Anton Chuvakin

A member of the Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Coverage Areas:

On Stuxnet Revelations

by Anton Chuvakin  |  June 4, 2012  |  4 Comments

Yes, pretty much everybody in the industry said “duh!” when it was revealed (well, “semi-officially”) that USA and Israel are behind the Stuxnet code.

However, if you think about it, there are some interesting implications of this:

  1. What do you call “malware” working for the good guys? “Attack software”? “Sabotage-ware”? “Good malware”? We need a whole new language to describe what we are seeing now. This is  "one man’s terrorist is another man’s freedom fighter" all over again…
  2. “Malware” (with the above caveat) developer is now a legitimate occupation that you can put on your resume. Example: “2006-2007: developed ‘attack software’ for XYZ government”
  3. An attack launched by one state’s military/intelligence against another state using “malware” is a reality. This is probably not cybercrime? (well, just like spying, this actually looks like crime to the victim – as was pointed out to me, spying is often prosecuted in civilian courts and thus can be seen as a special kind of a crime, despite that a foreign government is  behind it). This is not “cyber-terrorism.” Is this cyber-sabotage? Is it cyber-warfare after all? I have to  grudgingly agree that it might be. Then again, warfare has many forms already, even without tossing “cyber” in the mix.
  4. Also, state-developed “malware” used against other states raises interesting questions regarding malware defenses. Such software needs to hide from AV defenses, just like it criminal brethren  which leads to the situation described back in 2007: if you have a 0-day (or a novel malware hiding tech), you can choose to defend against it OR attack others with it, but likely not both.
  5. This is (to the best of my knowledge) the first example of technology invented by criminals (well, sort of – science fiction authors first described “malware”) and then adopted for legitimate military purposes  that happened in modern times.

Any other thoughts?

If not, all I can say is “we live in interesting times”!

4 Comments »

Category: philosophy security     Tags:

4 responses so far ↓

  • 1 Jeff Pettorino   June 4, 2012 at 8:36 pm

    The pundits are taking to their pews…
    https://plus.google.com/u/0/107784341204503092865/posts/67eXHFCZh6p

  • 2 Anton Chuvakin   June 5, 2012 at 12:11 am

    Jeff, thanks for the comment – and of course the link.

    \Pundits of the world, unite..ehh..head to the pews!!\ :-)

  • 3 James   June 5, 2012 at 7:24 pm

    This reminds me of back in the early 90’s when you mentioned hacking it was a bad thing (even if ethical). Now ethical hacking is acceptable and a desired skill. Just like the Crusades back in time, it is more about the eithics and morals of the time.

  • 4 Anton Chuvakin   June 5, 2012 at 7:34 pm

    Thanks for a great comment. However, I bet nobody expected “malware” development to become respectable any time soon ….and suddenly, in one centrifuge turn :-), it is.