back to article Hey, govt hacker bod. Made some really nasty malware? Don't be upset if it returns to bite you

"You don't launch a cyber weapon, you share it." This was a reminder issued to RSA Conference attendees, in San Francisco on Tuesday, by two security researchers, who warned that advanced malware strains, particularly those developed by government hackers, can be captured and repurposed by cash-strapped miscreants to build a …

  1. Anonymous Coward
    Anonymous Coward

    Faster and easier

    "It's faster and easier than one might imagine to build an arsenal of cyber tools," explained Geers. "It is going to lead to complexities on the battlefield as tools get out and get repurposed"

    Especially if "Nation state actors" have developers taking malware home from the office.

    Speaking of Office, does anyone have a keygen?

    1. Chairo
      Joke

      Re: Faster and easier

      "does anyone have a keygen"

      Sure, just make sure you run it on a PC with lots of confidential information, OK?

  2. Anonymous Coward
    Boffin

    The Redemption

    Ah say a mod bod we need some anti-malware malware to take out the malware with. Converting the converted into the redeemed.

    Seems that the best way to prevent much of this mess is to throw yourself into the portal to seal it, before the demons from the void pour through. So, who opened it in the first place ?

  3. Anonymous Coward
    Anonymous Coward

    "[Dictator] hacked his own people ... using our intellectual property!"

    Kinda like what happened to that gas we delivered earlier. Don't mention this in polite company.

    Anyway, Amerika Strong, this will not stand, red lines, Raytheon gear away and I'm sure everybody agrees.

  4. Pascal Monett Silver badge

    "you have to be aware that someone might steal your tools"

    But the NSA was 100% certain their data was secure.

    Add administrative complacency to that state of mind and bingo, you have a perfect blind eye environment.

    Proper data security is hard. The NSA has demonstrated that even spooks whose job it is to be secure can still goof it up.

  5. Milton

    "Barriers to entry"

    What government cyber-agencies have been very slow to appreciate—possibly because they are, in the US particularly, run using a high proportion of military/ex-military types—is that cyber-weapons have at least one really big difference from the kind you deploy on a battelfield, and particularly in a strategic theatre of operations: the "barriers to entry" are much lower.

    I'm borrowing the BTE jargon from industry because it's a half-decent fit in this case; where in context it means "cost, difficulty and time to get into the game".

    The military mindset does not like the idea of your latest kit—say, a sophisticated fire-and-froget anti-radiation missile with loitering capability—falling into the enemy's hands, but you're also aware that it can and probably will happen, but also that no matter how much the enemy learns by dissecting your wayward ordnance, it's gonna take him months or years to build his own to the same standard. In general, you're expecting your technical advantage to win you the war before the enemy can catch up, even if the enemy understands that advantage—he can't replicate it fast enough.

    The same is demonstrably not true of cyber-weapons. I know how to build a crude fission bomb, but even if I had some enriched uranium or plutonium in the cupboard, it would still be very hard to build a functioning, deployable weapon, especially without kiling myself in the process. Whereas, given a few gigabytes of NSA tools on a disk, I could within days start repurposing it for cunning plans and clever tricks. (If, that is, I was the kind of selfish, greedy, useless, parasitic sack of reeking shyte that writes malware. If anyone reading this is insulted by those words: oh, good.)

    In short, cyber-weapons are actually a lot more like germ warheads than conventional explosives. You deploy one today, there's every chance it'll be killing people on your own doorstep next week.

    I suspect that NSA in particular has been slow, no doubt fulled by some arrogance, in really understanding the dangers of this particular genie. You can be as clever as you like (yet rarely as clever as you think you are, hm?) and still, your lovingly crafted genie, once out of the bottle, is also out of your control.

    1. Anonymous Coward
      Thumb Up

      Re: "Barriers to entry"

      There's something biblical about "fire and froget".

      Have an upvote, not for the typos but for the thesis and asides. Even if the post lacks the virtue of brevity.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like