Experts Warn Against Developing Cyber Weapons

Wednesday, January 04, 2012



The Daily Yomiuri recently reported that the Japanese Defense Ministry is working with private contractor Fujitsu on developing malware capable of tracking and disabling the source of cyber attacks.

The cyber weapon is reported to have been in development since 2008 and is currently being tested on closed systems. The designer malware is reported to have had a great deal of success in combating distributed denial of service (DDoS) attacks, according to unnamed sources.

"The most distinctive feature of the new virus is its ability to trace cyber-attack sources. It can identify not only the immediate source of attack, but also all "springboard" computers used to transmit the virus. The virus also has the ability to disable the attacking program and collect relevant information. Test runs in closed networks have helped the ministry to confirm the cyberweapon's functionality and compile data on cyber-attack patterns," The Daily Yomiuri stated.

While Japanese law prohibits the use of offensive cyber weapons, the Defense Ministry is looking into the possibility that future legislation may allow for the use of these kinds of methodologies to protect critical systems.

Other countries closely aligned with Japan, such as the United States, have no prohibitions on the use of offensive cyber capabilities, though it is not known whether Japan is planning on sharing the technology once it is fully developed.

Since the initial reports surfaced, several security experts have leveled serious warnings against the pursuit of advanced cyber offensive technology.

Infosec Island contributor Jeff Bardin, chief security strategist for consultancy  Treadstone 71, likened the news to an intensification of an already expanding cyber arms race.

“The Japanese model represents a communicated and demonstrated increase in virtual arms escalation. It ups the ante to a new level that may not be sustainable, especially when -- not if -- the code for the 'good' virus gets out," Bardin told FoxNews.

Aside from an escalation of aggressions, Sophos' Graham Cluley listed out several reasons why he believes the development of a self-propagating cyber weapon is a bad idea - mainly that there is little in the way of controls that can be built in.

Cluley states:

  • Even a "good" virus uses system resources such as disk space, memory and CPU time. On a critical system a "good" virus could cause unexpected side effects.
  • What you do on your PC is your business, but I want a say on what programs run on mine. An out-of-control "good" virus could spread randomly or unexpectedly from machine to machine, meaning it may be hard to contain.
  • Should anti-virus software be updated to protect against the "good" viruses as well as the regular viruses, for those who want to decide what runs on their computers and what doesn't?
  • A "good" virus may trigger false positives from security software, costing time and money as IT departments respond to the alerts.
  • All programs, including viruses, contain bugs that can have unintended and damaging consequences. If your "good virus" needs an urgent bugfix, would you release *another* virus to try and catch it up?

Like many things that are produced with the best of intentions, from genetically modified food crops to the ever-less improbable artificial intelligence (think Terminator), human brilliance is most limited in our ability to foresee the impact of our endeavors.

“The most virulent... virtual arms will not be used unless there is either an all out cyberwar raging -- or someone wishes to start one,” Bardin concludes.

Possibly Related Articles:
malware Military Cyberwar Headlines Cyber Offense Cyber Defense Japan Cyber Arms Race cyber weapon Jeff Bardin Graham Cluley
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.