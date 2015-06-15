By Eric Auchard and Joseph Menn
research into the sophisticated computer virus used to hack into
hotels where the Iran nuclear talks took place has found it took
advantage of digital credentials stolen from the world's top
contract electronics maker Foxconn.
Russian security company Kaspersky Lab said on Monday that
researchers learned the Duqu 2.0 virus had redirected computer
traffic by using a legitimate digital certificate from Taiwan's
Hon Hai, also known as Foxconn.
Foxconn customers have included many of the world's biggest
electronic makers, including Apple, Blackberry,
Google, Huawei and Microsoft.
Kaspersky revealed its initial findings in a
report last week in which it said it found the virus in
conferencing equipment at three European hotels used in talks
involving Iran and six world powers, among other targets.
Digital certificates are the credentials which identify
legitimate computers on a network. They act as the basis of
e-commerce and other largely automated transactions on the Web.
In recent years, cyberspies have begun to exploit stolen
certificates to trick machines into thinking malicious software
comes from legitimate computers, an escalation posing a grave
threat to business done over the Internet, security experts say.
TARGETED ATTACKS
The "P5+1" group of six world powers have been negotiating
with Iran on curbs to its disputed nuclear programme - the
United States, Russia, China, Britain, France and Germany.
The on-again, off-again series of talks to reach a
comprehensive nuclear deal with Iran have been held in Geneva,
Lausanne, Montreux, Munich and Vienna since last year.
Both Moscow-based Kaspersky and U.S. security company
Symantec Corp said the virus shared some programming
with previously discovered espionage software called Duqu, which
security experts believe to have been developed by Israelis.
Israel, which has strongly opposed the powers' diplomatic
opening to its arch-enemy Iran, denied any connection with the
virus. In February, the United States accused Israel of using
selective leaks from the talks to distort the U.S. position.
The West suspects Iran wants to develop a nuclear weapons
capability from its enrichment of uranium. Iran says it wants
nuclear energy only for electricity and medical isotopes.
Symantec and Kaspersky analysts have said there was overlap
between Duqu and Stuxnet, a U.S.-Israeli project that sabotaged
Iran's nuclear programme in 2009-10 by destroying a thousand or
more centrifuges that were enriching uranium.
The Stuxnet virus took advantage of stolen digital
certificates from two other major Taiwanese companies, JMicron
Technology Corp and Realtek Semiconductor Corp
, Kaspersky said in a report it published in 2010.
"Duqu attackers are the only ones who have access to these
certificates, which strengthens the theory they hacked the
hardware manufacturers in order to get these certificates,"
Kaspersky said in a summary of its report on Monday.
Kaspersky said it had notified Foxconn of the stolen
credentials. Foxconn was not immediately available to comment on
steps it has taken to secure its systems.
Last week, Kaspersky said Duqu 2.0 had evolved from the
earlier Duqu, which had been deployed against unidentified
targets for years before it was discovered in 2011.
It said Duqu 2.0 used three previously unknown flaws in
Microsoft Corp software to infect machines, for which
the software giant subsequently released patches to fix. The
attack left almost no traces.
