The world’s most sophisticated malware worm, Stuxnet, has gone “rogue” and “badly infected” a Russian nuclear power plant, and the International Space Station.

This may sound like the plot to a new Terminator film, but it’s something that has actually happened.

Last week, IT security expert, Eugene Kaspersky, revealed at a press conferece in Canberra, Australia, that he had been “tipped-off” about the Stuxnet infection by a friend who works at the Russian nuclear plant.

Stuxnet is “an incredibly powerful computer worm” that was allegedly created by the United States and Israel to infiltrate and attack Iran’s computer systems, as i09 explains:

It initially spreads through Microsoft Windows and targets Siemens industrial control systems. It’s considered the first malware that both spies and subverts industrial systems. It’s even got a programmable logic controller rootkit for the automation of electromechanical processes.

Let that last point sink in for just a second. This thing, with a little bit of coaxing, can actually control the operation of machines and computers it infects.

Though Kaspersky did not say when the attacks occurred, it was “implied” that they took place in 2010, around the same time as the Iranian infection was reported.

Kaspersky did not reveal the extent of the damage, but he did say the Russian facility had been attacked several times, which is surprising, as “the public web cannot be accessed at either the nuclear plant or on the ISS [International Space Station] — [which] is a guarantee that systems will remain safe.”

The identity of the entity that released Stuxnet into the “wild” is still unknown (although media speculation insists it was developed by Israel and the United States), but those who think they can control a released virus are mistaken, Kaspersky warned. “What goes around comes around,” Kaspersky said. “Everything you do will boomerang.”

Stuxnet was first identified by researchers at anti-virus company Symantec in 2005, according to the Times of Israel:

Stuxnet, said Symantec, was the first virus known to attack national infrastructure projects, and according to the company, the groups behind Stuxnet were already seeking to compromise Iran’s nuclear program in 2007 — the year Iran’s Natanz nuclear facility, where much of the country’s uranium enrichment is taking place, went online.

Though it is unknown when Stuxnet began its “rogue” activities, it is believed the virus was introduced to the Russian nuclear plant and the ISS via a USB drive.

Now that the plague has been unleashed, said Kaspersky, no one is immune — and that includes its originators, who are no longer in control of it. “There are no borders” in cyberspace, and no one should be surprised at any reports of a virus attack, no matter how ostensibly secure the facility, he said.

Let’s just read that last bit again:

“Now that the plague has been unleashed, said Kaspersky, no one is immune — and that includes its originators, who are no longer in control of it..”

Pretty darn scary, hm?

And if all this wasn’t bad enough Stuxnet has been implicated as a “contributing factor to the Fukushima nuclear disaster.”

Below is the press conference where Eugene Kaspersky made his revelations about Stuxnet.
 

 
Via i09 and Times of Israel.