Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Says Cyber Weapons "Cleaner" Than Traditional Weapons But "Much Worse"

Posted by samzenpus on from the give-me-email-or-give-me-death dept.

DavidGilbert99 writes "Eugene Kaspersky and Mikko Hypponen have been watching the cyber security world every since happy hackers were writing viruses for nothing more than their own entertainment. Today however things are very much different. At the DLD 2013 conference, the pair debated the current state of cyber warfare and cyber weapons. Kaspersky said that while cyber weapons may be much 'cleaner' than traditional missiles, guns and bombs, they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss. Hypponen said that we are in the 'first stages of a cyber-arms race' warning: 'I think we've only seen the very beginning of these problems.'"

89 comments

  1. not worse by rubycodez · · Score: 4, Interesting

    defacing websites? taking down SCADA systems of those stupid enough to internet connect them? who has died as direct result of cyber crime?

    1. Re:not worse by coldsalmon · · Score: 4, Funny

      Most people would rather die than lose the ability to watch cat videos on YouTube.

    2. Re:not worse by Anonymous Coward · · Score: 0

      who has died as direct result of cyber crime?

      Aaron Swartz?

      Many people can and will die when a nuclear power plant is hacked, or a power plant that services hospitals/hospices/nursing homes, traffic lights, etc, or a prison opens it's doors, and who knows what else.

      You want clean? You want effective? Shark, laser, space: it's the only way to be sure

    3. Re:not worse by oodaloop · · Score: 1

      How about destroying our power network? We discovered in 2009 that China has been infiltrating our power grid and emplacing logic bombs. They could shut down our power, meaning wrecking the generators themselves. We could replace them of course, except that China makes them.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    4. Re:not worse by click2005 · · Score: 1

      In that case you need a really really secure password for your internet-connected critical systems. I Suggest "Kaboom".

      --
      I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
    5. Re:not worse by Elbereth · · Score: 5, Insightful

      It's not just Internet-connected infrastructure. In many cases, people took the proper precautionary steps, but weren't actively paranoid. To protect your infrastructure today, you really do need to be paranoid. People bring in gadgets infected with malware, plug the malware-infected gadget into a PC, and the PC infects every system on the network. OK, so you ban people from bringing in gadgets, and now you remove all secretarial PCs from the main network. Maybe you even disable every USB port and force people to use PS/2 keyboards and mice. Well, the next infection comes in from a contractor who installs software directly from the manufacturer. If the hackers know that you use Flash and/or Java in your company's intranet, it's not inconceivable that they manage to infect Flash or Java. I mean, we're talking about nation states here. They can do whatever the fuck they want, and money is not much of an issue.

      Somewhere along the line, people with resources a hundred times greater than yours will come up with a line of attack that you didn't defend against. And if you protect against everything obvious, who knows what the crazy fuckers will do? If I were on the Iranian nuclear power commission, I'd probably give the Americans and Israelis a semi-obvious backdoor to my network, just so that they don't send in black ops teams. I'm not saying that I think the Americans and Israelis would be so stupid, but, then again, these people probably grew up watching James Bond movies. They probably think that shit is exciting.

    6. Re:not worse by nurbles · · Score: 1

      SCADA systems don't need to be on the internet to get infected. I thought I read that Stuxnet got in via USB drive. If a SCADA system's software is EVER updated/enhanced and/or there is any way to load new software to it, then it can be infected. The infection may require a human agent to infiltrate a facility and physically access a machine, but if there's a network then that only needs to be done once.

    7. Re:not worse by Zeromous · · Score: 1

      This is utter nonsense. Not the risks, just your rather specific description of the problem.

      --
      ---Up Up Down Down Left Right Left Right B A START
    8. Re:not worse by Dyinobal · · Score: 1

      I think you watch too much Alex Jones Man.

    9. Re:not worse by rubycodez · · Score: 1

      true, but I was just giving specific examples. but again, who has died thus far? wouldn't "the terrorists" have done it if it were possible. reality is you cause inconvenience by messing with SCADA systems, the engineers already put in other safegaurds to any halfway well designed system. for example, "hack" a nuclear power plants systems (or even manually manipulate the controls in the control room) and the very worst you can do is trip the plant offline and piss of the stockholders for downtimes. that's alll you can do.

    10. Re:not worse by rubycodez · · Score: 1

      nonsense, the very worst you can do "hacking" a nuclear power plant is trip the reactor offline. that's even the worst that can happen if terrorists take over the contorl room. why? because their are safety systems OUTSIDE the realm of computer controlled systems that are mandated. sorry about your TV and Hollywood fueled fantasies, but having been engineer in the field reality is you cause inconvenience and that's all.

