Russia-based security firm Kaspersky claims Iran talks virus utilized legitimate digital certificates stolen from a Taiwanese electronics manufacturer. Company alludes to Israeli involvement, which Jerusalem denied.
Further research into the sophisticated computer virus used to hack into hotels where the Iran nuclear talks took place has found it took advantage of digital credentials stolen from the world’s top contract electronics maker Foxconn.
Russian security company Kaspersky Labs said Monday that researchers had learned that the Duqu 2.0 virus had redirected computer traffic by using a legitimate digital certificate from Taiwan’s Hon Hai, also known as Foxconn.
Foxconn customers have included many of the world’s biggest electronic makers, including: Apple, Blackberry, Google, Huawei, and Microsoft.
Kaspersky has revealed its initial findings in a report last week, in which it said it found the virus in conferencing equipment at three European hotels where talks took place.
Digital certificates are the credentials which identify legitimate computers on a network. They act as the basis of e-commerce, and other largely automated transactions on the Web.
In recent years, cyber spies have begun exploiting stolen certificates to trick machines into thinking malicious software comes from legitimate sources.
Targeted attacks
The “P5+1” group of six world powers: the United States, Russia, China, Britain, France and Germany, have been negotiation with Iran in an attempt to curb its nuclear program.
Both Moscow-based Kaspersky and U.S. security company Symantec Corp said the virus shared some programming with known espionage software called Duqu, which experts believe to have been developed by Israel.
Israel has strongly opposed the powers’ diplomatic opening to Iran, and denies any connection with the virus. In February, the United States accused Israel of using selective leaks from the talks to distort the U.S. position.
Symantec and Kaspersky analysts have said there is overlap between Duqu and Stuxnet, a U.S.-Israeli project that sabotaged Iran’s nuclear program in 2009-10 by destroying a thousand or more centrifuges that were enriching uranium.
The Stuxnet virus took advantage of stolen digital certificates from two other major Taiwanese companies, JMicron Technology Corp and Realtek Semiconductor Corp, Kaspersky said in a report it published in 2010.
“Duqu attackers are the only ones who have access to these certificates, which strengthens the theory they hacked the hardware manufacturers in order to get these certificates,” Kaspersky said in a summary of its report on Monday.
Kaspersky said it had notified Foxconn of the stolen credentials. Foxconn was not immediately available to comment on steps it has taken to secure its systems.
Last week, Kaspersky said Duqu 2.0 had evolved from the earlier Duqu, which had been deployed against unidentified targets for years before it was discovered in 2011.
As reported by Ynetnews