Feeds

Government-built malware running out of control, F-Secure claims

What if antivirus companies are whitelisting state malware...

Build a business case: developing custom apps

TrustyCon A surprising number of governments are now deploying their own custom malware – and the end result could be chaos for the rest of us, F-Secure's malware chief Mikko Hyppönen told the TrustyCon conference in San Francisco on Thursday.

"Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction," he told the public conference. "If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that's exactly where we are today."

The US is leading the way in this, he said, having initiated the Stuxnet malware against Iran's nuclear enrichment facilities, although the actions against the Iranians were part of a much larger program, Operation Olympic Games, which was initiated by the then-President Bush and carried on by Obama.

Hyppönen said that he had investigated a Stuxnet sample to see if it could be modified to attack other targets and found that it could, up to a point. The specific control code to interfere with the industrial SCADA control systems used by the Iranians was very difficult to reshape, but the malware could be reconfigured to introduce random controls to be sent to an infected industrial plant that could cause havoc.

Later parts of Operation Olympic Games were even more worrying, he said, particularly the Flame malware which spread using a false Windows Update system. Normally the Windows operating system refuses updates from code that isn't properly cryptographically signed, but in this case the writers appeared to have used a large team of crackers and a supercomputer to spoof Microsoft's signing key.

But it's not just the Americans, he said. China has long been fingered as using state-sponsored malware, and last June US President Obama and the Chinese premier were due to have a White House summit on the issue. Unfortunately Edward Snowden started leaking the NSA's documents four days before the meeting and the crucial topic was abandoned.

In Europe, German police and customs officials have access to a bespoke computer Trojan called R2D2 which is used to track and collect data on targets. The Russians are also major players, and even the Swedes are in on the game; Hyppönen showed the audience leaked documents showed Swedish officials had had meetings with the NSA and were setting up their own malware program.

New state actors are also piling in. Hyppönen highlighted the birth of a new malware family, called Careto (Spanish for "the mask"), which popped up in February. That software nasty, which has cropped up in 31 countries, belongs to a yet unknown Spanish-speaking country and is spreading fast.

Hyppönen also wondered out loud whether some antivirus companies had overlooked government-crafted malware. A Dutch campaign group called Bits of Freedom sent a letter to all the major antivirus vendors asking them to confirm that they weren't being asked to whitelist some kinds of malware being produced by government.

"The question was answered by our CEO saying 'No, we haven't', we have never whitelisted any government malware since the source doesn’t come into play – we simply protect all our customers," he said. "We've had this policy for 13 years."

While ESET, F-Secure, Norman Shark, Kaspersky, Panda and Trend Micro replied to Bits of Information, Symantec and McAfee (among others) have not responded, Hyppönen claimed. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.