Hi Mikko, you are a legend of the hacking community, can you tell more about your technical background? When did you start hacking?
I got my first computer (a Commodore 64) when I was 13 years old. I started programming in assembler on it almost immediately. I sold my first programs at age 16. Those early assembler skills are what eventually lead me to do virus analysis and reverse engineering, when I was 20. At the time, I was studying programming and found a part-time job at a local security company. I’m still doing malware analysis, 25 years later.
Which are the most interesting hacking communities on the web today?
There’s plenty of interesting mailing lists and forums, but – a bit surprisingly – Twitter is a very good way to get connected with the infosec community. Almost everyone is on Twitter and it’s easy to reach out to anybody. Of course, more sensitive discussions have to be done over encrypted channels, but Twitter has turned out to be very useful for making connections.
What about the militarization of the cyberspace?
It’s quite obvious why militaries are interested in using the internet: attacks like these are effective, they are cheap and they are deniable. All of these qualities are highly sought after in espionage and military attacks. In effect, this started a cyber arms race which today is a reality is most of the technically advanced nations. These nations weren’t just interested in running cyber defense programs to protect themselves against cyber attacks. They wanted to gain access to offensive capability and to be capable of launching offensive attacks themselves.
To have a credible offensive cyber program, a country will need a steady supply of new exploits. Exploits don’t last forever. They get found out and patched. New versions of the vulnerable software might require new exploits, and these exploits have to be weaponized and reliable. To have a credible offensive cyber program, a country needs a steady supply of fresh exploits.
What scares you the most in the Internet?
It’s always scary to find a piece of critical infrastructure connected to the public internet. Things like energy grids, power plants, water treatment centers, dams and food processing plants.
They really should not be online. But they are. We know, because we regularly find them when scanning the net.
Have you ever found a strain of malware that has literally shocked you? Which one?
Stuxnet shocked the whole industry. It was a real eye-opener. First we thought it was interesting just because it had so many zero-day vulnerabilities in one malware. Then we realized it was something much, much bigger. We still consider there to by time before-stuxnet and time after-stuxnet. That’s how big a deal it was.
I’m a common Internet user that is asking you how to protect my privacy? Which are the tools that I can use to avoid monitoring and surveillance on the Internet?
It’s hard to protect your privacy online. Encryption helps. VPNs help. Browsing in private mode helps. Deleting cookies help. Staying logged out of Facebook, Linkedin and Google helps. Using different browsers help. But there is no 100% privacy online. Unfortunately.
Thank you Mikko!
If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.
(Security Affairs – Mikko Hypponen, hacker)