Posts

Cyber-spawn Duqu 2.0: Was Malware Infection ‘Patient Zero’ Mapped?

/17 Comments/in , /by

Cybersecurity_MerrillCollegeofJournalismKaspersky Lab reported this morning a next-generation version of Duqu malware infected the information security company’s network.

Duqu is a known reconnaissance malware. Its complexity suggests it was written by a nation-state. The malware appears closely affiliated with the cyber weapon malware Stuxnet.

WSJ reported this particular version may have been used to spy on the P5+1 talks with Iran on nuclear development. Dubbed ‘Duqu 2.0,’ the malware may have gathered audio, video, documents and communications from computers used by talk participants.

Ars Technica reported in depth on Kaspersky’s discovery of the malware and its attributes. What’s really remarkable in this iteration is its residence in memory. It only exists as a copy on a drive at the first point of infection in a network, and can be wiped remotely to destroy evidence of its occupation.

The infosec firm killed the malware in their networked devices by mimicking a power outage. They detached from their network suspect devices believed to contain an infecting copy.

Kaspersky’s Patient Zero was a non-technical employee in Asia. Duqu 2.0 wiped traces of its own insertion from the PC’s drive.

Neither WSJ or Ars Technica noted Kaspersky’s network must have been subject to a program like TREASUREMAP.

…Because the rest of the data remained intact on the PC and its security patches were fully up to date, researchers suspect the employee received a highly targeted spear phishing e-mail that led to a website containing a zero-day exploit. … (bold mine – source: Ars Technica)

How was a single non-technical point of contact in Asia identified as a target for an infected email? Read more

Glaring Front Page Error by David Sanger, New York Times as Iran Nuclear Negotiations Near Deadline

/17 Comments/in , /by

See the update below, as of about 2:45 pm, the Times has changed the wording of the erroneous paragraph without adding a note of the correction. Oops. I got off on the wrong paragraph when I checked back. See the comment from Tony Papert below.

For someone who has written on a range of technical issues for many years, the error committed last night by David Sanger could not be worse nor come at a worse time for the important events he is attempting to cover. In an article put up last night on the New York Times website and apparently carried on page A1 of today’s print edition, Sanger and the Times have garbled a key point at the heart of the negotiations between Iran and the P5+1 group of nations as they near the critical November 24 deadline for achieving a full agreement on the heels of last year’s interim agreement.

The article ostensibly was to announce a major breakthrough in the negotiations, although Gareth Porter had worked out the details of the progress last week. Here is what Porter deduced:

The key to the new approach is Iran’s willingness to send both its existing stockpile of low enriched uranium (LEU) as well as newly enriched uranium to Russia for conversion into fuel for power plants for an agreed period of years.

In the first official indication of the new turn in the negotiations, Iranian Foreign Ministry spokesperson Marzieh Afkham acknowledged in a briefing for the Iranian press Oct. 22 that new proposals combining a limit on centrifuges and the transfer of Iran’s LEU stockpile to Russia were under discussion in the nuclear negotiations.

The briefing was translated by BBC’s monitoring service but not reported in the Western press.

Undersecretary of State Wendy Sherman, who heads the U.S. delegation to the talks, has not referred publicly to the compromise approach, but she appeared to be hinting at it when she said on Oct. 25 that the two sides had “made impressive progress on issues that originally seemed intractable.”

As Porter goes on to explain, such an arrangement would allow Iran to maintain a large number of centrifuges continuing to enrich uranium, but because there would be no stockpile of low enriched uranium (LEU), the “breakout time” (time required to highly enrich enough uranium for a nuclear weapon) would remain at about a year. By having Russia convert the LEU to fuel rods for Iran’s nuclear power plant, that LEU would be removed from any easy pathway to a weapon. This would provide Iran the “win” of maintaining its present level of around 10,000 operational centrifuges but give the P5+1 its goal of a longer breakout time. The key here is that unlike a proposal in 2005 where Russia would take over enrichment for Iran, this new proposal would allow Iran to continue its enrichment program while shipping virtually all of of its LEU to Russia for conversion to fuel rods.