    11. Re:not worse by rubycodez · · Score: 1

      false, china did not make the generators, U.S. and Japanese companies did

    12. Re:not worse by Anonymous Coward · · Score: 0

      There is such a thing as being too paranoid.

      If you put in so much effort into computer security that conventional attacks become easier, you are putting in too much effort. In the case of Iran, the relevant conventional attacks for comparison are the insertion of a saboteur into a trusted position in the organization, or a military raid. Most companies only have to worry about the first. In general, if you're worried about someone inserting a backdoor into Flash or Java, that is a more difficult method than getting a spy in there.

    13. Re:not worse by oodaloop · · Score: 1

      They may have been made in the U.S. and Japan in the past, but if you wanted to buy one now (which I think is the relevant question), they are primarily made in China and also India. I read this in Cyber War by Richard Clarke, and also in America the Vulnerable by Joel Brenner. If you have a source that they are made in the U.S. and/or Japan today, please post it.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    14. Re:not worse by Anonymous Coward · · Score: 0

      If we are talking about nation states, the PS/2 solution is not enough. Tapping to the ground lines of the building is enough to get deduce passwords from those keyboards. Some kind of hardware level USB filtering would be a better solution.

      , I'd probably give the Americans and Israelis a semi-obvious backdoor to my network, just so that they don't send in black ops teams.

      If this is how far the things are going, everything goes after that. People should be able to exterminate their government officials (mark the distinction) just to prevent the crazy from spreading and infecting the children - young and old, oh the horror.

    15. Re:not worse by oodaloop · · Score: 1

      http://www.telegraph.co.uk/news/worldnews/asia/china/5126584/China-and-Russia-hack-into-US-power-grid.html

      You were saying?

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    16. Re:not worse by oodaloop · · Score: 1

      I don't think you read enough news.

      http://www.telegraph.co.uk/news/worldnews/asia/china/5126584/China-and-Russia-hack-into-US-power-grid.html

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    17. Re:not worse by AlphaWolf_HK · · Score: 1

      I just use the tried and true password 12345 on my luggage.

      --
      Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
    18. Re:not worse by rubycodez · · Score: 1

      companies such as siemens have plants in India and China, sure, but look where else they have plants to make generators and turbines, etc. USA, Europe, south america...

    19. Re:not worse by Anonymous Coward · · Score: 0

      yup, this organization just lost credibility with me.

      the absurdity of that statement.

      compared to the pain and anguish of war and weapons in what they can do to human flesh and mind--comparing that to losing power and water or a homepage for a few weeks. just silly.

    20. Re:not worse by headcase88-2 · · Score: 1

      Such a system demands the highest possible complexity. Go with "Kaboom1".

    21. Re:not worse by Zeromous · · Score: 1

      You accused them of planting logic bombs. The article claims they've been mapping our power grids.

      You can bet the US has mapped their power grids to the best of their abilities to do so. Is this an example of American global pre-eminence or are you just going to admit that you are talking out of your ass, citing a Telegraph article which is also talking out of its ass?

      --
      ---Up Up Down Down Left Right Left Right B A START
    22. Re:not worse by oodaloop · · Score: 1

      The subtitle of that article said it, but for some reason they left it out of the body. Here's a better article.

      http://online.wsj.com/article/SB123914805204099085.html

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    23. Re:not worse by Zeromous · · Score: 1

      The WSJ, the bastion of journalistic integrity. At least this article succeeded in rousing simpletons to arms with FUD- just as it had intended.

      There is not one iota of fact in here, the only fact being the number of weasel words, such as "could", "might", "in the event of", and other further unlikely prognostications based on a simplistic understanding of command and control infrastructure, how it is connected to the Internet, and just how interested some parties (aka frenemies) are in subverting it.

      --
      ---Up Up Down Down Left Right Left Right B A START
    24. Re:not worse by Anonymous Coward · · Score: 0

      If you can hack a SCADA system it is easy enough to kill someone. The SCADA system is connected to devices that control big stuff; big stuff that can easily kill people. Now there are several layers of protection to stop that happening, and it would be bloody hard work. And for what purpose? Money? Nope. Terrorism? It's very sophisticated, with probably low terror impact. War? Ahhh.

