Government-built malware running out of control, F-Secure claims

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2014/02/28/governmentbuilt_malware_running_out_of_control_fsecure_tells_trustycon/

By Iain Thomson
The Register
28 Feb 2014

TrustyCon - A surprising number of governments are now deploying their own 
custom malware -- and the end result could be chaos for the rest of us, 
F-Secure's malware chief Mikko Hyppönen told the TrustyCon conference in 
San Francisco on Thursday.

"Governments writing viruses: today we sort of take that for granted but 
10 years ago that would have been science fiction," he told the public 
conference. "If someone had come to me ten years ago and told me that by 
2014 it will be commonplace for democratic Western governments to write 
viruses and actively deploy them against other governments, even friendly 
governments, I would have thought it was a movie plot. But that's exactly 
where we are today."

The US is leading the way in this, he said, having initiated the Stuxnet 
malware against Iran's nuclear enrichment facilities, although the actions 
against the Iranians were part of a much larger program, Operation Olympic 
Games, which was initiated by the then-President Bush and carried on by 
Obama.

Hyppönen said that he had investigated a Stuxnet sample to see if it could 
be modified to attack other targets and found that it could, up to a 
point. The specific control code to interfere with the industrial SCADA 
control systems used by the Iranians was very difficult to reshape, but 
the malware could be reconfigured to introduce random controls to be sent 
to an infected industrial plant that could cause havoc.

[...]

--
Find the best IT Security talent without breaking your recruiting budget - Jobs cross-posted to Simply Hired, Facebook 
and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/