Saturday, January 7, 2012

Duqu "hints" of an alien architecture

My Quantum Leap Buzz "cyberwar dashboard" fired off a new alert to me about the Duqu command and control servers being "…written in a language the researchers had never seen before…"
The link cited an article, in which I found the following paragraph:
Another question is that one of the components for the Duqu command-and-control (C&C) servers was written in a programming language that the researchers had never seen before. "It was a very curious procedural language .. we don't know why they chose to write it in a different language, and we don't know what this language is," Raiu says. "Solving this [may] help us understand who created the communication module, or if different groups don't know about one another," for example, he says.
I've written multiple times about the "holy grail" of The Perfect Virus being Black Box Portability (principle #7). From this latest bit of intelligence (I really like running my own news-aggregation/analysis dashboard, rather than leaving it up to any news organization to tell me what THEY think is important), I make the following inferences:

  1. The creators of Duqu have made a government-level investment in attack architecture.
  2. The creators of Duqu are a Western goverment (most likely the U.S.).
  3. This may explain the slacking off of China's cyber misbehavior (ie; "There's a new sheriff in town.").
  4. If I were one of the whacky anarchists attacking supporters of SOPA (the Stop Online Piracy Act), I'd think twice about using extra-legal means, as hard prison time for a late-teen/twenty-something prisoner could have some nasty experiences in the general population of a federal prison.
Net net: You wild and zany guys from Anonymous/Lulzsec might line up some legal heavyweights. And when you decide to file lawsuits challenging SOPA, you might seriously considering filing in the jurisdiction of the only federal judge who knows dittley-squat about cyber law. That would be Judge Clark Waddoups in Utah, about whom I've opined over a year ago (see my article on how Judge Waddoups kept 1-800Contacts from hijacking the Internet).

I just got an email obviously sent by Anonymous to all of the Stratfor subscribers giving me George Friedman's mobile and home phone numbers, along with a spoof "butthurt" incident report website. While I am ashamed of myself for laughing so hard, especially since I think George Friedman and Stratfor have been pretty on the money in their analyses, I'm afraid that some hard jail time for the anonymous culprits will give their concept of "butthurt" a whole new meaning.

Oh, yes. And for those of you who are the least bit paranoid, I'd recommend getting your own BUZZ dashboard going and sending you cell phone text messages whenever the H5N1virus starts trending into your state. If you wait for the evening news to figure out there's a story afoot, it could be way too late for you and your family.