      See this is where it is a bit more interesting. Imagine you had the funding and minds of the US military at your disposal. Imagine a sophisticated wide-spread infestation of say; a nations power grid. Or how about their water pumping stations? Steel works? Coal mines? Imagine you do a stutnex on all this stuff at once (real machine smashing fun). I wonder what that would do to an economy? Seems a lot easier than trying to send military stuff in there to blow it up. A lot more deniable too.

    25. Re:not worse by rubycodez · · Score: 1

      lose of water wouldn't happen for that long. my cousin used to work in the water works in large midwestern city, that shit can run with or without computers. in the suburb where I grew up, they still have the switches for the water work's pumps roped off, because they're fucking knife switches from the 1930s and you can electrocute yourself to death by touching the contacts. you can really hack those with your scada rootkit, NOT!

    26. Re:not worse by darkfeline · · Score: 1

      I'd imagine. If you asked me, just a random person, to design nuclear plant failsafes, the first thing I would say would be to install a hard mechanical failsafe where if temperatures exceed a certain point, all control rods plus emergency control rod/lead reaction shield are dropped automatically. No computers, no electricity, nothing, if the temperatures hit that point, the plant is shutting down.

    27. Re:not worse by Eskarel · · Score: 1

      Who needs to insert a backdoor into Java? Isn't Java just one gigantic back door these days straight from Oracle?

  2. Depends on the size of the gun by davidwr · · Score: 1

    Excluding still-hypothetical malware which takes control of hardware that can decimate the human population or does something that causes a human to do the same, about the worst that malware can do is maybe knock a few planes out of the sky, disable a few cities' water supplies, etc. until we decide we no longer trust technology. At that point we'll be back to the 1950s, at worst.

    We've had enough bombs to send the human race back to the per-industrial age if not to extinction for over 40 years now.

    So, yeah, in practical terms of "arms" available to the average bad guy who has money, software may be a lot more damaging, but at its limit the current state of the art in bomb-type weapons is far worse than "malware"-type weapons: If China or Russia and the United States decide to nuke each other and take the world with it, bend over and kiss your rear end good-bye.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:Depends on the size of the gun by mlts · · Score: 1

      I'd say we end up back at the 1980s or early 1990s where companies had internal networks and did NOT connect them to the Internet. In fact, a lot didn't use IP, so bridging them would be difficult (doable, but hard).

    2. Re:Depends on the size of the gun by nurbles · · Score: 1

      Sounds too much like the recent Battelstar Glactica reboot to me...

    3. Re:Depends on the size of the gun by Runaway1956 · · Score: 1

      Those were pretty much my thoughts. Kaspersky and company simply take themselves to seriously. I'd be upset if computers stopped working tomorrow, but I'd get over it. Withdrawal pains would only last several days, or a few weeks.

      Now, bombs are a whole different story. Most people don't get over it. And, arguably, the ones who die are the lucky ones.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    4. Re:Depends on the size of the gun by cellocgw · · Score: 1

      I'd be upset if computers stopped working tomorrow, but I'd get over it. Withdrawal pains would only last several days, or a few weeks.

      Methinks you have no idea whatsoever what computers do in our world. I'm not sure whether to start the list with the ones that keep our cars and highways operational, or the ones which currently hold all your money (unless you actually are one of those "gold bar in the mattress" folks).

      --
      https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
    5. Re:Depends on the size of the gun by Runaway1956 · · Score: 1

      We can adapt. People can learn to count change again, instead of relying on computers. People can learn to write and take notes again, to mail letters. Banks can just go to all the trouble of sorting out our finances, manually, again. Everything that is done by computer today, was done manually as recently as twenty years ago. People might bitch. Businesses might bitch. The government might bitch. But, we could, and we would, sort it all out.

      Computers are cool, I like them. People are stupid, and rely on computers to much.

      BTW - my workplace uses computers too, but I'm 99.99999% certain that they are insulated from this threatened digital doomsday. And, if I'm wrong - well, we'll relearn how to do stuff like it was done a mere seven years ago, in our plant. Only seven years ago, did we start the turnover from ancient dinosaur era plastic intrusion machines to the computerized models we run today. We still have the technicians who made production on the dinosaur machines. We still have some of the same maintenance people. Management has seen an 80% turnover since then, but we don't NEED no steenking management to produce. The only purpose they serve, is to get new contracts.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    6. Re:Depends on the size of the gun by TheLink · · Score: 2

      Kaspersky are being completely ridiculous if they think the current cyberweapons are much worse than nukes. With nukes we can knock out computers with EMP, even if they are not connected to any network at all. Don't even have to be close enough to vaporize stuff. We can wipe out most major cities in the world with our existing nukes.

