Bharat Rakshak

Indian Cyber Army claims to have defaced Oil and Gas Regulatory Authority site of the neighbouring country. Now after a group of Pakistani hackers, Predators PK, defaced the Central Bureau of Investigation (CBI) website, India's cyber warriors have retaliated by damaging the Oil and Gas Regulatory Authority (OGRA) of Pakistan website among others.

Indian Cyber Army (ICA), powered by indishell.in, carried out a mass defacement operation on key Pakistani websites "to pay homage to the martyrs of the terror attacks" on the anniversary of 26/11.

"PCA has done no great job. They attacked very soft targets and such vulnerable websites are floating around all over the web," said an Indian hacker on the condition of anonymity.

The official website of the Central Bureau of Investigation, which was recently hacked by unknown persons calling themselves 'Pakistani Cyber Army,' remains inoperative even after one week.

The National Informatics Centre that manages the official websites of the government of India [ Images ] and state governments had boasted to put back the CBI website up and running within 24 hours of the attack on Friday last.

Its engineers, however, admitted on Thursday that the hackers not only defaced the site, but destroyed all the data mounted by CBI on the NIC server, and hence it is taking much longer time to put back the data one by one.

All that they could do last Saturday was to make the website cbi.nic.in inoperative to stop the viewers' access to the hackers' messages like 'Long life Pakistan' and why they resorted to take over India's top investigating agency's website.

http://www.rediff.com/news/report/post-hacking-why-cbi-website-is-still-inoperative/20101209.htm

The website of the Central Bureau of Investigation, India’s premier investigation agency was hacked by the Pakistan Cyber Army. The website had the message from the PCA that this was being done to avenge the hacking of Pakistan government websites by the Indian Cyber Army.
The message on the CBI website also mock the agency for the lack of security and also questioned the manner in which the National Informatics Centre had put in place the security to safeguard government websites.
Immediate measures have been taken to rectify the problem since the website of the CBI is not only connected to all police stations in the country, but also directly linked to the Interpol. There is heavy damage control exercise which is on at the moment since there is crucial data on this website. The data contains records of wanted criminals and terrorists and this information is linked with the Interpol.
The attack comes close on the heels of a major warning by intelligence agencies that Indian government websites will come under severe attack by Pakistan based hackers. The IB had warned that Pakistan would launch a major cyber war and this could be a continous process and immediate steps had to be taken to secure our servers and websites.
The Pakistan Cyber Army which is the most lethal of the three Pakistan based hacking groups claims to have come into force after their websites were hacked. They say that the Indians had hacked into Oil and Gas Regulatory website in Pakistan. In an immediate retort they hacked into the website of the Oil and Natural Gas Corporation.
India has been trying to put in place its own set of hackers. The core job of this group would not be to hack into websites of other countries, but to secure hackers from other countries from entering into our sites.
Currently India has a set of hackers who have capabilities, but the problem is that there is a need for a government clearance to get them to do the job legally. The advantage that a PCA has is that they enjoy the support of security agencies and hence they appear to be in a stronger position today. The IB says that it is not sufficient to rely on the government machinery, but experts from the private sector need to be brought in to secure Indian websites.
Experts point out that there is a need to put in place a dedicated cyber army to protect India’s websites. We have seen many attacks in the past and we should consider ourselves lucky that no serious damage has been done as yet. At the moment they only want to show that our system is weak and it is more of a game for them.

Three days gone and the website of the Central Bureau of Investigation is still down. When queried about the same, the answer was work was still on and more importantly the investigation was on in full swing.

It is an established fact that the hacking of the CBI website was the handi work of the Pakistan Cyber Army. Looking back at this attack there are many points that come to light and cyber security experts point out that the most disturbing of all the facts on the cyber security front is that the government of India is yet to notify a large number of sensitive websites as protected systems.

The amendment to the Information Technology Act made a provision for the government to notify all sensitive sites under it as protected systems. Under this provision, a mere attempt to access a protected system would invite a jail term of up to ten years. This would not deter a Pakistani from hacking the website under the classification of a protected system, but within the country the systems would be much more secure.

Pavan Duggal, an expert on cyber security tells rediff.com that most of the highly sensitive websites in India which are under the government ofIndia are not notified as protected systems. The IT act says that any person trying to even access the site under this category will imprisoned for ten years. The fact that the government has not done this despite the act being in place for nearly two years only speaks about the seriousness in fighting cyber crime.

