
Chief Research Officer at F-Secure Mikko Hypponen expresses his viewpoint on the definition of cyber war and speaks about recent infamous cyber attacks.
There is a lot of talk around cyber war. And that definition is kind of murky, it’s better to make distinctions between cyber attacks, cyber espionage, cyber war.
Now, almost everything gets labeled cyber war. And that’s not really the right way to do it, because we eventually will end up seeing what I call – real cyber war.
Already when we today label things like denial of service attacks, or hacking into services as cyber war, what are we gonna call it then, when we see a real attack, when countries are at war and use armies to attack computer systems of another country?
We’ve seen certain examples that come close to it, but have never actually seen what you define as cyber war, which is one country’s cyber arsenal attacking another one’s.

There are obviously groups of people who’d like to make this sound as serious and as threatening as possible already. That’s lots of money at stake. Armies and defense forces around the world are researching cyber defense and most likely, we are guessing, cyber attacks. And the more threatening the situation looks like, the more money there is to be made by private sector working with development like that.

As to Stuxnet, there were comments that it wasn’t as advanced as it could have been because it didn’t try to antidebug, or use antidebug features against security programs. It wasn’t really encrypted very effectively, unlike much more complicated malware which we’ve seen before.
And I think that this was on purpose. What Stuxnet accomplished with this is that it didn’t look like malware, and most antivirus labs around the world detect most of the malware today with automation. And to automation, Stuxnet looked like some sort of installer, creating registry keys and dropping signed drivers. And through most automation systems, that would actually pass with fine colors and it didn’t get flagged. So if you look at it from that point of view, it was a success.
It wasn’t a wild spread, but it certainly spread, and it was a bit of failing of antivirus firms to not catch it sooner. It is embarrassing to us in the antivirus industry that it was spreading for so long before we actually found it.
Seems we might anticipate another Stuxnet forming, as sophisticated, with lot of money behind it. I wish it wouldn’t happen, but I think it will happen, we will see more attacks like this – maybe from the same source, maybe we will see copycats.

A lot of the stuff in critical infrastructure is hooked up to the public Internet or at least a PC, where one could inject a USB stick and infect it that way. It’s sometimes scary when you see how everything is running on computers, and in many cases running with off-the-shelf operating systems, Windows XP operating missiles. Windows NT which is 15 years old was in use at Deep Water Horizon – that’s the platform that exploded, which just makes you wonder…