June 6, 2012
Stuxnet And The Future Of Cyber Warfare
Michael Harper for redOrbit.com
As our world becomes increasingly interconnected via the series of tubes and wires known as the internet, so too grows the risk of cyber-crime.
So far in 2012, we´ve already seen malware strike a large number of Macs, several attacks on large organizations and even the new Flame malware, which is said to be the most advanced and sophisticated malware yet.
Now, two different securities officials are saying they are worried about what our future may look like if we aren´t able to stop cyber-crime where it starts. Eugene Kaspersky, President and CEO of Kaspersky Lab (who first found Flame) told Reuters today that only a global effort could stop this new era cyber attacks
“It´s not cyber war, it´s cyber terrorism and I´m afraid it´s just the beginning of the game “¦ I´m afraid it will be the end of the world as we know it,” Kaspersky said.
“I´m scared, believe me. It's quite logical that there are new cyber weapons designed, and maybe already computers infected that we don't know about,” said Kaspersky, warning that the worst may still be out there, undetected. Frightening words, to say the least.
Not every securities professional agrees with Kaspersky, of course.
German researcher Ralph Langner has often been cited about Stuxnet, the computer worm used by Israel and the US to cripple Iran´s nuclear program.
“Flame is nothing really new. It doesn't bring any new qualities,” Langner told Ars Technica.
“Cyber-espionage has been conducted for years. Duqu, the German [state trojan] does similar things–it can turn on the microphone for voice messages. It's not new. Espionage attacks are occurring worldwide on a daily basis and for purposes of state espionage. In my opinion, Flame might be a little bit overhyped.”
Kaspersky, on the other hand, believes Flame might be the product of a very powerful government agency, similar to the US´s hand in Stuxnet.
“Flame is extremely complicated but I think many countries can do the same or very similar, even countries that don´t have enough of the expertise at the moment. They can employ engineers or kidnap them, or employ ℠hacktivists,” said Kaspersky.
Langner isn´t so worried that the US could be responsible for Flame. Rather, he´s more worried that American and European governments aren´t doing more to bolster their infrastructure against attacks. In a piece for the New York Times, Langner wrote, “It does not require the resources of a nation-state to develop cyber weapons.”
“I could achieve that by myself with just a handful of freelance experts. Any US power plant, including nuclear, is much easier to cyberattack than the heavily guarded facilities in Iran. An attacker who is not interested in engaging in a long-term campaign with sophisticated disguise (which rogue player would be?) needs to invest only a tiny fraction of effort compared to Stuxnet.”
Langner and Kaspersky both seem worried about the future and how well prepared large governments, such as the US, are prepared for it. When security officials such as these begin to mention how worried they are, or that they lose sleep, it becomes rather easy to be worried ourselves.
These officials aren´t alone in raising concerns about how we will not only protect ourselves from these threats, but also go on the offensive when the need arises. Kaspersky seems a little more worried than Langner, saying, “Software that manages industrial systems or transportation or power grids or air traffic, they must be based on secure operating systems. Forget about Microsoft, Linux, Unix.”
Langner, however, has a little more hope for the US government in this aspect. He ended his interview with Ars Technica saying, “I think when I reached the conclusions that (Stuxnet) must have been launched by the United States that added to my comfort–you're the good guys.”