Eugene Kaspersky, the Russian cybersleuth who last week revealed the most sophisticated virus yet targeting Iran, was greeted as a hero at the Tel Aviv University conference on digital security on Wednesday. He didn’t pretend not to know why, any more than the Israeli audience that played along with the coy remarks its officials have made about the country’s role in the digital espionage bedeviling the Iranian program.
But when the room quieted down, the guru got serious. Cyberweapons, Kaspersky advised, “are a very, very bad idea.” Whatever advanced knowledge allowed engineers to fashion the malicious software targeted at Iran’s nuclear program will, in short order, become known to other nations, he said, and next time could well be directed back at the originators — the very worry that President Obama reportedly voiced in approving the digital espionage in a joint program with Israel. “I’m afraid that in the future there will be other countries in this game,” Kaspersky said. “It’s only software. Maybe hacktivists will become cyberterrorists. And maybe the traditional terrorists will be in touch with the cyberterrorists.”
Kaspersky, who was introduced as one of the top four experts on cybersecurity in the world, pointed out that cyberweapons “can replicate,” as Stuxnet did — escaping the Iranian centrifuge machinery that was its sole intended target and infecting computers around the globe. Flame is even more complex, monitoring computers it has infected and even recording conversations; it appears to infect computers disguised as a legitimate Microsoft Windows update. The Russian said his concern is the vulnerability of civilian infrastructure that relies on computer operating systems like Microsoft Windows, which cannot be hardened against attack. The only way to secure systems that deliver water, electricity and the economy is through a newly designed OS with security at its core. And until that new system is developed, he said, any country that launches a digital attack is running a terrific risk. “There are a lot of software engineers in Israel, I know,” he said. “But I don’t think there are enough to do it in three or five years.” In the meantime, he said, “I’m afraid that that cyberboomerang may get back to you.”