Duqu hackers scrub evidence from command servers, shut down spying op

So now they regroup and show up elsewhere.

 

I can't make much sense from;
"The servers appear to have been hacked by bruteforcing the root password. (We do not believe in the OpenSSH 4.3 0-day theory - that would be too scary!)" link (Conclusion nr.3)

Rejection of a theory based on fear?
Why instead opt for the 'kinda seemingly bruteforcing a password in 8 minutes with afaics a few attempts' theory?
Anyone 'In-the-know' who can shed some light on this?

 

I'm sure i read that one of the AV vendors had grabbed ALL the data from at least one of the servers ? If so they have plenty of juice Not that i expect them to spill All the beans though, to us anyway

However they did say that they would publish more info later, still waiting !

Yeah, but as i've signed the Official Secrets Act, i'm sworn to secrecy, & if i did tell you i'd have to kill you Only kidding

 

The December Windows Updates should tame some Duqu issues.

 

I'm not in the know but interesting comments by posters in your link particularly coming from users Jesse Carter and Sam Crawford.

 

Interesting for sure! Thanks for reminding, Trismegistos.

 

This crap is scary

 

Pure speculation of course, but I'll add a comment; I have heard rumors of some information disclosure vulnerabilities that leak a single next-bit at a time. Most system administrators will lock down the CentOS servers with an iptables rule to slow down brute-force against the SSH daemon. Such as:

If we were able to obtain a single bit at a time... and we know there are 8 bits to the byte... we could get 1 character of the password per minute.

Server "B" in Germany was brute forced in 8 minutes and would imply an 8-character password in our little fantasy scenario.

Best Wishes,
-MessageBoxA