US & Israel computer virus threatens nuclear power plants worldwide

Eugene Kaspersky, founder of the global security and anti-virus computer software company, said today at a press conference that a friend told him an unnamed nuclear power plant in Russia has been infected by the Stuxnet virus.  This was supposedly developed to infiltrate Iran’s nuclear program, by the US and Israel.  See more about Stuxnet here.

From The Register:

The Kaspersky Lab founder claimed that a “friend” of his, working at the unnamed power plant, sent him a message that its internal network, which was disconnected from the internet, had been “badly infected by Stuxnet”.

He went on to describe a horrifying world where officials involved with the matter can be put in 3 categories:

  • People who are frightened
  • People who see it as opportunity
  • People who don’t care

But meanwhile, the threat has spread outside Russia, possibly to US and UK plants, as reported by V3:

Experts from FireEye and F-Secure told V3 the nature of Stuxnet means it is likely many power plants have fallen victim to the malware, when asked about comments made by security expert Eugene Kaspersky claiming at least one Russian nuclear plant has already been infected.

“[The member of staff told us] their nuclear plant network, which was disconnected from the internet […] was badly infected by Stuxnet,” Kaspersky said during a speech at Press Club 2013.

Stuxnet is sabotage-focused malware that was originally caught targeting Windows systems in Iranian nuclear facilities in 2010. The malware is believed to originally have been designed to target only the Iranian nuclear industry, but subsequently managed to spread itself in unforeseen ways.

F-Secure security analyst Sean Sullivan told V3 Stuxnet’s unpredictable nature means it has likely spread to other facilities outside of the plant mentioned by Kaspersky.

“It didn’t spread via the internet. It spread outside of its target due to a bug and so it started traveling via USB. Given the community targeted, I would not be surprised if other countries had nuclear plants with infected PCs,” he said.

“It’s highly likely that other plants globally are infected and will continue to be infected as it’s in the wild and we will see on a weekly basis businesses trying to figure out how to secure the risk of infected USB flash drives,” he said.

“When a PC is infected, the malware does many clever things, including not showing all the things that are on the USB so it’s impossible to know if the USB is to be trusted or not and, as we know, using AV signatures doesn’t solve some of these issues either.”

Critical infrastructure networks’ poor security and their use of outdated Windows XP and SCADA systems – industrial control software designed to monitor and control processes in power plants and factories – have been an ongoing concern for industry and governments.

Prior to Kaspersky’s claims, experts Bluecoat Systems and the Jericho forum argued at the London 2012 Cybergeddon conference that critical infrastructure providers opened themselves up to cyber attacks by prematurely moving key systems online.

The US Department of Defense (DoD) said the premature move online is doubly dangerous as Chinese hackers are skilled enough to mount Stuxnet-level cyber attacks on critical infrastructure.

The use of XP in power plants is set to become even more dangerous as Microsoft has confirmed it will officially cut support for the 12-year-old OS in less than a year. The lack of support means XP systems will no longer receive critical security updates from Microsoft.