15 comments

[ 3.9 ms ] story [ 50.5 ms ] thread
"While antivirus companies might catch some, he says, only an international treaty that would ban militaries and spy agencies from making viruses will truly solve the problem. "

I really doubt that it would stop the problem. Viruses would still be made by the militaries/agencies.

Viruses that take out nuclear weapons facilities from countries such as Iran and North Korea seen like a far better alternative than using traditional weapons. I can't think of any case where civilians were killed by a computer virus.
Not yet, but it is still completely possible. Stuxnet was designed to cause physical damage to sensitive equipment. Imagine if a virus overloaded a power system. People could be injured by damaged transformers, people could be killed by failing electronics (anything from streetlights/stoplights to failing medical equipment). Iranian nuclear employees could have been injured or killed by the failing centrifuges.

Anything that relies on inter-networked controller systems has potential to be attacked by a virus, and many of them have potential to be destructive to human life.

Who else thinks that the world needs an international arms control treaty to forbid cyber weapons?

Especially Americans need to get behind this. Right now Americans have a perceived advantage in cyber weapon technology and are thus opposed to cyber arms control.

I'm not opposed to this at all but I question how exactly enforcement would/can work. We don't know with 100% accuracy who was responsible for Stuxnet, Flame, Operation Aurora, etc and especially with code, it is going to be exceedingly difficult in most cases to get evidence such that blame can be leveled with any certainty.
Furthermore unlike nukes it is completely impossible to verify that a country dosen't have cyber weapons. Cyber weapons can be hidden in someone's shoe, you can't do that with a nuclear arsenal.
From what we've seen, these cyberweapons take a long time to work their way behind enemy lines and must evolve as they do so. If it's hidden in a shoe then it's not really a useful cyberweapon.
The obvious question, the true cost of MS Windows is what again, you saving money?

Thi sis why ever Cyber Security CZar leaves Washington because the real problem is not security its MS Windows being unsecured by default and design.

> When Eugene Kaspersky (...) discovered the Flame virus (...), he recognized it as a technologically sophisticated virus that only a government could create.

How does one know whether a virus can only have been produced by a gvt or not?

Mainly it comes down to how much money was invested in the development, coupled with how much return the creators would have. Sophisticated malware tends to make a profit for the creators. If it doesn't have this capability, then there must be some other motive.

Take the recent article on Stuxnet: the claim is that the virus knew the layout of the building, the exact systems to be infected, how to lie to the sensors, and how exactly to cause physical damage to the machines. This requires a lot of surveillance and intelligence (as in spying). Highly unlikely a private team would have access to the information needed to create it. Stuxnet didn't make the creators any money; it was designed to just damage. Likewise from my understanding of Flame, it's not designed to make money, it's designed to gather military-industrial intelligence.

Kapersky is a nut. His products are worse than what he purports to 'cure'.