When Eugene Kaspersky, the founder of Europe’s largest antivirus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could createHe also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the United States and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the Internet.
“Cyberweapons are the most dangerous innovation of this century,” he told a gathering of technology company executives, called the CeBIT conference, last month in Sydney, Australia. While the United States and Israel are using the weapons to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defenses.Computer security companies have for years used their discovery of a new virus or worm to call attention to themselves and win more business from companies seeking computer protection. Mr. Kaspersky, a Russian computer security expert, and his company, Kaspersky Lab, are no different in that regard. But he is also using his company’s integral role in exposing or decrypting three computer viruses apparently intended to slow or halt Iran’s nuclear program to argue for an international treaty banning computer warfare.
A growing array of nations and other entities are using online weapons, he says, because they are “thousands of times cheaper” than conventional armaments.While antivirus companies might catch some, he says, only an international treaty that would ban militaries and spy agencies from making viruses will truly solve the problem.The wide disclosure of the details of the Flame virus by Kaspersky Lab also seems intended to promote the Russian call for a ban on cyberweapons like those that blocked poison gas or expanding bullets from the armies of major nations and other entities.And that puts the Russian company in a difficult position because it already faces suspicions that it is tied to the Russian government, accusations Mr. Kaspersky has constantly denied as he has built his business.While Russian officials have not commented on the discovery of Flame, the Russian minister of telecommunications gave a speech, also in May, calling for an international cyberweapon ban. Russia has also pushed for a bilateral treaty with the United States.
The United States has agreed to discuss such a disarmament treaty with the Russians, but has also tried to encourage Russia to prosecute online crime, which flourishes in this country.The United States has long objected to the Russian crusade for an online arms control ban. “There is no broad international support for a cyberweapon ban,” says James A. Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. “This is a global diplomatic ploy by the Russians to take down a perceived area of U.S. military advantage.”Russia, many security experts note, has been accused of using cyberwarfare in disputes with Estonia and wars in Georgia.Mr. Kaspersky said that at no point did he cooperate with the Federal Security Agency, the successor agency to the K.G.B., as the Flame virus was not a threat to Russian citizens.
Kaspersky Lab, he said, felt justified exposing the Flame virus because the company was working under the auspices of a United Nations agency. But the company has been noticeably silent on viruses perpetrated in its own backyard, where Russian-speaking criminal syndicates controlled a third of the estimated $12 billion global cybercrime market last year, according to the Russian security firm Group-IB.Some say there is good reason. “He’s got family,” said Sean Sullivan, an adviser at F-Secure, a computer security firm in Helsinki. “I wouldn’t expect them to be the most aggressive about publicizing threats in their neighborhood for fear those neighbors would retaliate.”Last year, Mr. Kaspersky’s 19-year-old son was kidnapped by criminals demanding a ransom. The kidnappers did not appear to have ties to any of Russia’s online criminal syndicates, but Mr. Sullivan says, “It was probably a wake-up call.”
Some computer security firms say Mr. Kaspersky’s researchers have hyped Flame. It is too early, his critics say, to call the virus a “cyberweapon” and to suggest it was sponsored by a state.Joe Jaroch, a vice president at Webroot, an antivirus maker, says he first encountered a sample of Flame in 2007. He says he did not publicize the discovery because he did not consider the code sophisticated. “There are many more dangerous viruses out there,” he said. “I would be shocked if this was the work of a nation state.”Mr. Sullivan, from F-Secure, said: “It’s interesting and complex, but not sleek and stealthy. It could be the work of a military contractor — Northrop Grumman, Lockheed Martin, Raytheon and other contractors are developing programs like these for different intelligence services. To call it a cyberweapon says more about Kaspersky’s cold war mentality than anything else. It has to be taken with a grain of salt.”