BANGALORE, INDIA: A cyber warfare expert claims he has linked the Stuxnet computer virus that attacked Iran’s nuclear program in 2010 to Conficker, a mysterious “worm” that surfaced in late 2008 and infected millions of PCs.
Conficker was used to open back doors into computers in Iran, then infect them with Stuxnet, according to research from John Bumgarner, a retired U.S. Army special-operations veteran and former intelligence officer.
“Conficker was a door kicker,” said Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit, a non-profit group that studies the impact of cyber threats. “It built out an elaborate smoke screen around the whole world to mask the real operation, which was to deliver Stuxnet.”
Conficker: The do’s and don’ts from McAfee
While it is widely believed that the United States and Israel were behind Stuxnet, Bumgarner wouldn’t comment on whether he believes the Americans and Israelis also unleashed Conficker, one of the most virulent pieces of so-called malware ever detected. He wouldn’t name the attackers he believes were behind the two programs, saying the matter was too sensitive to discuss.
The White House and the FBI declined to comment.
Prime Minister Benjamin Netanyahu’s office, which oversees Israel’s intelligence agencies, also declined comment.
Conficker: One year old and still a threat
If Bumgarner’s findings, which couldn’t immediately be independently confirmed, are correct then it shows that the United States and Israel may have a far more sophisticated cyber-warfare program than previously thought. It could also be a warning to countries other than Iran that they might be vulnerable to attacks.
His account leaves unresolved several mysteries. These include the severity of the damage that the program inflicted on Iran’s uranium enrichment facility, whether other facilities in Iran were targeted and the possibility that there were other as yet unidentified pieces of malware used in the same program.
The analysis may be met with skepticism in some quarters because dozens of researchers teamed up in 2009 and spent months studying Conficker, yet nobody concluded that the worm was used to attack Iran. Still, the bulk of that work was concluded long before Stuxnet was even discovered.
Bumgarner – who wrote a highly praised analysis of Russia’s 2008 cyber assault on Republic of Georgia – says he identified Conficker’s link to Stuxnet only after spending more than a year researching the attack on Iran and dissecting hundreds of samples of malicious code.
He is well regarded by some in the security community. “He is a smart man,” said Tom Kellermann, an advisor to the Obama Administration on cyber security policy and the chief technology officer of a company called AirPatrol.
His analysis challenges a common belief that Conficker was built by an Eastern European criminal gang to engage in financial fraud.
The worm’s latent state had been a mystery for some time. It appears never to have been activated in the computers it infected, and security experts have speculated that the program was abandoned by those who created it because they feared getting caught after Conficker was subjected to intense media scrutiny.
If confirmed, Bumgarner’s work could deepen understanding of how Stuxnet’s commanders ran the cyber operation that last year sabotaged an underground facility at Natanz, where Iranian scientists are enriching uranium using thousands of gas centrifuges.
He provided Reuters with his timeline of the attack, which indicates it began earlier than previously thought. He said that it was planned using data stolen with early versions of Duqu, a data stealing tool that experts recently discovered and are still trying to understand. The operation ended earlier-than-planned after the attackers got caught because they were moving too quickly and sloppiness led to errors.
Article source: http://www.ciol.com/Security/Enterprise-Security/Feature/Did-Conficker-help-sabotage-Irans-nuke-program/157334/0/
View full post on National Cyber Security » Virus/Malware/Worms