The recent discovery of the malware called Flame as well as past incidences of cyber weapons Stuxnet and Duqu are ushering a new period of global conflict that is secretive, precise and destructive, according to Eugene Kaspersky, chief executive officer of leading developer of secure content and threat management solutions Kaspersky Lab.
In his blog, Kaspersky said to help contain the threat, there should be a global understanding among nations to manage these so-called cyber weapons.
“The international community has to try to reach an agreement governing the development, application and proliferation of these cyber weapons,” Kaspersky said.
“This will not solve all the problems, but at least it will help establish the rules of the game, integrating the new military technologies into the structure of international relations, preventing uncontrolled development and careless use,” he explained.
He also said that these types of malware have become the weapons of choice for cyber warfare that aims to destroy countries by attacking the very technologies that enable people’s lives.
“It is no less dangerous to the lives of people, cyber warfare can bring down economies especially when technology is well-integrated into major industries,” Kaspersky stressed.
“If certain countries are heavily dependent on technologies, the infrastructure and industrial facilities, financial and transport systems, utilities and other critically important objects should be reappraised in terms of the approach to information security,“ he added.
The 46-year-old CEO warned that “Stuxnet, Duqu and Flame are just the tip of the iceberg. We can only guess what other cyber weapons are circulating around the world. I’m sure we will have more discoveries soon. I just hope it doesn’t get too scary.”
And because there were no discussions on the rules of engagement on cyberspace among governments, Kaspersky said that a cyber attack could be perceived as an act of war. He noted that “last year, the USA announced that they reserved the right to respond to a cyber attack with traditional military means,” even if the attack is a mere “imitation, provocation, or misinterpretation.”
“There aren’t many people who currently understand the danger of cyber weapons. It’s hard to believe that some virus, a few kilo/megabytes of code can suddenly cause, say, an accident at a nuclear station, a fire on an oil pipeline or a plane crash, isn’t it? But mankind has for some time now become increasingly and imperceptibly dependent on information technologies,” Kaspersky said.
He also added that the new platform in declaring war against any government would be through technology. “I’m sure other countries have also made use of such technologies, but before it simply wasn’t discussed and everything was done on the quiet, little by little and secretly.”
Kaspersky pointed out the advantages of using cyber weapons over conventional weapons have provided “ethical and legal” justification for any institution to launch an attack.
“Kaspersky Lab, being a global security company, we state officially that we will fight any cyber weapons irrespective of the country of origin and any attempts to force us to ‘collaborate’. We consider any compromise on this score to be incompatible with our ethical and professional principles,” Kaspersky also added.
He stressed that “although the security industry has been focusing on combating mass epidemics for many years, its arsenal includes protection technologies which are most probably capable of preventing targeted attacks by cyber weapons. However, this will require users to rethink the security paradigm and introduce a multi-level protection system.”
Kaspersky also mentioned that apart from Stuxnet and Duqu, both of which were found to be targeting specific information technology hardware used in certain Iranian industries, Flame is another such malware.
According to Kaspersky Lab security experts who discovered it, the Flame is a highly sophisticated, malicious program that is actively being used as a cyber weapon to target entities in several countries. It can steal valuable information – including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations. Its complexity and functionality exceed those of all other known cyber weapons.
“The week after Flame was detected we saw several sudden newsflashes. The news basically ‘upgraded’ the current perception of military strategy and demonstrated that states have already been successfully applying offensive cyber weapons for several years now,” Kaspersky said.
Kaspersky also said the use of malware for cyber warfare has its ‘advantages’ to the attackers. First, they are effective and are cheaper to build than traditional weapons. These are also difficult to detect,hard to be traced back to the origin and can be replicated at no extra cost. Protecting an infrastructure against such malware is also difficult as these can change in code quite quickly.
Drawing from the action movie “Die Hard 4,” Kaspersky said it will not come as a surprise if a cyber war scenario depicted in the film would actually happen. He warned that cyberspace would also draw a new arms race.