New Arms Race - Sleuth Eugene Kaspersky Stresses Rush To Protect Against Cyberweapons

TEL AVIV -- In Israel, where computer hacking has become something of a national sport and young hackers are cultivated to become members of elite army technology units, Eugene Kaspersky, a world-renowned cybervirus sleuth who visited the country last week, got a very warm reception.

But Kaspersky's message was anything but cordial. He delivered a stern warning about the proliferation of cyberweapons like Flame, a mutating piece of malware that closely matches an earlier virus used to stealthily infiltrate Iran's nuclear facilities three years ago.

"I'm afraid it's just the beginning of the game, and I'm afraid it will be the end of the world as we know it," Kaspersky said during a press conference after speaking at the International CyberSecurity Conference at Tel Aviv University.

The 46-year-old Russian founder of Moscow-based Kaspersky Labs, who made headlines in recent weeks for his work in identifying and deconstructing Flame, says has nightmares of the potential for destruction that cyberweapons represent. Likening his vision of the future to the Bruce Willis action flick Die Hard 4, Kapersky worries that someday cyberterrorists will be able to hack into nuclear power plants, cellular towers or electric power grids to cause mass upheaval and destruction.

Iran accuses Israel and the U.S. of unleashing a virus similar to Flame in 2009 to sabotage its nuclear program, which Iran claims is being developed for peaceful purposes. Israel and the U.S. have denied involvement.

To a reporter's question about whether he thought Israel -- often referred to as "the startup nation" for its numerous high-tech innovations -- was part of the problem or the solution when it comes to stopping cyberthreats, Kaspersky said, "Both."

Thousands of Israeli techies swarmed the conference to hear him speak. Some were casually dressed in jeans and a T-shirt, while others were decked in full Army uniform: They were part of 8-200, the elite technology unit of the Israeli Defense Forces' Intelligence Corps.

Experts have uncovered evidence suggesting that Flame's predecessors, two viruses known as Stuxnet and Duqu, were developed as a joint American-Israeli effort to derail the Iranian nuclear program. For example, Kaspersky said that his researchers studied the working hours of Duqu's programmers and found they coincided with working hours on Jerusalem local time. They also found that Duqu's programmers were not active between sundown on Fridays and sundown on Saturdays, the time of the Jewish Sabbath and typically the weekend in Israel.

Discussions among the conference attendees about the ethics of cyberwar abounded. And although most downplayed suspicions related to their country's involvement, many said they wouldn't have a problem if indeed Israel had struck at Iranian computers.

"I think it is better to send a Trojan Horse and do something that won't hurt people instead of bombing a place," said Guy Mizrahi, 39, a military researcher who is also the founder and CEO of Cyberia, a digital security firm.

Tel Aviv University Professor Yitzhak Ben-Yisrael, an Israeli military scientist as well as chairman of the Israeli Space Agency and the National Council for Research and Development, said he believes there is a distinction between the criminal use of hacking and state-sponsored use of hacking to gather intelligence.

"States are a different story, because states are sometimes in a state of war -- like what we have between us and Iran," Ben-Yisrael said. "Iranians have declared openly that they want to destroy us. The rules are different: They allow you to do things against declared enemies."

Israeli officials have vowed to treat foreign hackers who attack their country as terrorists. That was the case of a Saudi Arabian teenage hacker who stole and posted online the names and numbers of thousands of Israeli credit cards in January. Israel has threatened retaliation, with Deputy Foreign Minister Danny Ayalon saying, without elaborating further, that the country has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action.

Israel is also pouring millions of dollars into its cyberdefenses. A recent study by Santa Clara, Calif., software security experts at McAfee, a unit of Intel Corp. (Nasdaq: INTC), rated Israel one of the three countries best equipped to withstand digital attacks.

Defense Minister Ehud Barak, who attended the conference, announced the establishment of a national cyberbureau and a 50 million shekel ($13 million) investment in cyber-related scholarships and research.

Domestic hackers are sometimes recruited to join 8-200, with many eventually moving to the private sector to start high-end technology companies.

Many hackers get their start as preteens, as was the case with Rafael Ivgi, a 26-year-old businessman from Tel Aviv, who bragged that by the time he was 12 years old he had hacked into dozens of computers. He has now started his own company, Defensia, an information security consulting firm that caters to large Israeli companies. He says Israel's strong hacker culture is a product of the environment.

"I think it is something in the state of mind, he said. We grow with all these wars around, and, like, kids get influenced by it, and they don't have weapons when they are 10 years old, so they do it digitally."

Ivgi's clients include the Bank of Israel, Israeli defense manufacturer Rafael and telecommunications firm Bezeq. He noted that Israeli companies are at a higher risk of being the victims of a hacker attack than companies in other countries.

"There are 17 countries that an Israel passport cannot go through -- that means that there are a lot of Internet-based IPs [Internet addresses] that might attack you," he said. "There is a lot of risk being an Israeli company or government-based facility."

Yati Schwartz, 18, was visiting the conference along with his classmates in an elite pre-Army program known as Atid Rosiel, in which top students are encouraged to study computer engineering at a university first before doing required military service. Schwartz said that, as part of his classes, he had analyzed Flame.

"The Israeli culture admires this way of thinking: to have good design and to build a very specific program," Schwartz said of Flame's creators. "They exploited a technique that I learned in Israel -- I was shocked to see they are using the same technique I am learning now."

Schwartz said, however, he hoped to use his hacking skills for good, not evil.

"I hate a thing like that -- to hurt someone's project, he said. "But it is interesting to learn, because this is the first step to learn how to defend your own things."