      Cyberweapons aren't going to stop all or even most of our computers from working. As for the computers that hold our money, the bankers and their friends have probably lost more money than any malware or hacking will. Most banks have backups of data too, and there's usually some sort of checking to ensure that banks don't create or destroy money without authorization.

      --
    7. Re:Depends on the size of the gun by cavreader · · Score: 1

      Contrary to popular belief a lot of the critical computing infrastructure is not connected to the Internet. For example if you want to infiltrate one of the major oil and gas pipelines control systems will require some physical access to the system and physically infiltrating even a slightly guarded computing facility is not for the faint hearted. Even the Stuxnet virus required physical access to a USB port on the physical network and infiltrating a nations nuclear research facilities can be a bit tricky. The biggest risk to military and critical civilian infrastructure computer systems is electromagnetic shielding protection and reliable backups. The US military has been busy testing a missile capable of over flying a city or facility and releasing a EMP like effect to take down any system not sufficiently shielded. There has always been the threat of detonating a nuclear device high in the atmosphere to generate the same effect but the drawback is someone noticing an ICBM launch and retaliating with no intention of detonating the warhead in the atmosphere.

    8. Re:Depends on the size of the gun by Anonymous Coward · · Score: 0

      AFAIK, it wouldn't take much do do an EMP effect. Wouldn't even need an ICBM to deliver the presents, just a low-flying drone that could be launched from a couple hundred miles away, follow a random path, then head to a large city.

    9. Re:Depends on the size of the gun by Zorpheus · · Score: 2

      That is why you shouldn't connect everything to the internet. My car doesn't need automatic software updates. The navigation and sound system need data connections, but they don't need a data connection to the engine controller.

    10. Re:Depends on the size of the gun by Synerg1y · · Score: 1

      Or... we could you know... secure the infrastructure systems, implement cyber security teams on a city wide level, lock down access to where you can't run executables off a flash drive, and obscure the details of the system... wouldn't stop 100% of attempts, but it'd be leagues better than we're doing right now.

    11. Re:Depends on the size of the gun by Gumbercules!! · · Score: 1

      We can adapt? You'd have a hard time adapting without water, sewage, electricity or food in the shops (or money to buy them). A damn hard time (and this is what he's saying would be effected - and in the event of a very successful "cyber strike" these services could definitely be effected significantly, if not completely). Sure some people would adapt but it would be very, very hard landing. A few days without water or food and society breaks down very, very fast.

      None the less, to say cyber warfare is worse than real warfare is a totally ridiculous statement. I'd much rather have to go back to subsistence farming as a society than get nuked.

    12. Re:Depends on the size of the gun by DarwinSurvivor · · Score: 1

      Or loaded in the back of a white van.

  3. Worse... by Anonymous Coward · · Score: 0

    Yes much worse...

    Corporations have insurance against physical attacks but cyber attacks cost them money.

  4. Scare Headlines Sell Products by BoRegardless · · Score: 5, Insightful

    I am not surprised by Kapersky saying what he does.

    If you don't want your automation system attacked, then keep it off line and what is off line monitored and limited so it can't be accessed improperly and then treat your crew right...with supervision.

    Life is not easy.

    1. Re:Scare Headlines Sell Products by phantomfive · · Score: 1

      His company is developing a secure OS specifically designed to deal with the problem he is talking about. He definitely has a real interest in getting people as scared of 'cyber weapons' as possible.

      Also, saying "cyber weapons can be used by anyone with some proficiency" is misleading. Sure, any script kiddy can send a virus to their friend, but there aren't many people who can figure out how to get Stuxnet on their enemy's SCADA system.

      If anyone is interested, as far as I can tell, the primary security feature of his OS will be to have a white list of all files allowed, which will be verified every time the system boots (or whenever).

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Scare Headlines Sell Products by Jessified · · Score: 1

      No kidding. Why doesn't Kaspersky tell the mothers of the couple hundred kids killed by drone strikes that cyber "weapons" are worse?

    3. Re:Scare Headlines Sell Products by melikamp · · Score: 1

      I am not surprised by Kapersky saying what he does.

      Nor am I. After all, Kapersky should know all about the dangers of professionally written malware, since how he's been producing and distributing it for many years. How else can I characterize a closed-sourced package resistant to any kind of audit that claims to be an "antivirus" and gobbles up the resources to perform tasks on Kapersky's behalf?

