– Stuxnet infected Russian nuclear plant (SC Magazine, Nov 8, 2013):
Jumped airgap, Kaspersky boss says.
Stuxnet had ‘badly infected’ the internal network of a Russian nuclear plant after the sophisticated malware caused chaos in Iran’s uranium facilities in Natanz.
The malware, widely considered to have been developed by the US Government as a means to disrupt Iran’s uranium enrichment plans, had crossed a physically separated ‘air-gapped’ network in the Russian plant after it was carried across on a USB device.
Eugene Kaspersky, the charismatic boss of the Russian antivirus company bearing his name, said a staffer at the unnamed nuclear plant informed him of the infection.
“[The staffer said] their nuclear plant network which was disconnected from the internet … was badly infected by Stuxnet,” Kaspersky said.
“So unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity.”
But USB devices were used to ferry malware cross a far greater air-gap: Russian astronauts had carried a virus on removable media to the International Space Station infecting machines there, Kaspersky said.
In a presentation given at the Canberra Press Club designed to give mainstream journalists a broad overview of the state of information security, the chief executive offered his view of the state of online crime and state-sponsored espionage.
“All the data is stolen,” Kaspersky said. “At least twice.”
He said sophisticated malware like Gauss, Flame and Red October were rare and would require around $10 million to build.
Such malware had infected Saudi Aramco knocking it offline for two weeks, Kaspersky noted.
Half of all malware was written in Chinese, according to Kaspersky. About a third was written in Spanish or Portuguese, followed by Russian-coded malware that was less prevalent but the most sophisticated in the world, he said.
He said Chinese malware appeared to ‘not care’ about operational security because researchers regularly found personal photos and social networking accounts on servers used in attack campaigns.