Incident Response, Malware, Network Security, TDR

Black Hat: Expert sheds light on government sponsored malware creation

Parallels can be made between the nuclear arms race of the 1940s and the activities governments are currently involved in within the cyber threat landscape, according to a renown security expert.

After canceling his scheduled session at the 2014 RSA Conference in San Francisco, Mikko Hypponen, chief research officer at F-Secure, has delivered some enlightening talks regarding privacy and government surveillance. 

At this year's Black Hat conference in Las Vegas, Hypponen gave a brief history of government sponsored malware creation and its affects on organizations and citizens today. 

"We had the nuclear arms race for decades, but now we seem to be in a cyber arms race," Hypponen said Wednesday during his talk. "The idea of democratic western governments backdooring technology or using malware and trojans against other democratic governments would've sounded like science-fiction, but that is exactly where we are today." 

While he drew the comparison of the current escalating production of government-sponsored malware to what was once the nuclear arms race, he made one distinction between the two; deterrence. 

"The power of nuclear weapons is in deterrence," he said. "You know other countries have nuclear weapons because they show them. When you blow one up, it's easy for other countries to see them." 

This is obviously not the case when it comes to the cyber realm. 

Hypponen went on to discuss the evolvement of cyber threats and how enemies have changed over the years from "kids and hobbyists" creating simple viruses and attack techniques to cyber crime gangs looking to earn money, and now governments. 

"Government activity has only been with us for 10 years," he said.

Although Hypponen stated that governments are far from being involved in what many classify as a "cyber war," he did mention that should countries utilize malware during the time of war, technically, according to the Geneva Conventions, an organization could be classified as a target.

"When I joined [F-Secure] in 1991 to analyze viruses spreading on floppy disks I didn't expect it would come to this," he said. "But that's what's happened." 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.