    4. Re:Scare Headlines Sell Products by babybird · · Score: 1

      Because drones are just one of many human interfaces to cyber-weapons? What happens when one of those is hacked? Especially when the difference between one and a hundred is how many hosts you connect to. Far-fetched definitely, but a drone is almost by definition a hackable weapon system.

      --
      Keith D.
    5. Re:Scare Headlines Sell Products by Jessified · · Score: 1

      Fair enough. But what would the hackers do? Use them with reckless disregard for the safety of civilians? Oh wait.

      The only reason we would care is if the hackers used them on white people as the US has been using them on brown people.

    6. Re:Scare Headlines Sell Products by babybird · · Score: 1

      The U.S. so far has been using them in conflict with terrorists. Hackers/terrorists would be using them for crime or terrorism.

      I know the arguments-- why is it different when the government does it? Why is it OK for the government to do it? Why is it OK that they're killing civilians? Women? Kids? And so on, ad infinitum.

      The difference is that they're (currently) being used in a "war" against a non-nation state. There are civilian and innocent casualties in all conflicts, but the casualties so far have been less than in more conventional warfare. Never before have we been able to target specific individuals in a conflict except on the most limited scale (i.e. Saddam or Usama). I think it's important not to lose sight of that fact, just as it's important to continue to try to reduce civilian/innocent casualties either with or without drones, and to avoid conflict where possible in the first place. The government using them for legitimate (as far as governments attacking people is legitimate) purposes is apples to oranges compared to hackers potentially using them for whatever they would use them for.

      I see where you're coming from, but it's not entirely valid. And it has nothing to do with skin color, race, religion, nationality etc., it has to do with the actions undertaken by the targeted individuals.

      --
      Keith D.
    7. Re:Scare Headlines Sell Products by Jessified · · Score: 1

      You're making valid points and I was with you until you said it has nothing to do with race or religion. The you lost me.

      If it were white Christian or jewish civilians it would be so different. You have to be so naive or dishonest not to see that.

    8. Re:Scare Headlines Sell Products by babybird · · Score: 1

      You're absolutely right that it would be different if they were white Christian or Jewish, I don't deny that. What I do deny though is that the attacks themselves are because they're brown. They're only less objectionable because they're brown. Welcome to racist America. :/

      --
      Keith D.
  5. Re:Just like the old 80s RPG "Rifts" by Anonymous Coward · · Score: 0

    I'm a Golden Boy!

  6. This word 'worse'.. by jythie · · Score: 1

    I do not think it means what you think it means....

    Well, I guess it comes down to what criteria one means when one says 'worse'. In terms of ease of access or ability to defend against it might be 'worse'.. but worse in the same way that, say, pigeon crap is worse. Sure it might be everywhere and you can't do much about its absolute existence, but you can do a LOT against it actually doing harm.

    One can not do much to 'defend' against cyber weapons on the whole, but one can do a lot to mitigate the impact of actual harmful attacks. Ok, attacks like Stuxnet are non-trivial to defend against, but even these sophisticated attacks did minimal actual damage, all they really did was mess up people's schedules. So the worst of the worst were still weapons of inconvenience and even in those cases there are things the defenders could do to stop future attacks.

    1. Re:This word 'worse'.. by dkleinsc · · Score: 1

      I think he means "potentially bad for him". I mean, if some bad guys over in Afghanistan have AK-47s or IEDs, sure some soldiers are going to get wounded or killed, but Kaspersky will be sitting quite comfortably at home. But if a cyberweapon hits a company that happens to be one of his major stock holdings, that could severely hamper production for a couple of days, lowering the stock price and costing Kaspersky significant amounts of cash.

      Same story with the many many people who think that the US, the UK, and France having more than enough nukes to blow up the planet is just fantastic, but the USSR, China, or North Korea having the same ability is a serious problem.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    2. Re:This word 'worse'.. by jythie · · Score: 1

      Sounds about right.

      On the other end, there is the idea that poverty kills and thus things that cause mass economic damager really do hurt people and cause shortened lifespans.. but I have yet to hear of any cyber attack that even begins to approach that and, if we were going to use that metric, the people who create AI systems for stock trading would be in far more legal trouble then even the worst cyber criminals.

  7. Re:Just like the old 80s RPG "Rifts" by Anonymous Coward · · Score: 0

    Living on a planet affected by Kessler Syndrome (http://en.wikipedia.org/wiki/Kessler_syndrome) would suck for a number of reasons.

