Cyber war is coming and governments are going to flex their muscles in the coming months, says Mikko Hypponen
As governments increasingly find themselves involved in cyber attacks, whether they are the perpetrators or the victims, they will start to flex their muscles more.
That’s the view of Mikko Hypponen, chief research officer at F-Secure, who thinks the cyber arms race will closely resemble the nuclear arms race of the 20th century, where nations put on public displays of firepower to frighten enemies.
“There will be public demonstrations of cyber power just to get the deterrent,” Hypponen says. And it’s something the US has already started doing, albeit indirectly, he claims.
Since Stuxnet was uncovered in 2010, disrupting Iran’s uranium enrichment processes by making centrifuges go crazy, it has become clear governments are investing in their digital arsenals. It is believed the US and Israel were behind that infamous initiative.
In the last year, the world has learned of Flame, Gauss and Duqu – all highly-advanced cyber espionage tools, all likely funded by regimes.
US fanning the cyber war flame
Much of it remains unseen, but Hypponen believes the US, which is also thought to have driven the Flame campaign, wanted the world to know it was behind that historic piece of malware Stuxnet. “You think they leaked it by accident? I don’t think so, not for a moment. It is election year,” he told TechWeekEurope. “They took the credit for Stuxnet.”
America, in talking so openly about cyber threats and in leaking information on their attacks, are attempting to deter others from making attempts on US networks, he says.
The Chinese are likely to be investing heavily too. But in a typically Chinese way, they are far more secretive than their American counterparts. Indeed, most of the information on China’s efforts come from US sources.
Is the US perhaps guilty of fuelling the debate on purpose, in order to justify retaliation, as it looks at its own cyber jus ad bellum? Hypponen was particularly suspicious of US claims that an attack on oil giant Saudi Aramco, which crashed 30,000 machines, was committed by Iran in response to the Stuxnet campaign and to US-led sanctions on the country’s nuclear projects.
“I don’t think I’m buying it. Something is missing. If they were retaliating why wouldn’t they be retaliating against the US or Israel?”
Then there is the Huawei situation. Whilst Hypponen is undecided on whether Huawei’s kit does contain purposeful backdoors, or if it is just “crappy code”, he has his own questions about US vendors’ ties to the federal government. In particular, he wonders why Intel hasn’t moved chip fabrication operations to China, as the majority of other American hardware firms have done.
“Everyone else is moving their chip fabrication to the cheapest place in China. Intel has seven chip fabrication plants in the US. I don’t think it is a coincidence.
“Business logic would have driven them to China but they haven’t and I think there is a reason.” Which is? “I don’t know,” he adds, with a wry smile.
“I was expecting to see a comment from the Chinese Chamber of Commerce to tell Chinese companies to avoid doing business with Cisco, Intel and Microsoft because of their ties to US government.”
Hypponen admitted, however, that it would be trickier for Chinese firms to ditch those vendors, given their global footprint and in China.
Evidence of cyber warfare piles up
Regardless of suspected surreptitious behaviour, evidence of government involvement in malware creation continues to pile up.
Just this week, more reports of nation state activity in the cyber space emerged. CERT-Georgia reported on a major cyber espionage campaign, which saw Georgian government bodies infected with malware. That included Georgian parliament and government departments.
The purpose of the malware was to collect confidential documents on Georgian and US security, establishing a connection with Russian security agencies, according to the report. It claimed a number of Georgian news-related sites were hacked to serve up nasty code to users, in the hope that government officials would visit those websites.
A follow-up analysis by security firm AlienVault showed how various obfuscation methods were used to hide the malware, which was also capable of recording audio over the microphone as well as video over webcams, according to CERT-Georgia.
The ‘Georbot’ campaign appears to be yet another example of regime-funded cyber espionage. And Hyponnen, whilst he backs moves to regulate the arms dealers (i.e. exploit sellers and creators), believes we have crossed the Rubicon, even if these are only antebellum movements.
“We are seeing only the very first steps in the revolution in how wars are fought and how future crises will have this cyber element.”
Are you a security guru? Try our quiz!