Sanger appears to start off on the right track with his article:

Iran has tentatively agreed to ship much of its huge stockpile of uranium to Russia if it reaches a broader nuclear deal with the West, according to officials and diplomats involved in the negotiations, potentially a major breakthrough in talks that have until now been deadlocked.

Under the proposed agreement, the Russians would convert the uranium into specialized fuel rods for the Bushehr nuclear power plant, Iran’s only commercial reactor. Once the uranium is converted into fuel rods, it is extremely difficult to use them to make a nuclear weapon. That could go a long way toward alleviating Western concerns about Iran’s stockpile, though the agreement would not cut off every pathway that Tehran could take to obtain a nuclear weapon.

But about halfway through the article, Sanger displays a shocking ignorance of the real points of recent negotiations and somehow comes to the conclusion that Russia would be taking over enrichment for Iran rather than converting LEU into fuel rods:

For Russia, the incentives for a deal are both financial and political. It would be paid handsomely for enriching Iran’s uranium, continuing the monopoly it has in providing the Iranians with a commercial reactor, and putting it in a good position to build the new nuclear power reactors that Iran has said it intends to construct in the future. And it also places President Vladimir V. Putin at the center of negotiations that may well determine the future of the Middle East, a position he is eager to occupy.

Somehow, Sanger and his New York Times editors and fact-checkers are stuck in 2005, suggesting that Iran would negotiate away its entire enrichment program. Such a drastic move would never be contemplated by Iran today and we are left to wonder whether this language found its way into the Times article through mere incompetence or more nefarious motives meant to disrupt any possible deal by providing false information to hardliners in Iran.

At the time of this writing (just before 9 am on November 4), the Times still has not added any correction or clarification to the article, despite the error being pointed out on Twitter just after 10:30 pm last night (be sure to read the ensuing Twitter conversation where Laura Rozen and Cheryl Rofer work out the nature of the error).

Update: And now, around 2:45 in the afternoon, I see that the Times has changed the erroneous paragraph. So far, I don’t see a note that a correction has been made. Here is the edited paragraph:

Russia’s calculus is also complex. It stands to gain financially from the deal, but it also has an incentive to see the nuclear standoff between Iran and the rest of the world continue, because an embargo keeps Iranian oil off the market. With oil prices falling, a flood of exports from Iran could further depress prices.

Will they ever get around to adding a note? I’ll keep an eye out. Well dang, this is embarrassing. I went to the wrong paragraph when I looked back. The article is still unchanged. Thanks to Tony Papert in comments for catching my bone-headedness.

With Over Half of Chemical Weapons-Related Stockpile Removed, Russia Says Syrian CW Potential Near Zero

/9 Comments/in /by

Yesterday, in describing how Russia has played the US media regarding “threats” to the P5+1 negotiations on Iran’s nuclear technology, I mentioned that continued progress on Syria’s removal of its chemical weapons-related materials was further evidence that Russia intends to cooperate on the Iranian and Syrian nonproliferation issues separately from disputes over the Crimea annexation. Today, with news out that removal of the CW-related materials from Syria has crossed the 50% level, Russia has praised that accomplishment while pointing out that Syria now has virtually no capability of using chemical arms. Oh, and if we need any further confirmation that Russia is ready for the recriminations over Crimea to end, Putin himself has now said that there is no further need for retaliation against US sanctions (although I’m guessing that Dana Rohrabacher is in mourning that he wasn’t included in the list of ten US figures sanctioned by Russia since he even played dress-up and “fought” against the Soviets in Afghanistan).

A press release put out by the Organization for the Prohibition of Chemical Weapons yesterday put the removal of materials from Syria at just under 50%:

The OPCW-UN Joint Mission has verified the delivery of another consignment of Priority 1 chemicals today to Latakia and their removal from the port on a cargo ship, raising the amount of Syrian chemicals that are now out of the country to nearly half of the total stockpile.