  8. Cyber Weapons? by ArcadeMan · · Score: 0

    You mean those things that can attack Windows systems?

    STOP USING MICROSOFT PRODUCTS!

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:Cyber Weapons? by mjwalshe · · Score: 1

      Bit difficult to abandon the use of SCADA and PLC type systems though

  9. Re:Just like the old 80s RPG "Rifts" by Intrepid+imaginaut · · Score: 1

    Either that or it would be awesome.

    I'm keeping an eye on that!

  10. CEO: the world desperately needs my products by Anonymous Coward · · Score: 1

    OMG folks, the scenarios are far more dangerous than those involving nuclear and biological weapons!

    Hoo-kay Mr Kaspersky.

  11. Professional malware by moonwatcher2001 · · Score: 1

    About twenty years ago people were writing malware mostly because they could. I was working on a well known (at the time) product and one day someone joked that we write a virus that targeted our main competitor's product. This led to a serious discussion of what could happen if a team like ours of about 25 experienced professional programmers started writing viruses. It was not a pretty picture.

    We now live in this world with Stuxnet/Flame/etc. It is even scarier now than it was tthen.

    1. Re:Professional malware by Anonymous Coward · · Score: 0

      About twenty years ago ... This led to a serious discussion of what could happen if a team like ours of about 25 experienced professional programmers started writing viruses.

      And had you patented this idea of yours we'd be able to use the courts and DMCA to stop these bastards! Way to drop the ball, MoonWatcher.

  12. Where are we on the gunpowder scale? by paiute · · Score: 4, Interesting

    In meatspace war, the object was always to damage flesh. We first had blunt objects (stones, clubs) which gave way to sharp piercing weapons (spears, arrows) which gave way to propelled metal (flintlocks, rifles) which gave way to blast waves and shrapnel (shells, bombs) which evolved into directable versions (cruise missiles, armed drones). The next step is probably autocontrolled weapons v1.0, iRobots which scurry through the battlefield and club the enemy or some such.

    I wonder where we are on that scale with weaponizable viruses. Are Stuxnet and its peers the equivalent of Predator drones or will we look back decades from now and think that they were the crude matchlock blunderbusses of their day?

    --
    If Slashdot were chemistry it would look like this:Cadaverine
    1. Re:Where are we on the gunpowder scale? by Anonymous Coward · · Score: 0

      Silly kids. What good are your meat and computer weapons, when all you attack, is what my mind weapons tell you to attack?
      If I can decide what you perceive, I can decide what you want, and hence what you do.

      Social Engineering... not the silly malware kind... the advanced political neural mass-programming kind... rules the world.
      And I make damn sure I rule it.

    2. Re:Where are we on the gunpowder scale? by ducomputergeek · · Score: 1

      Wait, wait, I've seen this one. It always starts with Arnold always been sent back in time right?

      --
      "The problem with socialism is eventually you run out of other people's money" - Thatcher.
    3. Re:Where are we on the gunpowder scale? by Anonymous Coward · · Score: 0

      I wonder where we are on that scale with weaponizable viruses

      The words sound rather menacing but you are just talking about software. And software has a limitation: if you don't run it, then... it doesn't do anything. Setting up a system to not run stuff by default, and allow only validated processes to run is not that hard, look at the success of iOS/Android. The problem is most of the world is running on toy OSes, where security is an afterthought 30 years after they were designed.

      There are better OSes with better security policies, but then, they are no fun, and probably cost more. Now the cost of patching is still lower than the cost of making stuff properly at the first try. Whenever the patching cost rises, you will see proper OSes and software being developed. Think of javascript/java: they weren't designed with security in mind (oh yeah, let's interpret everything in a virtual machine, that must be safe!) and now we have decades of patching and modifications to improve the crap security they started with.

      Until the costs change, yeah, weaponizable viruses, skynet, and whatever you want to have nightmares, told by the same people who benefit from fear.

  13. Just about anyone. by Anonymous Coward · · Score: 3, Insightful

    they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss.

    Um, nation-states are not "just about anyone". They actually tend to be the same people who have all those "dirty" traditional weapons too. Sure, in theory some rogue basement dweller could launch a massive cyber attack just before his mother calls him up for dinner, but in general such attacks build on information gathered by intelligence services and the State Department (you need to know what you are targeting to do it efficiently).

    The fact that such dire warnings come from someone who just happens to profit from the existence and above all fear of malware makes it a little hard for me to take it as seriously as he apparently does.