The attack on the CBI site brought into question an important fact whether India has its own Cyber Army. India does have a set of ethical hackers who are meant to protect our systems. However there are a lot of issues that surround this and one ethical hacker who did not wish to be named pointed out the following problems that they face.<

He says that they do not enjoy the patronage of the government. The much needed security that they ought to have has not been provided by the government. This is in total contrast of the Pakistan Cyber Army which enjoys the complete patronage of both the Government and the ISI.

In addition to this some of the ethical hackers in India who were supposed to work for the government have complained about too much police interference. Very recently there was an incident in which the police had issued a couple of directions to the ethical hackers. These persons say that they were upset with this kind of interference and they should not be told how to go about their job. This kind of kills our motivation and we feel that our own system is against us. Our job requires precision and a lot of dedication and at times we would suo motu indicate the problems faced by the Indian systems. However there was not much reaction to this and we have been clearly told that we need to work when we are asked to work.<

Duggal points out that there are plenty of ethical hackers in India. However we do not have a cyber army in that sense of the word. It is high time that India thinks in that direction in order to act pro actively to protect our sovereign interests.

Look at the case of the CBI website. It has been four days and it is still not up when it should have been done in three hours time. The message we have sent out is loud and clear that we lack a pro active national cyber strategy on cyber crime. Moreover the Pakistanis have exploited our security loop holes and we are only showing how weak we are by undertaking the restoration process so late.

The Intelligence Bureau on the other hand has been constantly warning against such attacks. It has been more of a challenge this time, but there could well be a situation where our crucial data is accessed. A fully functional and dedicated cyber army is very much required and it should comprise IT professionals. It is more important that they constantly work towards securing our web sites than hack into systems of our neighbouring nations.

Meanwhile the Defence Research and Development Organisation (DRDO) says that it is developing a mechanism to make websites hack proof. The DRDO pointed out that cyber security is a major concern for national security and feels that they could develop hacking proof devices.

"[The hackers] attack from the shadows and they have no fear of retaliation. There are no rules of engagement in this kind of emerging warfare."

Theo de Raadt has made public an email sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago. The claim is that the FBI paid contractors to insert backdoors into OpenBSD's IPSEC stack. Mr. Perry is coming forward now that his NDA with the FBI has expired. The code was originally added ten years ago ... Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products ...

Very important and long overdue development :

Govt to back setting up a microchip facility in India - http://business-standard.com/india/stor ... ono=418439

Hope it does not fizzle out, as has happened in the past.

Islamabad, Aug 15 (IANS) Indian hackers have broken into the website of the Pakistan Press Foundation (PPF), a Pakistani television channel claimed Sunday.

In July, the official website of Punjab province's police department was hacked by Indian hackers who removed the names of Punjab Chief Minister Shahbaz Sharif and the police chief and posted some Indian slogans on the site, the television channel claimed.

Some 150 Pakistani websites were hacked recently, said officials of the Pakistan Telecommunication Authority (PTA), which controls telecommunication activities in Pakistan.

I can't comment on security implications of this decision, but IMO fab or even a foundary would do nothing good to indian vlsi industry.

The government will prevent telcos from offering non-voice 3G mobile services in seven days, unless they demonstrate that these facilities can be tapped live, a senior department of telecom (DoT) official said.

The 3G data services that could be impacted include high-speed internet, download of music and video clips, chat and internet telephony calls.

Last week, the industry lobby representing CDMA and dual-technology operators such as RCOM and Tata Teleservices wrote to the telecom minister seeking that the ban on video calls be revoked. The industry body said interception of video calls was only possible when the call ended, and that it would take six to nine months for the live tapping system to be implemented

This May saw the launch of US Cyber Command, a military effort devoted to defending the country's computer networks and, presumably, attacking those of its enemies. Hot young coders are being tempted away from Silicon Valley and into classified cyber projects. The military of course will not say what these new hacker-soldiers are up to, but no one expects them to stand by and watch should a conflict break out.

FBI backdoors in OpenBSD - http://bsd.slashdot.org/firehose.pl?op= ... /15/004235

E J Hilbert, a former FBI cyber-crime agent, said attempts were made to place backdoors in open source security codes but that these were unsuccessful. "I was one of the few FBI cyber agents when the coding supposedly happened. Experiment yes. Success No," Hilbert said in a Twitter update.

On December 2008, severe disruptions to Egypt's Internet services were blamed on damage to underwater data cables caused by a ship's anchor.

Wireless at the speed of plasma

http://www.newscientist.com/article/mg2 ... lasma.html

^^^ Looks like development of AESA has led to gains in Radio communications. Nice, but some things I failed to understand:

1.) Does the antennae transmit a cloud of only electrons and in specific direction using beam forming methods and the signal rides these electrons?

