Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Says Cyber Weapons "Cleaner" Than Traditional Weapons But "Much Worse"

Posted by samzenpus on from the give-me-email-or-give-me-death dept.

DavidGilbert99 writes "Eugene Kaspersky and Mikko Hypponen have been watching the cyber security world every since happy hackers were writing viruses for nothing more than their own entertainment. Today however things are very much different. At the DLD 2013 conference, the pair debated the current state of cyber warfare and cyber weapons. Kaspersky said that while cyber weapons may be much 'cleaner' than traditional missiles, guns and bombs, they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss. Hypponen said that we are in the 'first stages of a cyber-arms race' warning: 'I think we've only seen the very beginning of these problems.'"

8 of 89 comments (clear)

  1. not worse by rubycodez · · Score: 4, Interesting

    defacing websites? taking down SCADA systems of those stupid enough to internet connect them? who has died as direct result of cyber crime?

    1. Re:not worse by coldsalmon · · Score: 4, Funny

      Most people would rather die than lose the ability to watch cat videos on YouTube.

    2. Re:not worse by Elbereth · · Score: 5, Insightful

      It's not just Internet-connected infrastructure. In many cases, people took the proper precautionary steps, but weren't actively paranoid. To protect your infrastructure today, you really do need to be paranoid. People bring in gadgets infected with malware, plug the malware-infected gadget into a PC, and the PC infects every system on the network. OK, so you ban people from bringing in gadgets, and now you remove all secretarial PCs from the main network. Maybe you even disable every USB port and force people to use PS/2 keyboards and mice. Well, the next infection comes in from a contractor who installs software directly from the manufacturer. If the hackers know that you use Flash and/or Java in your company's intranet, it's not inconceivable that they manage to infect Flash or Java. I mean, we're talking about nation states here. They can do whatever the fuck they want, and money is not much of an issue.

      Somewhere along the line, people with resources a hundred times greater than yours will come up with a line of attack that you didn't defend against. And if you protect against everything obvious, who knows what the crazy fuckers will do? If I were on the Iranian nuclear power commission, I'd probably give the Americans and Israelis a semi-obvious backdoor to my network, just so that they don't send in black ops teams. I'm not saying that I think the Americans and Israelis would be so stupid, but, then again, these people probably grew up watching James Bond movies. They probably think that shit is exciting.

  2. Scare Headlines Sell Products by BoRegardless · · Score: 5, Insightful

    I am not surprised by Kapersky saying what he does.

    If you don't want your automation system attacked, then keep it off line and what is off line monitored and limited so it can't be accessed improperly and then treat your crew right...with supervision.

    Life is not easy.

  3. Where are we on the gunpowder scale? by paiute · · Score: 4, Interesting

    In meatspace war, the object was always to damage flesh. We first had blunt objects (stones, clubs) which gave way to sharp piercing weapons (spears, arrows) which gave way to propelled metal (flintlocks, rifles) which gave way to blast waves and shrapnel (shells, bombs) which evolved into directable versions (cruise missiles, armed drones). The next step is probably autocontrolled weapons v1.0, iRobots which scurry through the battlefield and club the enemy or some such.

    I wonder where we are on that scale with weaponizable viruses. Are Stuxnet and its peers the equivalent of Predator drones or will we look back decades from now and think that they were the crude matchlock blunderbusses of their day?

    --
    If Slashdot were chemistry it would look like this:Cadaverine
  4. Just about anyone. by Anonymous Coward · · Score: 3, Insightful

    they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss.

    Um, nation-states are not "just about anyone". They actually tend to be the same people who have all those "dirty" traditional weapons too. Sure, in theory some rogue basement dweller could launch a massive cyber attack just before his mother calls him up for dinner, but in general such attacks build on information gathered by intelligence services and the State Department (you need to know what you are targeting to do it efficiently).

    The fact that such dire warnings come from someone who just happens to profit from the existence and above all fear of malware makes it a little hard for me to take it as seriously as he apparently does.

    Incidentally, if some basement dweller on the other side of the planet really does pose a threat to your national security, you need to fire the clowns who set up your IT infrastructure and hire some people who actually know wtf they are doing. Stay on top of exploits, keep your software and patchsets up-to-date, plug the holes in your firewalls, don't do stupid things like plaintext storage of passwords anywhere, force the use of keys where possible, etc... you know, all the basic stuff that gets discussed whenever security comes up. Most successful attacks that make the news are not examples of very clever attackers but rather abysmally unaware defenders.

    Maybe I don't know what I'm talking about, but from here it looks like someone complaining that they're car might get stolen because they keep leaving it running with the doors open in a busy part of town with no police or cameras. "Omg auto theft is likely to go up and people will be run over by inexperienced/drunk/high drivers who shouldn't be behind the wheel, we must do something!" Yeah, park it in a better spot, turn of the engine, take the keys out of the ignition, lock the door, and come back to check on it at least once a day. Derp.

  5. Re:Depends on the size of the gun by TheLink · · Score: 2

    Kaspersky are being completely ridiculous if they think the current cyberweapons are much worse than nukes. With nukes we can knock out computers with EMP, even if they are not connected to any network at all. Don't even have to be close enough to vaporize stuff. We can wipe out most major cities in the world with our existing nukes.

    Cyberweapons aren't going to stop all or even most of our computers from working. As for the computers that hold our money, the bankers and their friends have probably lost more money than any malware or hacking will. Most banks have backups of data too, and there's usually some sort of checking to ensure that banks don't create or destroy money without authorization.

    --
  6. Re:Depends on the size of the gun by Zorpheus · · Score: 2

    That is why you shouldn't connect everything to the internet. My car doesn't need automatic software updates. The navigation and sound system need data connections, but they don't need a data connection to the engine controller.