    Incidentally, if some basement dweller on the other side of the planet really does pose a threat to your national security, you need to fire the clowns who set up your IT infrastructure and hire some people who actually know wtf they are doing. Stay on top of exploits, keep your software and patchsets up-to-date, plug the holes in your firewalls, don't do stupid things like plaintext storage of passwords anywhere, force the use of keys where possible, etc... you know, all the basic stuff that gets discussed whenever security comes up. Most successful attacks that make the news are not examples of very clever attackers but rather abysmally unaware defenders.

    Maybe I don't know what I'm talking about, but from here it looks like someone complaining that they're car might get stolen because they keep leaving it running with the doors open in a busy part of town with no police or cameras. "Omg auto theft is likely to go up and people will be run over by inexperienced/drunk/high drivers who shouldn't be behind the wheel, we must do something!" Yeah, park it in a better spot, turn of the engine, take the keys out of the ignition, lock the door, and come back to check on it at least once a day. Derp.

    1. Re:Just about anyone. by elucido · · Score: 1

      they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss.

      Um, nation-states are not "just about anyone". They actually tend to be the same people who have all those "dirty" traditional weapons too. Sure, in theory some rogue basement dweller could launch a massive cyber attack just before his mother calls him up for dinner, but in general such attacks build on information gathered by intelligence services and the State Department (you need to know what you are targeting to do it efficiently).

      The fact that such dire warnings come from someone who just happens to profit from the existence and above all fear of malware makes it a little hard for me to take it as seriously as he apparently does.

      Incidentally, if some basement dweller on the other side of the planet really does pose a threat to your national security, you need to fire the clowns who set up your IT infrastructure and hire some people who actually know wtf they are doing. Stay on top of exploits, keep your software and patchsets up-to-date, plug the holes in your firewalls, don't do stupid things like plaintext storage of passwords anywhere, force the use of keys where possible, etc... you know, all the basic stuff that gets discussed whenever security comes up. Most successful attacks that make the news are not examples of very clever attackers but rather abysmally unaware defenders.

      Maybe I don't know what I'm talking about, but from here it looks like someone complaining that they're car might get stolen because they keep leaving it running with the doors open in a busy part of town with no police or cameras. "Omg auto theft is likely to go up and people will be run over by inexperienced/drunk/high drivers who shouldn't be behind the wheel, we must do something!" Yeah, park it in a better spot, turn of the engine, take the keys out of the ignition, lock the door, and come back to check on it at least once a day. Derp.

      Who they use to launch the attack isn't necessarily the people who you would expect. Anyone could be used to launched the attack but the code could be written by the military. Or it could be the other way around where the military contracts anyone to write the code but then uses it's people. It's impossible know who is what or who does what.

  14. Well... by fredprado · · Score: 1

    Kaspersky would certainly say that. They are one of the parties most benefited by general security related panic.

  15. Cyber war is bullshit... by Anonymous Coward · · Score: 0

    ... it's just scare mongering to attempt to justify defense dollars.

    If you're infrastructure (beyond just computers) is capable of being hacked then you're not designing your infrastructure properly, you'd use older non-hackable you have to be physically present to fuck with it stuff. This is where older non-electronic technology comes in handy

    1. Re:Cyber war is bullshit... by StripedCow · · Score: 1

      If you're infrastructure (beyond just computers) is capable of being hacked then you're not designing your infrastructure properly

      Yes, but what if your CAD software gets hacked?

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
  16. Anything closed source is suspect. by elucido · · Score: 1

    It's not just Internet-connected infrastructure. In many cases, people took the proper precautionary steps, but weren't actively paranoid. To protect your infrastructure today, you really do need to be paranoid. People bring in gadgets infected with malware, plug the malware-infected gadget into a PC, and the PC infects every system on the network. OK, so you ban people from bringing in gadgets, and now you remove all secretarial PCs from the main network. Maybe you even disable every USB port and force people to use PS/2 keyboards and mice. Well, the next infection comes in from a contractor who installs software directly from the manufacturer. If the hackers know that you use Flash and/or Java in your company's intranet, it's not inconceivable that they manage to infect Flash or Java. I mean, we're talking about nation states here. They can do whatever the fuck they want, and money is not much of an issue.

