Stuxnet, Duqu, Flame Targeted Illegal Windows Systems In Iran

  /     /     /  
Publicated : 22/11/2024   Category : security


Stuxnet, Duqu, Flame Targeted Illegal Windows Systems In Iran


Pirated software the norm in the region



An oft-overlooked detail about Stuxnet, Duqu, and Flame is that the attacks all targeted Windows machines in Iran even though Windows isnt allowed to be sold there under U.S. export restriction laws. Software smuggling and pirating are commonplace there, including for Windows.
Piracy is rampant there -- 99 percent of software in that part of the world is pirated. I know because I spent a lot of time in that part of the world, says Ashar Aziz, CEO of FireEye.
Software piracy and smuggling are a big problem in countries, such as Iran, that are banned from many high technology imports under economic sanctions. Stopping those illegal activities in Iran and other trade-sanctioned countries is difficult and often unrealistic, leaving many U.S. vendors to come to accept that their software is pirated there.
The masterminds behind Stuxnet, Duqu, and
Flame
-- who Obama administration officials say were government technologists and intelligence officials from the U.S. and Israel, according to reports in
The New York Times
and
The Washington Post
-- apparently were confident in Irans use of Windows such that they targeted it. They used zero-day vulnerabilities and other methods for gathering intelligence on Irans nuclear development program with Duqu and Flame, and then actually sabotaged the operation at the Natanz facility with a Windows worm that ultimately spread to a specific Siemens programmable logic controller that ran the centrifuges. The attack ultimately caused the centrifuges to spin out of control and fail.
Microsoft knows better than any software firm about the perils of pirated software and the difficulty in shutting it down. The software giant, which like other U.S. firms is
banned from shipping software
to Iran, Cuba, North Korea, Sudan, and Syria, pushes updates to all supported versions of Windows -- even pirated ones -- as a healthy security ecosystem practice. So even pirated Windows machines in Iran theoretically would receive up-to-date versions of Windows if users there apply the patches.
While Microsoft declined to comment on pirated software in Iran, Yunsun Wee, director of Microsoft Trustworthy Computing, did confirm that Microsoft supports of all of its software, pirated or not. Any supported Microsoft operating system has access to security updates, regardless of genuine status, either by manually downloading them from Microsofts site or by using Automatic or Windows Updates, Wee says.
Security experts say the Flame, Duqu, and Stuxnet attacks should not be perceived as against Microsoft, even if its products were part of the equation. Its not that they went against Microsoft ... In no way would I say Stuxnet was built to go against Microsoft. It went after vulnerabilities, says Al Kinney, director of defense cybersecurity capability for HP Enterprise Services.
According to
a report
in
The Washington Post
today, officials confirmed that Flame was an effort to slow Irans nuclear program down as well as to buy some time for sanctions and diplomatic efforts.
[ Easy-to-crack encryption likely helped keep Flame alive, as well as its resemblance to conventional software. See
How Flame Hid In Plain Sight For Years
. ]
Some security experts wonder why the U.S. and Israel bothered creating zero-day exploits and professional software development in the Flame, Duqu, and Stuxnet attacks just to target likely pirated software. It struck me: Do you really need these complex pieces of malware to be that sophisticated if [the target] is using illegal versions of the software? says Brian Honan of BH Consulting and a member of the Irish CERT.
The operators behind the attacks appear to have covered most of their bases with the quality of the code as well as the assumption that the Iranians were updating their Windows machines, experts say. Even so, antivirus software exports are banned from the U.S. to Iran as well, so AV tools there, if any, were likely weak links. Gunter Ollmann, vice president of research at Damballa, says that was likely a factor. Im sure one of the criteria [in an attack] was whether or not there were security products on the targeted device and if its capable of detecting [Flames] bag of tricks, Ollmann says.
But what the attackers did not do so well was keep the code under wraps, which has since led to its unraveling by security researchers around the globe.
The biggest failure was letting [Stuxnet] escape, FireEyes Aziz says. The attackers didnt ensure it didnt spread beyond its target, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Stuxnet, Duqu, Flame Targeted Illegal Windows Systems In Iran