PD: I doubt the electrons go anywhere. Rather, only a cloud of electrons is maintained around the diodes. Inbound electromagnetic radiation probably further energises the electron cloud as it gets absorbed. These electrons would then probably revert to their steady state by emitting the energy absorbed earlier, i.e. via electromagnetic radiation of the same wavelength as the inbound radiation. This emission would then be the reflection.

By having a static pattern of activated and de-activated electron clouds, you'd be able to beam-form the reflection with constructive and destructive interference patterns.

By having a dynamic pattern of activated and de-activated electron clouds, you'd be able to move or steer the reflected beam.

or

2.) The electron cloud just acts as a repeater for signal being transmitted from a different antennae?

PD: Yes

The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel’s never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.

Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.

Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.

“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”

Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran’s ability to buy components and do business around the world.

The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel’s long-held argument that Iran was on the cusp of success.

The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.

In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.

Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.

In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.

Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.

The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.

The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.

“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.

Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.

Hackers operating from China stole sensitive information from Western oil companies, a U.S. security firm reported Thursday, adding to complaints about pervasive Internet crime traced to the country.

The report by McAfee Inc. did not identify the companies but said the "coordinated, covert and targeted" attacks began in November 2009 and targeted computers of oil and gas companies in the United States, Taiwan, Greece and Kazakhstan. It said the attackers stole information on operations, bidding for oil fields and financing

McAfee said extraction of information occurred from 9 a.m. to 5 p.m. Beijing time on weekdays. It said that suggested the attackers were "company men" on a regular job, rather than freelance or amateur hackers.

The attackers used hacking tools of Chinese origin that are prevalent on Chinese underground hacking forums, McAfee said.

Google announced last January that cyberattacks from China hit it and at least 20 other companies. Google says it has "conclusive evidence" the attacks came from China but declined to say whether the government was involved.

In the aftermath of the revolution that brought down Egypt’s Hosni Mubarak, protesters burst into the building that housed the state security services and combed through thousands of documents left by the departing regime. Among the files listing paid informants, tortured confessions and acts of secret manipulation was one rather exceptional document: a contract from an obscure German firm selling cyberwar software to the Egyptian regime. The document, quickly posted on the Internet, provided a detailed glimpse inside the black arts of today’s world of electronic warfare.

For those who study the geopolitics of cyberspace, the revelation was hardly surprising. There’s an arms race in cyberspace, and a massively exploding new cyber-industrial complex that serves it. The German firm is but one small manifestation.

...

Both Indian and Iranian officials have gone on public record condoning hackers who work in the state’s interest....

...

We have indeed created a kind of “world brain”; the problem is, it’s a typically aggressive and insecure human one.

Ron Deibert is director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. Rafal Rohozinski is CEO of the Ottawa-based SecDev Group.

Both Indian and Iranian officials have gone on public record condoning hackers who work in the state’s interest....

The government fears a cyber attack on the power transmission lines and air traffic control systems by the new and sophisticated computer program Stuxnet. As a counter measure, the top brass of the country, which includes all chiefs of staff and secretaries of home, telecom, defence, finance and IT, has drafted a plan to thwart any such attack.

In a meeting held in the Prime Minister's Office on March 23, minutes of which were reviewed by ET, the country's top brass has made a plan to harden the security around Air Traffic Controllers (ATCs) and PowerGrid. A two-tier team comprising National Technical Research Organisation and ATC officials has been formed. The team would visit all airports shortly to conduct security reviews.

U.S. efforts to halt Byzantine Hades hacks are ongoing, according to four sources familiar with investigations. In the April 2009 cable, officials in the State Department's Cyber Threat Analysis Division noted that several Chinese-registered Web sites were "involved in Byzantine Hades intrusion activity in 2006."

The sites were registered in the city of Chengdu, the capital of Sichuan Province in central China, according to the cable. A person named Chen Xingpeng set up the sites using the "precise" postal code in Chengdu used by the People's Liberation Army Chengdu Province First Technical Reconnaissance Bureau (TRB), an electronic espionage unit of the Chinese military.

Many firms whose business revolves around intellectual property -- tech firms, defense group companies, even Formula One teams -- complain that their systems are now under constant attack to extract proprietary information. Several have told Reuters they believe the attacks come from China.

Some security officials say firms doing business directly with Chinese state-linked companies -- or which enter fields in which they compete directly -- find themselves suffering a wall of hacking attempts almost immediately.