    Somewhere along the line, people with resources a hundred times greater than yours will come up with a line of attack that you didn't defend against. And if you protect against everything obvious, who knows what the crazy fuckers will do? If I were on the Iranian nuclear power commission, I'd probably give the Americans and Israelis a semi-obvious backdoor to my network, just so that they don't send in black ops teams. I'm not saying that I think the Americans and Israelis would be so stupid, but, then again, these people probably grew up watching James Bond movies. They probably think that shit is exciting.

    If you can't inspect the source code and the compiler then it could very well be suspect. A backdoor in the compiler itself is all it takes to put a backdoor on everything compiled with that compiler. How would you defend against that?

  17. It all depends from what you sell. by ctrl-alt-canc · · Score: 1

    If mr. Kaspersky sold nuclear weapons, he would say that A-bombs are cleaner but more powerful than cyber weapons.

  18. Anything open source is suspect. by Anonymous Coward · · Score: 1

    Unless you're, line by line, going through every line of code - code you're compiling yourself, having safely built the compiler yourself, you're not preventing anything.

    "But everybody's looking at it! Open source man!"

    Said everybody who failed to notice the numerous compromised repositories over the years.

    Granted, having the ability to do that - despite how painful and unlikely it is anybody will do it, is a good thing.

    1. Re:Anything open source is suspect. by phantomfive · · Score: 1

      Everything you say is true, and yet you can still be safer with open source.

      --
      "First they came for the slanderers and i said nothing."
  19. Self serving, corrupt ass (he and his ex) by guisar · · Score: 1

    Surprising eh- such a quote from someone who hangs with the FSB and is busy drumming up business for he and his ex? He's also argued this as the motivation behind his call for a complete lack of transparency and privacy for average citizens including the need for government provided authentication as a "protection". He's a self-serving corrupt ass using his money and influence to impose his and his friends will on anyone he can. He (along with the internet braintrust represented by Russia, the UAE, China, Saudi Arabia, Algeria, Sudan, and Egypt), wants the ITU to "take over" management of DNS. Don't buy his products he is, as much as anyone of influence in this circles, evil.

  20. Ban cyberweapons and only criminals will have them by PoolOfThought · · Score: 1
    FTA:

    Hypponen added that what set cyber-weapons apart from traditional weapons was the fact that anyone could get their hands on one of these weapons, unlike a nuclear bomb, missiles or tanks which only armies would have access to.

    Regular people can't get ahold of traditional weapons? What? Isn't that a large part of what most of the US (and the peanut gallery around the world) has been arguing about for the last month? That people can get their hands on the terrible traditional weapons?

    So why don't "they" (go as far up the chain as need be) just outlaw cyber-weapons around the world. Seems like that would take care of the whole problem... or does that only apply to computers... or neither? And do you think "they" would be scared shitless of the prospect of trying "require" the cyberweapons of the US or Russia to be handed over. And do you think that the US, Russia, UK, Israel, Iran, Pakistan, any of them would be willing to give theirs up when there is even the slightest prospect that anyone else on that list had them? How'd that work out with nukes?

    If you ban cyberweapons, only criminals will have cyberweapons.

    --
    My present is the activity I am currently engaged in with the purpose of turning the future into a better past.
  21. Limit the size of data packets by JRHelgeson · · Score: 1

    Military uses packet sizes of 1500 bytes. We should limit the packet sizes for TCP to 768 bytes for civilian (non law-enforcement) use. Law-enforcement can use 1500 byte packets only after going through special training. This will help mitigate the threat posed by cyber warfare - and it makes as much sense as any other policy being proposed.

    --
    Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
  22. Mini fix by jones_supa · · Score: 1

    Mikko Hypponen

    Ahem...the other dude's name is Mikko Hyppönen.

    (comicbookguy-voice) Worst, summary, ever.

    1. Re:Mini fix by JRHelgeson · · Score: 1

      Didn't you hear? He got approved for a second umlaut. His name is now: Mikkö Hyppönen

      --
      Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
  23. Kaspersky by Alex+Belits · · Score: 1

    Kaspersky really should stop pretending to know anything other than DOS and Windows malware. "Cyber weapons" exploit easily avoidable vulnerabilities, that exist because companies responsible for infrastructure-critical software are incompetent and greedy. Stop filling the market with overpriced hastily built crap, and there would be no "evil hackers" to speak about.

    --
    Contrary to the popular belief, there indeed is no God.
  24. Anonymous by cstacy · · Score: 1

    Sounds too much like the recent Battelstar Glactica reboot to me...

    Anonymous evolved...and They Have No Plan

  25. Worse than children finding unspent mines? by Anonymous Coward · · Score: 0

    Spare me.