The Moscow-based computer security firm Kaspersky Lab has analyzed major new kinds of malware, including Stuxnet, which four years ago was revealed to have damaged centrifuges in Iran’s uranium-enrichment facilities. That discovery of this malware, believed to have been created by American and Israeli agents, led to fears that such attacks would escalate, perhaps eventually leading to actual cyberwar (see “New Malware Brings Cyberwar One Step Closer,” “Old-Fashioned Control Systems Make U.S. Power Plants a Hacking Target,” and “Preparing for Cyberwar, Without a Map”).
But since then there have been no other attacks that have caused physical damage. David Talbot, chief correspondent of MIT Technology Review, sat down with Eugene Kaspersky, founder of Kaspersky Lab, to ask why, and get his views on the most serious cyber threats.
Has Kaspersky Lab discovered any new Stuxnet-like attacks?
Nothing like this. After that we saw attacks on institutions like Saudi Aramco, and South Korean financial services, but only on IT systems. In Russia there was an attack on their computer system which managed police speed cameras, shutting down the cameras, but not physical infrastructure damage. Technically it is possible to do, so I’m afraid it is a question of time. Just as with when we talked about possible malware for smartphones several years ago, it was a question of time, and now it is here.
What was the cyberwar component of the Russia-Ukraine dispute?
There were attacks on banks, media, political opponents. But I don’t believe the governments are involved. I think they are hacktivists—criminal patriots. It looks like kids playing with their botnets. I believe that if government is involved, it could lead to more serious damage, like an Internet blackout. But it was like a little noise. I don’t know why it wasn’t worse. It was far from being the worst-case scenario.
What are the leading computer security threats today? What about the “Internet of things”?
The first is that cybercriminals and espionage efforts are moving to the mobile arena more and more. The second is traditional criminal gangs infecting computer systems to support existing businesses, like hacking computers to report wrong data about the amount of coal loaded to trains. Report more than was physically loaded, and taking the coal. But overall, cybercriminals are still happy with Windows and Android. And if they recognize there is not enough work, they can easily infect Mac, Linux, BlackBerry, and others.
If it runs on Android, malware can get on there by mistake. But the criminals are looking at not every device, but the most profitable devices or the ones that can help with traditional crime. Are there spies interested in the temperature of your house or the data in your fridge? Not really. But if your fridge is part of an Internet and you make online transactions to the supermarket with a credit card reader on the fridge, yes, why not?
A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?
Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.
A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate
Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.
10 Breakthrough Technologies 2023
These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway
Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.