Security expert Eugene Kaspersky has said that cyber weapons may be "cleaner" than traditional weapons but they are "much worse" and very difficult to protect against.

Eugene Kaspersky Duqu 2
Eugene Kaspersky, on stage at DLD 2013 where he called cyber weapons cleaner but much worse than traditional weapons. (Image: Mikko Hypponen/Twitter) Mikko Hypponen/Twitter

Speaking at the DLD 2013 conference, Kaspersky made the comments during a debate with Mikko Hypponen, chief security researcher with security company F-Secure. Hypponen agreed that cyber-weapons developed by nation-states were going to be very hard to protect against.

"Attribution is one of the biggest challenges in this area - and one of the strengths [for governments] as [they] can launch [a cyber-weapon] and then deny it. [The] difficultly of attribution is that it is very easy to leave false flags, or false leads," Hypponen said.

Hypponen added that what set cyber-weapons apart from traditional weapons was the fact that anyone could get their hands on one of these weapons, unlike a nuclear bomb, missiles or tanks which only armies would have access to.

The debate in Munich comes just one week after Kaspersky Labs announced the discovery of Red October, a highly complex piece of malware which was used by the owners to spy on embassies, diplomats, scientific organisations and other government organisations for five years without being detected.

It is unclear who is behind this attack, and Kaspersky said there were three possible creators in his opinion. The first possibility is a nation-state, though the fact the malware was written in Russian didn't automatically mean Russia was behind the attack.

Anonymous

The second possibility would be a hacktivist group like Anonymous, who could use the sensitive data stolen to advance their operations around the globe. Finally, Kaspersky said that criminals could be behind the attack, selling the classified data to anyone from fellow criminals to governments looking for information on a neighbouring state.

However Hypponen doesn't consider this to be an act of cyber-warfare: "Spying is not war, espionage is not warfare. The fact we have a lot of online espionage - such as Red October - is not warfare, it's spying. [Cyber] warfare is targeting critical infrastructure, because our infrastructure is run by computers."

And Kaspersky believes that we are nowhere near ready to deal with the dangers that are out there. "We are very, very vulnerable. I agree with Leon Panetta, it is just a matter of time when we have the next very serious incident."

Panetta, the US defence secretary said back in October that the US faced the threat of a "cyber Pearl Harbour" and was increasingly vulnerable to foreign computer hackers who could attack the nation's power grid, transportation system, and government.

Kaspersky spoke about limiting our access to certain technologies, because we simply cannot control them. He likened the situation to that of the Zepplin and Concorde, two technologies which were discontinued because of inherent dangers in their make-up.

"Are we ready for that? Can we survive without new digital technologies? I recognise the situation as critical. We are not ready to limit [their] functionality, we cannot consume less IT, like oxygen or water."

First stages

Hypponen said that we are in the "first stages of a cyber-arms race" and we are beginning to see many other countries trying to "jump on the same bandwagon" as the US and Israel, who were behind the original cyber-weapon - Stuxnet.

Hypponen told the audience in Munich that in a similar way to nuclear scientists losing their innocence in 1945 with the bombing of Hiroshima and Nagasaki, computer scientists lost their innocence in 2009 when Stuxnet infected a Siemens PLC device in the Natanz nuclear enrichment facility in Iran.

Both Kaspersky and Hypponen agree that the next major military engagement will involve a major cyber element, and while the battle won't be completely online, it will be a major aspect of the war.

Hypponen concluded the debate with a warning: "I think we've only seen the very beginning of these problems."