The complex Stuxnet worm, which some allege was designed by US and Israeli government agents to cripple Iranian nuclear technology, could be re-engineered at far less expense by civilian hackers to inflict more general damage, says anti-malware company founder Eugene Kaspersky.
"According to information [gleaned] from the code, we understand this is high-end malware," Kaspersky says "To develop such malware needs a million dollar budget. I'm afraid it's quite obvious that this malware is not done by ordinary cyber-criminals."
"Media sources [also] allege this was done by governments, by secret services in the US and Israel. It looks like that," he says, but he can't say for certain. "The secret services don't report to us."
Stuxnet used a specific set of software vulnerabilities, which have now been repaired. But this would not stop an adaptation of the malware being used, he says. "It's quite easy to disassemble the code to discover how it works, to extract the components and to redesign the same idea in a different way. I'm afraid this is just the beginning of a new era; the era of cyber-wars and cyber-sabotage."
Kaspersky spoke with Computerworld from Melbourne last week, where he was attending the Australian Grand Prix. Kaspersky sponsors the Ferrari Formula 1 motor racing team. The cars bear its logo and it has released a version of its anti-malware products with Ferrari's characteristic red in the marketing livery and a digital racing simulator bundled in.
"Customers will enjoy high level security, which is almost invisible, running in the background, and at the same time they can drive the virtual Formula 1 car on the virtual track," Kaspersky says.
Ferrari uses Kaspersky products in its corporate operation, Eugene Kaspersky says, and the company is pitching software to the Ferrari engineers to guard against potential malware in embedded control gear.
Ferrari's business "is not just about cars," Kaspersky says "There are more and more devices - cars, machines, planes - that have computers managing all their systems. The security problems are getting more and more important because a proportion of those systems are not secure enough. There are reports about security issues in a non-computer environment which are serious and are caused by malware."
Some experts suggest widespread power failures on the East Coast of the US in 2003 were an indirect consequence of computer malware, Kaspersky says. The main report on the incident saw other causes, "but an alternative report says the blackout was caused by computer malfunction in the power grid management centre. They ran Unix machines but those stopped operations because they were affected by heavy data traffic generated by Microsoft Windows systems that had been infected by the Blaster worm.
Kaspersky also refers to an air crash in Spain in 2008 which left more than 150 dead.
"Last August [experts] said the plane crashed because of technical problems. But the problems were not found by on-ground inspection because the systems [diagnosing] the plane's condition were connected to infected computers, so the engineers didn't have a report about the technical problems. The malware wasn't a direct cause of the catastrophe, but it wouldn't have happened without it."