Computer virus poses threat to key installations

A computer virus designed for espionage has emerged in the Middle East, prompting fears of attacks on key energy installations and utilities in the region.

A computer virus, dubbed Duqu, designed for espionage has emerged in the Middle East. E J vanHannen
Powered by automated translation

A computer virus designed for espionage has emerged in the Middle East, prompting fears of attacks on key energy installations and utilities in the region.

Security experts warn that the new virus, dubbed Duqu, could be used to steal information about power plants, water treatment facilities and chemical plants.

The stolen information could potentially be used to carry out cyber attacks or even physical assaults to disable facilities.

Designed for high-level espionage, the virus is said to be the successor to the Stuxnet cyber attack that targeted Iranian nuclear plants last year.

"We're not only talking about a cyber war," said Bulent Teksoz, the chief security strategist for emerging markets at Symantec. "The sky is the limit, if they know how a nationwide [electricity] grid system works, [how] a water system works."

Security experts say the people behind Stuxnet, which cost an estimated US$1 million (Dh3.6m) to create, also coded the Duqu virus.

The Middle East, which has infrastructure such as oil and gas installations that supply much of the world's energy needs, is among the regions where the virus is present, according to IT security companies.

Energy experts voiced alarm about the presence of the cyber threat in the region.

"It's definitely a concern," said Mohammed Al Zuhair, the general manager for global supply chain management at Saudi Basic Industries Corporation, one of the world's biggest manufacturers of chemicals, fertilisers, plastics and metals.

"As a company, you have to mitigate all the time against the risk of fire, loss of power and loss of connection. The question is what impact there will be on the company if you shut down for one day or one month," Mr Al Zuhair said.

Duqu had already been found in a north-eastern African country after the virus first emerged in Europe this week, said Tarek Kuzbari, the managing director in the Middle East and Turkey for Kaspersky Lab.

He was unwilling to disclose the name of the country, company or the type of infrastructure that was targeted, but he said the virus was found on a user's computer two days ago.

The Stuxnet virus - called a "worm" because it can self-replicate - was designed to sabotage Siemens management systems, which are most commonly used in industrial manufacturing facilities and utilities plants.

Officials in Iran last year said the virus infected 30,000 personal computers in the country.

"Stuxnet was clearly the most sophisticated computer attack that we had ever seen in the history of mankind," said Mr Teksoz.

Iranian officials last year accused the US and Israel of creating Stuxnet. The West accuses Iran of enriching uranium to build weapons, but officials in the country say their nuclear technology is used only to generate energy.

Duqu could pave the way for another Stuxnet-style attack, with the potential to disable key infrastructure. Or it could even be the precursor of an attack that is not of the digital kind.

The virus is configured to run for 36 days, after which the threat automatically removes itself from a system. This is unlike the original Stuxnet version, which could multiply itself.

Duqu, given that name because it creates files with a .DQ extension, targets not just Microsoft's Windows operating systems, as Stuxnet did last year, but also any custom-made operating system.

This means there is little that companies can do to combat the virus. Even anti-virus companies cannot offer protection to those organisations that are being spied on.

"With this kind of system, it is very rare to find such kind of solutions to protect [against] that," said Mr Kuzbari.