Stuxnet virus infected Russian nuclear reactor, expert says

Haaretz

The Stuxnet worm, known for its reported penetration of Iranian nuclear facilities, attacked a Russian nuclear network, a computer security expert has said.

The Russian facility was supposed to be safe from such an attack because it was completely sealed off from the Internet. However, the malware was introduced to the Russian network through a USB thumb drive, crossing the so-called air gap to the plant's computers, according to Eugene Kaspersky, CEO of an eponymous company, in a briefing for reporters in Canberra, Australia last week.

Stuxnet appears to have caused serious damage to Iranian nuclear systems in recent years, and various media reports have attributed its attacks to joint project by Israel and the United States. According to the reports, the Stuxnet worm attacked the controllers of centrifuges at the Iranian nuclear enrichment facility in Natanz holding back progress on Iran's nuclear program.

The malware is one of a family of such malware said to be used to spy on and attack Iran over the past few years, including such programs as Duqu, Flame, Red October and Gauss.

Kaspersky and his company have studied in depth these cases, which have brought into the limelight the possibility of international cyber warfare.

In his talk in front of Australia's National Press Club, Kaspersky outlined Stuxnet's main two purposes: To give operating instructions to the centrifuges' industrial control systems so they would spin out of control and damage the equipment, turning it inoperable; and at the same time the malware created a false set of data leading the Iranian supervisors to think the centrifuges were working properly.

It was already known that Stuxnet had infected computers in countries other than Iran, and Russia had warned over two years ago of the dangers inherent in the malware. In January 2011, the Russian ambassador to NATO demanded an investigation into the use of the Stuxnet worm and said it could cause a "new Chernobyl."

Kaspersky said he received the tip on the compromise of Russia's nuclear security from a worker at the nuclear facility, which is not connected in any way to the Internet. He said the malware crossed the air gap to the plant's computers on the USB device. "So unfortunately these people who were responsible for offensive technologies, they recognize cyber weapons as an opportunity," he said. Similar malware has traveled much farther in others situations, such as when a Russian cosmonaut unwittingly infected the computers on the International Space Station with such a virus once, said Kaspersky - but he did not provide details. It seems he was referring to a case that occurred in 2008, and which NASA reported the infection of a computer in the ISS.

"All data is stolen," Kaspersky told the journalists. "At least twice."

In a visit to Israel last year, Kaspersky made similar warnings - and even more dramatic ones. Speaking at a press conference at "The Cyber Warfare Conference: Challenges in the Global, Political, and Technological Arenas," organized by Tel Aviv University's Yuval Ne'eman Science, Technology, and Security Workshop, in June 2012, Kaspersky said that Flame was "just the beginning," adding, "I'm afraid that it will be the end of the world as we know it." He warned at the time that such malware could attack other countries and not just Iran. But at a similar press conference held this year, he toned down his message quite a bit and avoided making any apocalyptic forecasts.