Flame and Stuxnet makers 'co-operated' on code

Source code was shared between the teams making the malware attacks, researchers said

Teams responsible for the Flame and Stuxnet cyber-attacks worked together in the early stages of each threat's development, researchers have said.

Flame, revealed last month, attacked targets in Iran, as did Stuxnet which was discovered in 2010.

Kaspersky Lab said they co-operated "at least once" to share source code.

"What we have found is very strong evidence that Stuxnet/Duqu and Flame cyber-weapons are connected," Kaspersky said.

Alexander Gostev, chief security expert at the Russian-basedsecurity company added: "The new findings that reveal how the teams shared source code of at least one module in the early stages of development prove that the groups co-operated at least once."

Vitaly Kamluk, the firm's chief malware expert, said: "There is a link proven - it's not just copycats.

"We think that these teams are different, two different teams working with each other, helping each other at different stages."

The findings relate to the discovery of "Resource 207", a module found in early versions of the Stuxnet malware.

It bears a "striking resemblance" to code used in Flame, Kaspersky said.

"The list includes the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming," Mr Gostev said.

Continue reading the main story

“

Start Quote

It's not just copycats”

Vitaly KamlukKaspersky Labs

Direct orders

Recently, a New York Times investigation - based on an upcoming book - singled out the US as being responsible for Stuxnet, under the direct orders of President Barack Obama.

The report said the threat had been developed in co-operation with Israel.

No country is yet to publicly take responsibility for the attack.

Speaking about Flame, a spokesman for the Israeli government distanced the country from involvement following an interview in which a minister seemed to back the attacks.

"There was no part of the interview where the minister has said anything to imply that Israel was responsible for the virus," the spokesman said.

'Completely separate'

Last week, the UN's telecommunications head Dr Hamadoun Toure said he did not believe the US was behind Flame, and that reports regarding the country's involvement in Stuxnet were "speculation".

Prof Alan Woodward, a security expert from the University of Surrey, described the findings as interesting - but not yet a clear indicator of who was behind the attacks.

"The fact that they shared source code further suggests that it wasn't just someone copying or reusing one bit of Stuxnet or Flame that they had found in the wild, but rather those that wrote the code passed it over," he said.

"However, everything else still indicates that Flame and Stuxnet were written designed and built by a completely separate group of developers.

"At the very least it suggests there are two groups capable of building this type of code but they are somehow collaborating, albeit only in a minor way."

Source: abc

LinkedIn sheds more light on security breach

LinkedIn Corp, criticized for inadequate network security after hackers exposed millions of its users' passwords, said on Saturday it had finished disabling all affected accounts and did not believe other members were at risk.

The company, a social network for business professionals, promised to beef up security, days after more than 6 million customer passwords turned up on underground sites frequented by criminal hackers.

The break-in - the latest in a string of high-profile Internet breaches around the world - has damaged the reputation of the high-flying company with more than 160 million members, and raised questions about whether LinkedIn had done enough to safeguard the private information of its users.

Some cyber-security experts had warned that the company could uncover further data losses over coming days as it tries to figure out what happened.

In its blog post, LinkedIn said it had notified all affected users - whose accounts had not been accessed - and added it did not think other users had been compromised.

"Thus far, we have no reports of member accounts being breached as a result of the stolen passwords. Based on our investigation, all member passwords that we believe to be at risk have been disabled," it said in a blog post.

"If your password has not been disabled, based on our investigation, we do not believe your account is at risk."

LinkedIn is a natural target for data thieves because the site stores valuable information about millions of professionals, including well-known business leaders.

It has hired outside forensics experts to assist as company engineers and the FBI seek to get to the bottom of the break-in. The company said on Friday it did not know if any other account information was stolen besides passwords.

But customers whose passwords were among those stolen were still getting notified by LinkedIn as of Friday afternoon, days after news of the breach surfaced.

The way the company responds to the theft will play a critical role in determining the extent to which the incident damages LinkedIn's reputation, experts said.

LinkedIn shares rose 2.6 percent to $96.26 on Friday. While the breach has not appeared to hurt the stock, investors are likely watching the matter closely because the stock carries one of the loftiest valuations in technology.

Source: Reuters