Security Theater Seminar, Sun 20/May/2012 at 14:00 - Son of Stuxnet
Yossef Oren
Electrical Engineering Labs Building (חשמל מעבדות), Room 146 Join us virtually!
Sunday, May 20, 2:00pm
Inside the Duqu Command and Control Servers
Abstract: When the Stuxnet worm was initially discovered in June 2010, it looked like yet another piece of computer malware aimed at causing damage to infected computers. However, as security companies took Stuxnet apart, there was a startling discovery that this was a one-of-a-kind cyber-weapon. In particular, Stuxnet contained a number of sub-routines designed to compromise a very specific industrial system which, according to an ISIS report, was "the IR-1 centrifuges at the Fuel Enrichment Plant (FEP) at Natanz" in Iran.
By September 2011, when the Duqu Trojan was discovered by the Hungarian research lab CrySyS, it became obvious that this new malware was related to Stuxnet and might actually be the work of the same attackers. The similarities were striking and ongoing analysis shows that Stuxnet and Duqu were all aimed at the same target -- Iran's nuclear power program. Millions of dollars have been invested in the development of Stuxnet and it did its job successfully -- destroying a large batch of IR-1 centrifuges. The purpose of Duqu, which for sure had a comparable financing to Stuxnet, is more hazy.
Speaker Bios: Costin Raiu is Director of the Global Research & Analysis Team at Kaspersky Lab. Costin joined Kaspersky Lab in 2000 as a leading Antivirus Researcher. Prior to becoming Director of the Global Research & Analysis Team in 2010, Costin was Head of the Romanian R&D group, overseeing research efforts in the EEMEA region. Costin specializes in malicious websites, browser security and exploits, e-banking malware, enterprise-level security and Web 2.0 threats. Costin also has a particular interest in encryption and advanced mathematics. Costin is based in Romania.
Vitaly Kamluk is Chief Malware Expert of the Global Research & Analysis Team at Kaspersky Lab. Vitaly joined Kaspersky Lab in 2005 as an Infrastructure Services Developer for the Antivirus lab. In 2008, he was appointed to the position of Senior Antivirus Expert before becoming Director of the EEMEA Research Center in 2009. Vitaly spent a year working in Japan as a Chief Malware Expert, leading a group of local researchers. He specializes in threats focusing on global network infrastructures, malware reverse engineering and cybercrime investigations. Prior to joining Kaspersky Lab, Vitaly worked as a software developer and system administrator. Vitaly is a graduate of the Belarussian State University.
Recorded at SOURCE Conference 2012, Boston, April 17 2012 http://www.sourceconference.com/boston/speakers_2012.asp#craiu