According to the charismatic CEO, malware created to disrupt Iranian nuclear research has travelled to space
Stuxnet, the cyber-weapon allegedly created by the US and Israel government forces to take out uranium processing centrifuges in Iran, also infected a Russian nuclear plant and even reached the International Space Station, claimed Eugene Kaspersky in a keynote at a National Press Club of Australia meeting.
According to the head of one of the world’s largest vendors of IT security products, the fact that the Russian facility wasn’t connected to the Internet didn’t stop the infection.
“Unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity,” warned Kaspersky. He also joked that all of the existing data has been stolen at least twice.
Stuxnet around the world
In 2010, Iranian president Mahmoud Ahmadinejad accused the country’s enemies of trying to disrupt uranium enrichment facilities in Natanz using Stuxnet, considered by some to be one of the most sophisticated pieces of malware ever discovered. According to Symantec, the oldest Stuxnet sample dates as far back as 2005.
A source allegedly told Kaspersky that a Russian nuclear facility was “badly infected” by Stuxnet, despite not being connected to the Internet – the practice known as ‘air gap’ security. Just like in Iran, the infection spread through USB memory sticks, which were previously connected to systems tainted by advanced malware.
Kaspersky said that the International Space Station was infected the same way, and sources told him that malware epidemics in space weren’t that uncommon.
He also talked about the cost of cyber weapons like Gauss, Flame and Red October, revealing that each took around $10 million to develop. According to Kaspersky, half of all malware is written in Chinese, but he called Russian cybercrime operations the most sophisticated in the world.
The boss of Kaspersky Labs is known for his flair for the dramatic – he has previously warned the UK government that a cyber-attack on critical infrastructure could have “literally catastrophic” consequences.
However, the existence of Stuxnet in industrial environments around the world is not that unlikely. According to security expert Graham Cluley, the reason this particular strain of malware was first discovered is it was infecting computer systems outside its intended target. Indeed, over the years, Stuxnet has been used to illustrate the potential impact of a cyber-weapon released into the wild.
How well do you know network security? Try our quiz and find out!