Mikko Hypponen on Cyber Warfare 4: Challenges of the Cyber Arms Race

This part encompasses Mikko Hypponen’s thoughts on why sophisticated viruses like Stuxnet and Flame are so hard to detect using the regular security technology.

If you look at Miniflame which was found recently, one of the files actually contains country information, which tells us in which country that file was created, and the country information belongs to Australia, and AC/DC is from Australia. Maybe we can’t jump into any conclusions here; maybe they are all mind games, maybe there’s smoke and mirrors in play here. But it’s quite clear that we’ve entered a new era of cyber arms race, and it’s only going to get more and more active.

Iran is one of the key locations; for example, Iranians themselves have been very active in using technology to monitor their own people and find dissidents and revolutionary people inside Iran.

Computer automation running critical infrastructure

Computer automation running critical infrastructure

But the critical infrastructure as a whole is what’s at stake here, because over the last decade or two we have completely switched to computer automation to run our factories, and this does make us vulnerable. In fact, the United States, which is arguably one of the most active attacking partners right now, is actually the one with most to lose. They are much more dependent on computers than any other country probably anywhere in the world.

And there is possible retaliation. The largest company in the world, Saudi Aramco, company which is about twice the size of Apple in wealth, was attacked 6 weeks ago. They were attacked with an attack which wiped 30,000 computers, around 75% of their computers were wiped overnight, wiped with an attack that was overwriting all the files with an image, and the image was a burning flag of the United States. And if you read New York Times, there’ve been two articles that put the blame directly on Iran. We can’t prove that, but at least it’s being claimed, a sort of retaliation.

The whole antivirus industry missed all of these attacks, which is embarrassing.

These attacks are very hard to defend against. Defending against Stuxnet, or Flame, or Duqu, or any of these is almost like a nightmare. We missed Stuxnet. We missed Flame. We missed them all for a year; some of them we missed for two years, which is really embarrassing. We are supposed to build security products which detect malware, and we didn’t. And it wasn’t just us, it was the whole antivirus industry; we all missed all of it, which is embarrassing.

Street robber – a real-world counterpart of a banking or ransom Trojan

Street robber – a real-world counterpart of a banking or ransom Trojan

I’ve been asked many times about it: “How could that happen? Why didn’t you detect them?” And the way I explain it is that if you look at the attackers and try to find a comparison from the real world – well, here is an attacker, street robber from somewhere in South America, stopping cars by gunpoint, stealing the wallets of the passengers (see image); and his cyber equivalent would be a banking Trojan, or a ransom Trojan, or a botnet, run by somebody who tries to make money with malware. This person doesn’t really care who he stops as long as he gets the money. So everybody’s a target.

Banking Trojans and credit card stealing keyloggers – they don’t really care whose credit card they steal. It could be a UK credit card, or a German credit card, or Italian, it doesn’t actually matter as long as they get the credit card. Everybody and anybody is the target. And we can protect against him. We can protect against the everyday threats, the criminal threats. This is doable. However, Stuxnet and Flame did not look like this guy.

Stuxnet and Flame appear to be really 'James Bond-ish'

Stuxnet and Flame appear to be really ‘James Bond-ish’

Stuxnet and Flame looked like this guy (see image), the guy with the latest and greatest technology and gadgets, with unlimited budget, with the best possible training, with unlimited resources. And if James Bond wants to kill you, James Bond will kill you. It doesn’t matter if you run and hide; he will find you and he will kill you. It doesn’t matter if you have a helmet and a bulletproof vest, he will kill you anyway. And that’s how hard it is to defend against government-funded organized attacks with unlimited resources and unlimited budgets. It’s very hard. We’re not giving up either; I’m not saying that, I’m just saying it’s very hard. And, most importantly, while we might not yet have entered the era of cyber war, at the very least we have entered the era of cyber arms race. Thank you very much!

Read previous: Mikko Hypponen on Cyber Warfare 3: Stuxnet as an Offensive Attack Weapon

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

6 + 7 =

Comment via Facebook: