F-Secure’s Chief Research Officer Company Mikko Hyppönen at the TrustyCon conference in San Francisco explained that almost every government is spending a great effort to improve its cyber capabilities building a cyber weapon.
“Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction,” “If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that’s exactly where we are today.” he told during his speech.
Countries like US and Israel are probably most advanced in the development of cyber weapons, Stuxnet was the first malware designed with the specific intent to hit critical infrastructure of a hostile Government like Iran.
Consider also China that is probably the most aggressive state, according to the US intelligence the Government of Beijing has its malware already used in different state-sponsored attacks.
Also European governments are very active in the development of state-sponsored malware, German police and customs officials have used in the past a malicious code dubbed R2D2. The Trojan also referred to as “0zapftis” or “Bundestrojaner”, was able to track and collect data on victims’ PC, including Skype conversations. Other countries very active are the Sweden, that has developed its malicious code, and Russia that is investing to improve its cyber arsenal.
In time I’m writing the security community is evaluating the possibility that advanced Uroburos rootkit that has been infecting networks since as far back as 2011, is a modular spyware of the Russian government cyber weapons programme.
Hyppönen was involved in the investigation on Stuxnet, and he discovered that was possible to make a reverse engineering of the detected samples to build new agents and hit new types of targets.
In the case of Stuxnet it was hard to modify the code related to the attack against industrial SCADA control systems, but anyway, the malware could be adapted to send malicious commands to an infected industrial plant that could cause serious damages.
These agents are very effective and adopt complex techniques to deceive victim’s systems, the Flame malware, for example, used a false Windows Update system to spread itself, but malware authors were able to sign malicious code to allow target infection without raising suspects.
Recently security experts at Kaspersky lab identified a new malware family used in a large-scale cyber espionage campaign dubbed the Mask, probably the most sophisticated APT operation seen to date that hit entities in 31 different countries. The agents behind The Mask are Spanish-speaking and exploited at least a zero-day in their campaign, distributing the Mask malware on every OS including Mac OS X, Linux, and perhaps even iOS and Android.
Many experts argue that the anti-virus companies, in some cases, have not prevented the spread of malware because they agreed with the governments.
The Dutch campaign group called Bits of Freedom invited principal antivirus vendors to reveal any request to whitelist some kinds of malware being designed by the government, Hypponen claimed that Symantec and McAfee have not yet responded.
“The question was answered by our CEO saying ‘No, we haven’t’, we have never whitelisted any government malware since the source doesn’t come into play – we simply protect all our customers,” “We’ve had this policy for 13 years.” said Mikko Hyppönen.
If antivirus companies are whitelisting state malware there will be the concrete risk that Government-built malware and cyber weapons will run out of control.
(Security Affairs – Cyber weapon, malware)