In a private meeting of US, German, French, British and Dutch officials held at Ramstein Air Base in September 2008, German officials said such computer attacks targeted every corner of the German market, including "the military, the economy, science and technology, commercial interests, and research and development," and increase "before major negotiations involving German and Chinese interests," according to a cable from that year.

One reason: for China, digital espionage is wrapped into larger concerns about how to keep China's economy, the world's second largest, growing. "They've identified innovation as crucial to future economic growth -- but they're not sure they can do it," says Lewis. "The easiest way to innovate is to plagiarize" by stealing US intellectual property, he adds.

^^^Raghavendra, with respect;

I think you're behind on your reading.
Suggest you read through this thread, starting with the first post, which discusses the work of the NTRO WRT Cyber Warfare.

PS: In case anyone is unclear: I didn't write the above, I only quoted it from that Globe and Mail article.

Defence Ministry to File Complaint on Fake Emails

I guess they haven't heard of a thing called SPAM

WASHINGTON (AP) — President Barack Obama has signed executive orders that lay out how far military commanders around the globe can go in using cyberattacks and other computer-based operations against enemies and as part of routine espionage in other countries.

The orders detail when the military must seek presidential approval for a specific cyber assault on an enemy and weave cyber capabilities into U.S. war fighting strategy, defense officials and cyber security experts told The Associated Press.

Signed more than a month ago, the orders cap a two-year Pentagon effort to draft U.S. rules of the road for cyber warfare, and come as the U.S. begins to work with allies on global ground rules.

The guidelines are much like those that govern the use of other weapons of war, from nuclear bombs to missiles to secret surveillance, the officials said.

In a broad new strategy document, the Pentagon lays out some of the cyber capabilities the military may use during peacetime and conflict. They range from planting a computer virus to using cyberattacks to bring down an enemy's electrical grid or defense network.

"You don't have to bomb them anymore. That's the new world," said James Lewis, cybersecurity expert at the Center for Strategic and International Studies.

The new Pentagon strategy, he said, lays out cyber as a new warfare domain and stresses the need to fortify network defenses, protect critical infrastructure and work with allies and corporate partners.
..........

As an example, the new White House guidelines would allow the military to transmit computer code to another country's network to test the route and make sure connections work — much like using satellites to take pictures of a location to scout out missile sites or other military capabilities.

The digital code would be passive and could not include a virus or worm that could be triggered to do harm at a later date. But if the U.S. ever got involved in a conflict with that country, the code would have mapped out a path for any offensive cyberattack to take, if approved by the president.

The guidelines also make clear that when under attack, the U.S. can defend itself by blocking cyber intrusions and taking down servers in another country. And, as in cases of mortar or missile attacks, the U.S. has the right to pursue attackers across national boundaries — even if those are virtual network lines.

"We must be able to defend and operate freely in cyberspace," Lynn said in a speech last week in Paris. The U.S., he said, must work with other countries to monitor networks and share threat information.

......
Over time, Lynn said, the program could be a model for the Homeland Security Department as it works with companies that run critical infrastructure such as power plants, the electric grid and financial systems.

Members of Congress are working on a number of bills to address cybersecurity and have encouraged such public-private partnerships, particularly to secure critical infrastructure. But they also warn of privacy concerns.

...........
Under the new Pentagon guidelines, it would be unacceptable to deliberately route a cyberattack through another country if that nation has not given permission — much like U.S. fighter jets need permission to fly through another nation's airspace.

was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium.

Natanz technicians in white lab coats, gloves and blue booties were scurrying in and out of the “clean” cascade rooms, hauling out unwieldy centrifuges one by one, each sheathed in shiny silver cylindrical casings.

Any time workers at the plant decommissioned damaged or otherwise unusable centrifuges, they were required to line them up for IAEA inspection to verify that no radioactive material was being smuggled out in the devices before they were removed. The technicians had been doing so now for more than a month
Normally Iran replaced up to 10 percent of its centrifuges a year, due to material defects and other issues. With about 8,700 centrifuges installed at Natanz at the time, it would have been normal to decommission about 800 over the course of the year.

But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran’s enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate — later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months.

The question was, why?

Iran wasn’t required to disclose the reason for replacing the centrifuges and, officially, the inspectors had no right to ask. Their mandate was to monitor what happened to nuclear material at the plant, not keep track of equipment failures. But it was clear that something had damaged the centrifuges.

What the inspectors didn’t know was that the answer they were seeking was hidden all around them, buried in the disk space and memory of Natanz’s computers. Months earlier, in June 2009, someone had silently unleashed a sophisticated and destructive digital worm that had been slithering its way through computers in Iran with just one aim — to sabotage the country’s uranium enrichment program and prevent President Mahmoud Ahmadinejad from building a nuclear weapon.

