AusCERT2012: Governments stockpiling cyber arms

By on
AusCERT2012: Governments stockpiling cyber arms
F-Secure chief research officer Mikko Hypponen discusses the advent of government-led cyber war.

The cyber arms race is in full swing.

Governments are ramping up use of defence contractors to stockpile security expertise in an attempt to increase their ability to attack foreign governments through software exploits.

The rush to build expertise from governments worldwide was likely sparked by the launch of Stuxnet against Iran's uranium enrichment facilities, according to F-Secure's chief research officer, Mikko Hypponen.

Though Iran's response to the attack - at times linked to the US and Israel governments - was muted, the move to build protection and offensive capabilities has since exploded.

Complete coverage of AusCERT 2012

Hypponen noted the US' largest defence contractors seeking to fill more than 200 roles that required top secret security expertise for the purpose of developing and stockpiling exploits against PCs, smartphones and enterprise systems aimed at crippling a foreign government's network.

"The cyber arms race has started," Hypponen told the AusCERT 2012 conference on the Gold Coast this week.

"We're in the middle of all technically capable nations stockpiling on cyber arms for their own arsenals. Cyber arms don't last very long, they go bad or rot away as those exploits get found so they have to keep a current stockpile."

That security expertise and the exploits was being hired by those contractors on behalf of governments worldwide.

The growing attempts to build their capability online, which can be sourced as far back as 2005 according to Hypponen, also placed private security experts in a compromising situation as they decided whether to protect their clients from government-sponsored exploits.

"I don't have to think about it - We should and we are detecting [government-made] trojans," he declared.

"That's of course a delicate subject because at the same time we are working with the government and we are working with police to hunt down online criminals. But at the same time, we can't help them with this.

"I can see why they want to use trojans, go ahead and use them, don't tell us about it. We will try to detect them."

 

 

DDoS as legal protest?

Hypponen also warned that the distributed denial of service techniques used by highly visible hactivist groups like Anonymous and LulzSec may not remain as demonised as it currently is by governments and modern legal systems.

"According to current laws in almost any country it isn't, but maybe one day it will be because [hacktivists] will grow up," he said.

The use of DDoS to protest restrictive potential laws like SOPA or PIPA appeared contradictory to Hypponen, who said it only increased the perceived need to pass such laws in order to block the source of such attacks.

However, he suggested that denial of service could ultimately be levelled with physical sit-in protests as knowledge and understanding of such groups evolved.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?