Indian Authorities Seize Computer Linked to Deadly Duqu Virus
Indian authorities have seized computer equipment from a data center in Mumbai thought to send out the malicious Duqu virus.
Reuters reports that India's Department of Information Technology took several hard drives and other parts of a server after receiving a tip that it was communicating with Duqu-infected computers.
Investigators believe the computers may hold information as to where the Duqu virus originated.
"This one is challenging," said Marty Edwards, director of the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."
Duqu was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches.
Experts suspect that information is being gathered for use in developing future cyber weapons that would target the control systems of critical infrastructure.
The hackers behind Duqu are unknown, but their sophistication suggests a large operation.
"A cyber saboteur should understand the engineering specifications of every component that could be targeted for destruction in an operation," said John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit.
According to eWeek, Dell's security center found common links between Duqu and the Stuxnet virus, believed to have crippled centrifuges that Iran uses to enrich uranium, that had been observed in other unrelated threats. The two viruses have been linked in the past, but Dell said the relationship between the two were inconsequential at best.
Researchers said they are trying to anticipate the next phase of attacks.
"We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."