The confirmation came on the heels of an announcement late yesterday by the Joint Mission of two other consignments of chemicals that were delivered to Latakia and removed during the past week. A total of 11 consignments of chemicals have now been transported out of Syria for destruction outside the country. The updated cumulative figures are as follow:

Priority 1 chemicals removed:             34.8 %*
Priority 2 chemicals removed:             82.6 %
Total chemicals removed:                   49.3 %

/snip/

* Includes all sulfur mustard, the only unitary chemical warfare agent in Syria’s arsenal

But the UN has slightly different figures, putting the removal over 50%:

More than half of Syria’s declared chemical weapons arsenal has been shipped out or destroyed within the country, the head of the international team overseeing the disarmament process said on Thursday.

Sigrid Kaag, head of the joint mission of the United Nations and Organisation for the Prohibition of Chemical Weapons (OPCW), said 54 percent of the toxins had been removed or eliminated.

The process, which President Bashar al-Assad’s government agreed to after a chemical attack killed hundreds of people around Damascus last year, is months behind schedule but Kaag said the new momentum “would allow for timely completion”.

“The joint mission welcomes the momentum attained and encourages the Syrian Arab Republic to sustain the current pace,” Kaag said in a statement.

Russia welcomed this news and added that Syria now has almost no capability of carrying out an attack with chemical weapons:

The Syrian government has reduced its chemical weapons potential close to zero, state-run RIA news agency quoted an unnamed official at the Russian Foreign Ministry as saying on Friday.

“Chemical weapons production facilities, equipment for mixing (chemicals) and operating (the weapons), as well as the means of their delivery have been destroyed,” the official said, adding that the only gas that had been ready for use in weaponry had been completely removed from the country.

“At the moment, Damascus has de facto reduced its military chemical weapons potential to almost zero.”

Sadly, those who relish a restart of the Cold War are unlikely to stop now, so we are left to wonder what Putin will do in response if the US (especially Congressional meddlers) takes further steps claimed to be in response to the annexation of Crimea. Putin’s statement today that he sees no need for further retaliation can be viewed as reining back in the “threat” delivered by Ryobkov after the P5+1 negotiations ended Wednesday. Further action by the US, though, could end Russian cooperation in both the P5+1 process and the Syrian CW situation, seriously hurting current nonproliferation efforts.

It is my hope that Cold War fans will restrict their threats against Russia to the realm of what would happen should Putin try to grab more territory beyond Crimea.

Russia Expertly Plays US Press on P5+1 Talks

/4 Comments/in /by
Screengrab from the PressTV story on Ryobkov's comments.

Screengrab from the PressTV story on Ryobkov’s comments.

On Tuesday, I noted that Alissa Rubin provided an outlet for an unidentified “senior American official” to put into the New York Times concerns that Russia might allow the disagreement over Crimea to affect their negotiating stance in the P5+1 talks with Iran in Geneva on Tuesday and Wednesday. This was, of course, despite an encouraging statement by chief Russian negotiator Deputy Foreign Minister Sergei Ryabkov showing optimism about the negotiations that were about to begin.

Despite these concerns by the American official, it appears that the talks went well. Fredrik Dahl reports that Iran was happy with how the talks went:

Iranian Foreign Minister Mohammed Javad Zarif characterized the latest round of negotiations as “very successful” in terms of clarifying the issues involved, the Iranian official news agency IRNA reported.

“In terms of understanding and clarification, Vienna-2 was among our very successful round of talks … extremely beneficial and constructive,” it quoted Zarif as saying.

But once the talks had finished, with the next round not scheduled to begin until April 7, Ryobkov played the US press expertly, and AP’s George Jahn was quick to take the bait:

U.S.-Russian tensions over Ukraine spilled over into nuclear talks with Iran Wednesday, with Moscow’s chief envoy at the negotiations warning that his country may take “retaliatory measures” that could hurt attempts to persuade Tehran to cut back on programs that could make atomic arms.

The statement, by Deputy Foreign Minister Sergei Ryabkov, appeared to be the most serious threat of reprisal by Moscow for Western sanctions against Russia over its annexation of Ukraine’s Crimea region.

