
Cyberweapon Warning From Eugene Kaspersky - robg
http://www.nytimes.com/2012/06/04/technology/cyberweapon-warning-from-kaspersky-a-computer-security-expert.html
======
shaggyfrog
Prognostications? From this Kaspersky?

[http://macdailynews.com/2011/06/17/kaspersky-cto-apple-
shoul...](http://macdailynews.com/2011/06/17/kaspersky-cto-apple-should-open-
up-ios-within-a-year/)

<http://news.cnet.com/8301-10784_3-6173682-7.html>

[http://www.macworld.com/article/1150904/iphone_prediction.ht...](http://www.macworld.com/article/1150904/iphone_prediction.html)

He (and his company) are good at getting in the news, but I'm kind of tuned
him out from actual commentary on computer security.

------
meric
The screenshot of the Flame program in the article shows Lua code.
[http://graphics8.nytimes.com/images/2012/06/04/business/jpVI...](http://graphics8.nytimes.com/images/2012/06/04/business/jpVIRUS-2/jpVIRUS-2-popup.jpg)

~~~
seclorum
Thats because Flame is a Lua app.

------
SlipperySlope
Who else thinks that the world needs an international arms control treaty to
forbid cyber weapons?

Especially Americans need to get behind this. Right now Americans have a
perceived advantage in cyber weapon technology and are thus opposed to cyber
arms control.

~~~
klt0825
I'm not opposed to this at all but I question how exactly enforcement
would/can work. We don't know with 100% accuracy who was responsible for
Stuxnet, Flame, Operation Aurora, etc and especially with code, it is going to
be exceedingly difficult in most cases to get evidence such that blame can be
leveled with any certainty.

~~~
lotu
Furthermore unlike nukes it is completely impossible to verify that a country
dosen't have cyber weapons. Cyber weapons can be hidden in someone's shoe, you
can't do that with a nuclear arsenal.

~~~
extension
From what we've seen, these cyberweapons take a long time to work their way
behind enemy lines and must evolve as they do so. If it's hidden in a shoe
then it's not really a useful cyberweapon.

------
Fire30
"While antivirus companies might catch some, he says, only an international
treaty that would ban militaries and spy agencies from making viruses will
truly solve the problem. "

I really doubt that it would stop the problem. Viruses would still be made by
the militaries/agencies.

~~~
briandear
Viruses that take out nuclear weapons facilities from countries such as Iran
and North Korea seen like a far better alternative than using traditional
weapons. I can't think of any case where civilians were killed by a computer
virus.

~~~
freehunter
Not yet, but it is still completely possible. Stuxnet was designed to cause
physical damage to sensitive equipment. Imagine if a virus overloaded a power
system. People could be injured by damaged transformers, people could be
killed by failing electronics (anything from streetlights/stoplights to
failing medical equipment). Iranian nuclear employees could have been injured
or killed by the failing centrifuges.

Anything that relies on inter-networked controller systems has potential to be
attacked by a virus, and many of them have potential to be destructive to
human life.

------
bambax
> _When Eugene Kaspersky (...) discovered the Flame virus (...), he recognized
> it as a technologically sophisticated virus that only a government could
> create._

How does one know whether a virus can only have been produced by a gvt or not?

~~~
freehunter
Mainly it comes down to how much money was invested in the development,
coupled with how much return the creators would have. Sophisticated malware
tends to make a profit for the creators. If it doesn't have this capability,
then there must be some other motive.

Take the recent article on Stuxnet: the claim is that the virus knew the
layout of the building, the exact systems to be infected, how to lie to the
sensors, and how exactly to cause physical damage to the machines. This
requires a lot of surveillance and intelligence (as in spying). Highly
unlikely a private team would have access to the information needed to create
it. Stuxnet didn't make the creators any money; it was designed to just
damage. Likewise from my understanding of Flame, it's not designed to make
money, it's designed to gather military-industrial intelligence.

------
briandear
Kapersky is a nut. His products are worse than what he purports to 'cure'.

