Stuxnet has infected a Russian nuclear plant and the space station [Updated]

Illustration for article titled Stuxnet has infected a Russian nuclear plant and the space station [Updated]

The problem with creating Stuxnet, the world's most sophisticated malware worm, is that it could eventually go rogue. Which is precisely what has happened. The US- and Israeli-built virus has spread to a Russian nuclear plant — and even the International Space Station.


Update (2013.11.13): I received this email today from Kaspersky Lab's Corporate Communications clarifying statements made:

On November 7, while talking with the press after his speech at the National Press Club of Australia, Eugene Kaspersky, illustrating how a network with no Internet connection might still get infected, mentioned an incident from 2008 in which computers on the International Space Station (ISS) were infected. That infection had nothing to do with the Stuxnet worm. The computers of the ISS were infected with a virus known as Gammima.AG, or Trojan-GameThief.Win32.Magania – as per Kaspersky Lab's classification. It is assumed that the virus got onboard the ISS via USB sticks or optical disks. Information about the incident was confirmed by NASA at the time and made publicly available, for example by the BBC and the Guardian. In its announcement in 2008 NASA stated that it was not the first time it had come across a virus on the space station.

Stuxnet is an incredibly powerful computer worm that was created by the United States and Israel to attack Iran's nuclear facilities. It initially spreads through Microsoft Windows and targets Siemens industrial control systems. It's considered the first malware that both spies and subverts industrial systems. It's even got a programmable logic controller rootkit for the automation of electromechanical processes.

Let that last point sink in for just a second. This thing, with a little bit of coaxing, can actually control the operation of machines and computers it infects.

For more on Stuxnet, I highly encourage you to watch this sobering TED talk by Ralph Lagner where he describes it as "a 21st century cyber weapon."

This thing is seriously badass, and now it's on the loose. Speaking to journalists in Canberra, Australia, last week, Eugene Kaspersky — the head of the anti-virus and cyber protection firm with the same name — was tipped off about the damage by a colleague who works at the Russian plant.


The Times of Israel reports:

Kaspersky did not say when the attacks took place, but implied that they occurred around the same time the Iranian infection was reported. He also did not comment on the impact of the infections on either the nuclear plant or the space station, but did say that the latter facility had been attacked several times.

The revelation came during a question-and-answer period after a presentation on cyber-security. The point, Kaspersky told reporters at Australia's National Press Club last week, was that not being connected to the Internet — the public web cannot be accessed at either the nuclear plant or on the ISS — is a guarantee that systems will remain safe. The identity of the entity that released Stuxnet into the "wild" is still unknown (although media speculation insists it was developed by Israel and the United States), but those who think they can control a released virus are mistaken, Kaspersky warned. "What goes around comes around," Kaspersky said. "Everything you do will boomerang." [emphasis added]


Yikes. Apparently, the virus spread to the International Space Station on a Stuxnet-infected USB stick that was transported by Russian cosmonauts.

Stuff like this worries the hell out of me, particularly when I think about the potential for weaponized AI — weak and narrow systems that will work outside of human comprehension and control. Not the kind of thing we'll want to have "boomeranging" on us.


Image: CSA.



Police have issued a "Wanted" notice for these two men, saying that they are known to have a history of uploading viruses to space vehicles.