But it would be nearly a year before the inspectors would learn of this. The answer would come only after dozens of computer security researchers around the world would spend months deconstructing what would come to be known as the most complex malware ever written — a piece of software that would ultimately make history as the world’s first real cyberweapon.

n June 17, 2010, Sergey Ulasen was in his office in Belarus sifting through e-mail when a report caught his eye. A computer belonging to a customer in Iran was caught in a reboot loop — shutting down and restarting repeatedly despite efforts by operators to take control of it. It appeared the machine was infected with a virus.

Ulasen heads an antivirus division of a small computer security firm in Minsk called VirusBlokAda. Once a specialized offshoot of computer science, computer security has grown into a multibillion-dollar industry over the last decade keeping pace with an explosion in sophisticated hack attacks and evolving viruses, Trojan horses and spyware programs.

The best security specialists, like Bruce Schneier, Dan Kaminsky and Charlie Miller are considered rock stars among their peers, and top companies like Symantec, McAfee and Kaspersky have become household names, protecting everything from grandmothers’ laptops to sensitive military networks.

VirusBlokAda, however, was no rock star nor a household name. It was an obscure company that even few in the security industry had heard of. But that would shortly change.

Ulasen’s research team got hold of the virus infecting their client’s computer and realized it was using a “zero-day” exploit to spread. Zero-days are the hacking world’s most potent weapons: They exploit vulnerabilities in software that are yet unknown to the software maker or antivirus vendors. They’re also exceedingly rare; it takes considerable skill and persistence to find such vulnerabilities and exploit them. Out of more than 12 million pieces of malware that antivirus researchers discover each year, fewer than a dozen use a zero-day exploit.

In this case, the exploit allowed the virus to cleverly spread from one computer to another via infected USB sticks. The vulnerability was in the LNK file of Windows Explorer, a fundamental component of Microsoft Windows. When an infected USB stick was inserted into a computer, as Explorer automatically scanned the contents of the stick, the exploit code awakened and surreptitiously dropped a large, partially encrypted file onto the computer, like a military transport plane dropping camouflaged soldiers into target territory.

It was an ingenious exploit that seemed obvious in retrospect, since it attacked such a ubiquitous function. It was also one, researchers would soon learn to their surprise, that had been used before.

VirusBlokAda contacted Microsoft to report the vulnerability, and on July 12, as the software giant was preparing a patch, VirusBlokAda went public with the discovery in a post to a security forum. Three days later, security blogger Brian Krebs picked up the story, and antivirus companies around the world scrambled to grab samples of the malware — dubbed Stuxnet by Microsoft from a combination of file names (.stub and MrxNet.sys) found in the code.

As the computer security industry rumbled into action, decrypting and deconstructing Stuxnet, more assessments filtered out.

It turned out the code had been launched into the wild as early as a year before, in June 2009, and its mysterious creator had updated and refined it over time, releasing three different versions. Notably, one of the virus’s driver files used a valid signed certificate stolen from RealTek Semiconductor, a hardware maker in Taiwan, in order to fool systems into thinking the malware was a trusted program from RealTek.

Internet authorities quickly revoked the certificate. But another Stuxnet driver was found using a second certificate, this one stolen from JMicron Technology, a circuit maker in Taiwan that was — coincidentally or not – headquartered in the same business park as RealTek. Had the attackers physically broken into the companies to steal the certificates? Or had they remotely hacked them to swipe the company’s digital certificate-signing keys? No one knew.

“We rarely see such professional operations,” wrote ESET, a security firm that found one of the certificates, on its blog. “This shows [the attackers] have significant resources.”

In other ways, though, Stuxnet seemed routine and unambitious in its aims. Experts determined that the virus was designed to target Simatic WinCC Step7 software, an industrial control system made by the German conglomerate Siemens that was used to program controllers that drive motors, valves and switches in everything from food factories and automobile assembly lines to gas pipelines and water treatment plants.

Although this was new in itself — control systems aren’t a traditional hacker target, because there’s no obvious financial gain in hacking them — what Stuxnet did to the Simatic systems wasn’t new. It appeared to be simply stealing configuration and design data from the systems, presumably to allow a competitor to duplicate a factory’s production layout. Stuxnet looked like just another case of industrial espionage.

Antivirus companies added signatures for various versions of the malware to their detection engines, and then for the most part moved on to other things.

The story of Stuxnet might have ended there. But a few researchers weren’t quite ready to let it go.