platform offers its operators ability to install either a simple, memory-resident backdoor or a more persistent and fully featured command and control package," Weber explained. "After that the platform allows for leverage into other parts of the network."

Weber called Duqu 2.0 "badass" and said the malware "is the tool of choice for nation-state spying."
(REUTERS/Ronald Zak/Pool) Kerry and Iranian Foreign Minister Javad Zarif are pictured before a meeting in Vienna November 23, 2014.


After intercepting communications between Israeli officials, the White House suspected that Israel had been spying on the negotiations to gather sensitive information that it could then reveal to Congress in hopes of sinking the deal.

Kaspersky researchers were alerted to Duqu's resurgence after detecting the virus in their own system earlier this year — it had been there, Kaspersky believes, for at least six months.

The FBI is investigating Kaspersky's claims, according to The Journal. The firm has declined to name the three European hotels that were targeted.

Nuclear talks were held at the Beau-Rivage Palace in Lausanne, Switzerland, the Intercontinental in Geneva, the Palais Coburg in Vienna, the Hotel President Wilson in Geneva, the Hotel Bayerischer Hof in Munich and Royal Plaza Montreux in Montreux, Switzerland.
 
. . .

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Back
Top Bottom