Once a computer virus starts to spread, it's rather hard to stop. This is even true for Stuxnet, perhaps the most sophisticated computer worm ever designed, which was programmed specifically to target only Iranian nuclear facilities. But even Stuxnet spun out of control and now has allegedly reached a Russian nuclear power plant.
Eugene Kaspersky, a famous security expert and head of the eponymous antivirus firm, made this revelation at a talk in Australia last week. During this talk, he warned of the dangers of releasing powerful cyberweapons into the wild, where they can spread freely.
See also: How One Hacker's Mistake Fashioned the Internet You Use Today
Kaspersky referred to the Russian nuclear plant as a cautionary tale for the future: Targeted cyberattacks, like Stuxnet, can easily go awry.
"In cyberspace, everything you do it's a boomerang, it will get back to you," he said last week. (Watch his full remarks here.)
Even presumably secure systems, like those of the International Space Station, can be infected from time to time, Kaspersky said in his talk. The ISS routinely gets infected by viruses from infected USB sticks, he added.
It's important to note, however, that Kaspersky didn't allege the ISS was infected by Stuxnet, as other outlets have reported.
The security expert didn't provide many further details about either of the two examples. He only referred to testimonies from a friend working at a nuclear power plant and "Russian space guys."
"While there is no hard data to verify this information, the fact is that Stuxnet managed to infect many computer systems outside of its intended target and spread out of control (which led to its discovery)," Kaspersky Lab wrote to Mashable in a statement.
In both examples, the viruses spread via infected USB sticks, since neither the ISS nor the Russian nuclear plant were connected to the Internet, Kaspersky said.
Stuxnet, which has been labeled an "act of force," was allegedly designed in a joint effortby the United States and Israel as a cyberweapon against Iranian nuclear facilities. The virus was programmed to target the systems controlling the nuclear centrifuges, spinning them out of control.
But it then spread outside of Iran. By the end of September 2010, Stuxnet had infected more than 100,000 computer systems in approximately 30,000 organizations around the world, according to data from the Kaspersky Security Network.
Kaspersky has long advocated for caution in cyberspace and is a prominent supporter of the international regulation of cyberweapons. In his opinion, cyberweapons should be tightly controlled and treated like nuclear or biological ones.
Have something to add to this story? Share it in the comments.
Image: Photo by Sean Gallup/Getty Images