Microsoft Subnet An independent Microsoft community View more

F-Secure's Mikko Hypponen: George Orwell was an optimist

F-Secure released a Threat Report for the first half of 2013, but the firm's chief research officer also had a few things to say about exploits, the NSA and government surveillance.

Finnish security firm F-Secure Labs recently released a Threat Report [pdf] for the first half of 2013; it shows "a continued rise in exploit-based attacks, particularly against Java, and an increasing sophistication in mobile threats." Regarding exploits, the most common attack vector, "users in the U.S. saw the most vulnerability-related attacks, with 78 out of every 1,000 users encountering an exploit attempt."

Mikko Hypponen, chief research officer of F-Secure, had a few other things to say about zero-day exploits and NSA spying. After the leaks, first came the claim that the NSA is only monitoring foreigners. Since he isn't an American, Hypponen found no comfort from that. After leaks revealed the NSA targeted the EU, the next NSA damage-control statements that emerged were about monitoring due to the War on Terror. Hypponen told V3, "It's very difficult to list spying on an ally government department as being part of the War on Terror."

"The next justification was 'everyone's doing it' and this is no different. But it is different, as no country has the visibility the U.S. does. How many businesses use U.S.-based companies' systems? There used to be some people using Nokia, but that's been sold to the U.S. Skype used to be trusted but it's been sold to the States. All the world is using a U.S.-based cloud system that the U.S. government has a legal right to. It's not the same."

...

"The two greatest tools of our time have been turned into government surveillance tools. I'm talking about the mobile phone and the internet. George Orwell was an optimist. This is what's happened."

Earlier this month, MuckRock obtained a contract via a Freedom of Information Act request that showed the NSA purchased a zero-day exploit service from the French security company Vupen. In September 2012, the NSA signed a one-year subscription for Vupen's "binary analysis and exploits service." That news caused ripples in the cyber ether, with some people believing it was to be expected and others believing it was curiosity on the part of the NSA, not lack of talent to create exploits.

Hypponen, however, believes that the outsourcing for weaponized exploits is a sign the NSA and UK's GCHQ may be suffering from a shortage of talented cyber-warriors. He's been checking out job listings for the last two years, and posts that require "experience with 'the Fort Meade customer' as a necessary skill" are referring to the NSA.  He told V3, "It's no wonder they're outsourcing, because they can't build or find the skills inside. If you want to have a good cyber offensive capability you need a new arsenal of exploits. You need a fresh supply of weaponized exploits, which builds a demand in the market."

Regarding exploits and vulnerabilities in the first half of 2013, F-Secure's Threat Report states, "The whole point of carrying out an exploit-based attack is to install malware onto a system - be it ransomware, bots, banking trojans or backdoors." The report covers Advanced Persistent Attacks (APT), Android as the most-attacked mobile platform, and the growth of Mac malware. According to F-Secure, ZeroAccess, the second largest botnet in the world, is focused on getting rich with Bitcoins. "We estimate them to make over $50,000 a day by mining Bitcoins on infected computers."

"The most notable information security occurrence of early 2013 is undoubtedly the hacking and breach of several Internet giants (Twitter, Facebook, Apple, Microsoft) and of numerous other Silicon valley companies via a watering hole at iPhone Dev SDK," according to the Threat Report. The fact that the general public "has learned few lessons" about such attacks may be due to the companies involved keeping "important details tightly under wraps."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.