Defence contractors stockpile exploits for cyber war

Powered by SC Magazine
 

AusCERT warned of global cyber arms race.

The 2009 Stuxnet attack on Iran's uranium enrichment facilities pitched governments in a race to stockpile security expertise, the AusCERT conference heard this week.

According to F-Secure's chief research officer, Mikko Hypponen, governments had ramped up use of defence contractors to increase their ability to attack foreign nations through software exploits.

Hypponen noted the US' largest defence contractors seeking to fill more than 200 roles that required top secret security expertise.

Those professionals would be tasked with developing and stockpiling exploits against PCs, smartphones and enterprise systems aimed at crippling a foreign government's network, he said.

"The cyber arms race has started," Hypponen told AusCERT 2012 delegates on the Gold Coast this week.

"We're in the middle of all technically capable nations stockpiling on cyber arms for their own arsenals. Cyber arms don't last very long, they go bad or rot away as those exploits get found so they have to keep a current stockpile."

That security expertise and the exploits was being hired by those contractors on behalf of governments worldwide.

The growing attempts to build their capability online, which can be sourced as far back as 2005 according to Hypponen, also placed private security experts in a compromising situation as they decided whether to protect their clients from government-sponsored exploits.

"I don't have to think about it ... We should and we are detecting [government-made] trojans," he declared.

"That's of course a delicate subject because at the same time we are working with the government and we are working with police to hunt down online criminals. But at the same time, we can't help them with this.

"I can see why they want to use trojans, go ahead and use them, don't tell us about it. We will try to detect them."

DDoS as legal protest?

Hypponen also warned that the distributed denial of service techniques used by highly visible hactivist groups like Anonymous and LulzSec may not remain as demonised as it currently is by governments and modern legal systems.

"According to current laws in almost any country it isn't, but maybe one day it will be because [hacktivists] will grow up," he said.

The use of DDoS to protest restrictive potential laws like SOPA or PIPA appeared contradictory to Hypponen, who said it only increased the perceived need to pass such laws in order to block the source of such attacks.

However, he suggested that denial of service could ultimately be levelled with physical sit-in protests as knowledge and understanding of such groups evolved.

Copyright © SC Magazine, Australia


Defence contractors stockpile exploits for cyber war
F-Secure chief research officer Mikko Hypponen discusses the advent of government-led cyber war.
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
F-Secure chief research officer Mikko Hypponen discusses the advent of government-led cyber war.
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1800

Vote
Do you support the abolition of the Office of the Information Commissioner?