The Fog of Cyberwar: Now theft and sabotage instead of just spying
A conversation with Mikko Hyppönen
Infosec 2016 Cyber-conflict between nations has entered a new phase with a switch from espionage to sabotage and theft, according to infosec guru Mikko Hyppönen.
The BlackEnergy-related attacks on the electricity grid last December and the more recent attack on at least four international banks have upped the ante in the sphere of cyber-conflict, according to F‑Secure's chief research officer.
Russia and North Korea, respectively, are the chief suspects in the two campaigns. Hyppönen said the attacks mark an escalation in a "cyber arms race" which he compares to the Cold War nuclear arms race.
"We've switched from cyber-espionage to offensive cyber action," Hyppönen told El Reg. "The cyber arms race is just beginning and it's going to get much worse."
"Ukraine was a game changer: the first offensive cyber action. The SWIFT attacks were about stealing money rather than secrets," he added.
Hackers tried to steal $1bn through the SWIFT attacks and successfully robbed $81m from funds held by the biggest victim, the central bank of Bangladesh.
"This tells us how desperate North Korea is," according to Hyppönen.
Hyppönen said that in some way, the cyber arms race might be more dangerous than previous arms races. We knew who had nuclear warheads and how many, but we don't know who has the biggest cyber capability.
US, Israel, Russia in that order probably have the greatest offensive capability in cyberspace, but we don't know the abilities of other nations, according to Hyppönen. Worse yet there's no deterrence, and hacking or planting malware on enemy systems can be both effective and cheap.
"When someone used a B-52 to drop bombs, the victim knew pretty well where it came from, but cyber attacks give an adversary deniability," according to Hyppönen.
International law experts have worked hard to put together a Geneva convention for cyberconflict, in the shape of the Tallinn Manual. Hyppönen praised these efforts as "ground-breaking," while cautioning that they've yet to be tested practically.
Many experts describe the infamous Stuxnet worm of 2010 as the first cyber weapon and the attacks on Estonia in 2007 as the first conflict. For Hyppönen, however, we ain't seen nothing yet.
El Reg spoke to Hyppönen ahead of his keynote on Tuesday, the first day of the Infosecurity Europe trade show in London. ®