Russia is key to attempts to coax Iran into significant long-term curbs of its nuclear program in exchange for relief from U.N. and other sanctions. Iran insists it does not want nuclear arms but is seeking a deal that will result in full sanctions relief.

The Russian threat, hours after the latest negotiating round ended, appeared to catch Washington off guard.

Perhaps the most significant evidence that Ryobkov was merely jerking Washington’s chain can be seen in how his tone remains entirely positive about the P5+1 talks in comments carried today by PressTV, even stating that the current timetable for reaching a final agreement appears to still be on track:

A Russian Foreign Ministry official says talks between Iran and six world powers over Tehran’s nuclear energy program have “progressed quite well.”

“We have progressed quite well, the atmosphere is very good, and the work is business-like and result-oriented,” Russian Deputy Foreign Minister Sergei Ryabkov said in a telephone interview with Russia’s Interfax news agency from the Austrian capital of Vienna on Thursday.

“But saying that we have the outlines of an agreement now would be encroaching upon the truth. There are none,” he added.

Referring to a late-July deadline that was set in November last year between Tehran and the six nations for a final nuclear agreement, Ryabkov said, “I don’t see any reasons to say that this deadline could be shifted and that this schedule is becoming unrealizable. There are no reasons for this so far.”

At least Jahn also reported that it appears that Iran is leaning toward a re-engineering of the Arak reactor so that it will produce less plutonium. This would lessen concerns about the reactor while still allowing it to move into use to replace the aging Tehran research reactor in producing medical isotopes.

At any rate, with several weeks to go before the next round of P5+1 talks, there is plenty of time for Ryobkov’s “warning” over sanctions in response to the Crimean situation to play itself out.  Considering that we have reports now that Syria has gotten almost to the 50% mark in removal of its chemical weapons-related materials, its seems likely that Russsia is still committed to its nonproliferation stance for chemical and nuclear weapons despite the disputes it has with the West on other issues.

Amid Reports of Near Agreement and IAEA, Iran Followup Meeting, Jahn Eats Crow

/1 Comment/in , /by

Despite the best efforts of those who want a military attack on Iran to paint Iran as hiding attempts to develop a nuclear weapon, cooler heads appear to be prevailing as yesterday’s talks in Tehran produced reports of a likely agreement and a follow-up meeting between the IAEA and Iran in only a month. One of the most important signs of progress is that the AP’s George Jahn, who has served as a conduit for many of the most flimsy charges against Iran even gave space at the end of his report today to provide an alternate viewpoint that calls most of his reporting for the past year into significant question.

From Reuters, Fred Dahl (who at times has dabbled in the same rumor-mongering as Jahn, but not as blatantly) reports on the progress made yesterday:

The U.N. atomic agency failed to gain access to a military site in talks with Iran this week but expects to reach a deal in January to resume a stalled nuclear probe, the chief U.N. inspector said after returning from Tehran on Friday.

Even though the International Atomic Energy Agency was not allowed to see the Parchin complex during Thursday’s visit to the Iranian capital, IAEA team leader Herman Nackaerts said progress had been made in the meeting.

/snip/

“We expect to finalize the structured approach and start implementing it then shortly after that,” he said, referring to a framework agreement that would enable the IAEA to restart its investigation into suspected atomic bomb research in Iran.

“We had good meetings,” Nackaerts added. “We were able to make progress.”

It is not just the IAEA who characterized the meeting as productive. From PressTV, we also get positive news from the Iranian side of the meeting:

Earlier, Iran’s Ambassador to the IAEA Ali-Asghar Soltanieh told Press TV that Tehran and the UN nuclear body agreed at the end of the one-day meeting to hold a next round of talks in January.

“This round of talks was constructive and good progress was made,” Soltanieh added.

Adding to the possible momentum generated yesterday, both the Reuters article linked above and this Fars News piece from Iran report that a new round of the P5+1 talks also could be taking place soon.

But perhaps the most encouraging news of all comes from what appears in today’s report from the AP’s George Jahn, who has been at the center of controversy many times during the last year because of the way he publishes “leaked” material coming from countries that favor military action in Iran and who want to disrupt diplomatic negotiations. In today’s story, he does recite some of his litany of charges against Iran and the claims that work at the Parchin military site may have been carried out to develop an explosive trigger device for a nuclear weapon. He also relates that David Albright emailed to AP a “series of commercial satellite photographs of the Parchin site” detailing activities at the site that Albright and Jahn have been hyping as aimed at “cleansing” the site of radioactive signatures of the trigger development work. Presumably, Albright had to email the photos to Jahn because Jahn is not able to find them on Albright’s website where he posted them along with a “they’re still at it” type of “analysis” earlier this week.

However, after giving space for more information from Albright, Jahn makes the remarkable move of providing an alternate viewpoint from an authoritative source [emphais added]:

But a former IAEA inspector questioned what the information shown on the satellite photos actually mean.

This ‘sanitization story’ is an old wives’ tale,” said Robert Kelley, in an email Friday to the AP. “It is clear from examination of the satellite images that there is no concerted effort to disguise possible uranium contamination outside the building.”

Kelley said the activities at Parchin reflected “a construction project, not a demolition effort,” adding: “This is clearly not a sanitization.

Seeing his last year of work on behalf of war mongers dismissed as “an old wives’ tale” and then including it in his report had to hurt Jahn. He is due a bit of respect for reporting it, even if he did hide it at the very end of his report.

Despite Progress on Iran-IAEA Talks, US Envoy Emphasizes War Plans

/7 Comments/in /by

Both Bloomberg and the AP’s George Jahn reported yesterday that the second session of talks in Vienna between the IAEA and Iran produced progress and that additional talks are now scheduled for May 21 in Vienna. But don’t look for news of this progress in the New York Times, because it’s not there. And don’t look for statements from the US praising the progress (although China did praise it) and urging further progress at Monday’s talks in Vienna or the P5+1 talks later in the week in Baghdad. Instead, US Ambassador to Israel Dan Shapiro chose to emphasize in an interview on Army Radio in Israel that US plans for war with Iran are ready to be put into action.

First, the good news on the progress. From Bloomberg:

Iran and International Atomic Energy Agency inspectors extended a round of negotiations over the Persian Gulf nation’s suspected nuclear-weapon work after both sides said progress had been made.

IAEA inspectors will meet again with their Iranian counterparts on May 21 in Vienna. They ended today two days of talks in the Austrian capital.

“We discussed a number of options to take the agency verification process forward,” IAEA chief inspector Herman Nackaerts told reporters. “We had a good exchange of views.”

/snip/

“We had fruitful discussions in a very conducive environment,” Iran’s IAEA Ambassador Ali Asghar Soltanieh said. “We have had progress.”

More details on the progress are reported by Mehr News:

Iran and the International Atomic Energy Agency have agreed to develop a modality for further cooperation, the Mehr News Agency has learnt.

The responsibilities and commitments of each side will be determined by the modality and the measures necessary will be taken based on the agreement.

In his report on the progress of negotiations, George Jahn couldn’t resist a partial reprise of his report over the weekend in which he breathlessly released a cartoon purporting to depict an explosives chamber where nebulous “Western diplomats” have leaked to Jahn that work to develop an explosive neutron trigger for an atomic bomb has been carried out. In an interesting development, Jahn has put a new accusation into this scenario. On Tuesday, I pointed out that if the accused work has been carried out in the chamber, then the steel walls of the chamber will be radioactive due to neutron activation and that this radioactivity will be dispersed throughout the entire thickness of the steel. That means the chamber cannot have its radioactivity removed by the cleaning process claimed by David Albright:

The process could involve grinding down the surfaces inside the building, collecting the dust and then washing the area thoroughly.  This could be followed with new building materials and paint.  It could also involve removing any dirt around the building thought to contain contaminants.

Jahn now allows for the possibility that Iran could not leave a chamber that is radioactive due to neutron activation in the building for an IAEA inspection:

 Some fear that Iran may even dismantle the explosives containment chamber believed to be inside the suspect building, taking it out in small pieces, if given enough time.

Why has Jahn’s language evolved from “scrubbing” the chamber to removing it? Read more