Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Government Security The Military Your Rights Online

Kaspersky Calls For Cyber Weapons Convention 166

Posted by Unknown Lamer
from the weapons-grade-software-strikes-back dept.
judgecorp writes with a synopsis of talk given by Kaspersky at CeBit "Cyber weapons are so dangerous, they should be limited by a treaty like those restricting chemical and nuclear arms, Russian security expert Eugene Kaspersky has told a conference. He also warned that online voting was essential or democracy will die out in 20 years."
This discussion has been archived. No new comments can be posted.

Kaspersky Calls For Cyber Weapons Convention

Comments Filter:
  • by Anonymous Coward on Tuesday May 22, 2012 @11:21AM (#40077501)

    Just because I buy Kaspersky's anti-virus doesn't mean I support what that man stands for.

  • Online voting (Score:4, Insightful)

    by Anonymous Coward on Tuesday May 22, 2012 @11:26AM (#40077543)

    Online voting is a single biggest threat to democracy. If 20 years from now "manual" voting will become obsolete, and only online voting remains, no one will be able to tell, whether the results are authentic or not. The one who pays most to the guys administering the DB server is going to be the winner. And everything will look legit, without any proof and without anything that inspectors could do about it.

    • Re:Online voting (Score:5, Insightful)

      by Hatta (162192) on Tuesday May 22, 2012 @11:28AM (#40077577) Journal

      And Kaspersky stands to earn a lot from security theatre should electronic voting be widely adopted.

      • Re: (Score:3, Interesting)

        by slashmydots (2189826)
        Exactly! Every manufacturer assures their customers that their protection software is 100% perfect and bulletproof in every way when in fact, it would probably heuristically detect my write in candidate as a virus and delete my social security number from the entire government.
        What exactly happened to literal electronic voting? You don't need a processor, memory, storage, an OS, code, and all that other crap to count freaking numbers. You ever try to hack into and change the results of a free calculator
        • Re:Online voting (Score:4, Insightful)

          by markkezner (1209776) on Tuesday May 22, 2012 @12:35PM (#40078359)

          If you magically make the voting machines 100% secure, attackers will target the infrastructure that transmits, stores, and counts the votes.

    • Re:Online voting (Score:5, Insightful)

      by Opportunist (166417) on Tuesday May 22, 2012 @11:33AM (#40077647)

      I usually hold Eugene in some high esteem, but this time he is dangerously wrong. Considering just how insecure the average user is and how likely it is that his machine is infected, online voting is one of the biggest threats to real democracy that we face today, right after voting machines.

      So far, infecting machines has only been a threat due to criminals wanting to infect those machines. Now, this by itself, is already dangerous. But it's minimal considering the possibilities for crooked regimes that like to put a democracy show on.

      Governments are already creating "government trojans". For reference, search for the infamous "Bundestrojaner" the Germans tried to put into place. So far, AV makers "may" at least find criminal trojans, but can we assume they still may if the trojans are made by the government? Can we see a crooked government create a trojan and infect the machines of their subjects with the express intention to manipulate the way they vote? Can we even see them making those trojans mandatory in the name of "security" (of course, without the stated intention of manipulating votes, but just to have a government backdoor "for security reasons")?

      And even if all of that is nothing but a crazy conspiracy theory, how likely would it be that some populist oppositions try to spin it and destabilize governments based on this "theory" and create doubt in the legitimacy of governments?

      Please, Eugene, reconsider.

      • by Hentes (2461350)

        Online voting could be made secure, assuming that political will actually wants a secure system.

        • Security isn't the issue. The problem is that electronic records are easy to manipulate. Electronic voting has a wide potential for abuse. I believe laws should be passed to ban electronic voting and the electronic tallying of paper ballots. I realize this isn't convenient, but paper does make it much easier to prove election fraud and gives a better account of what really happened in an election. There are plenty of people who believe that the 2008 elections and the current 2012 Republican primaries show e
          • by Hentes (2461350)

            But if you don't trust the humans operating the machines then why do you trust the humans counting the votes in a paper-based election? The human factor in online voting would be smaller. Also, in electronic voting there are methods to bring verifiability [wikipedia.org] to the vote. I didn't say that current voting systems are secure, in fact they have been proven otherwise a number of times. I just didn't rule out the possibility of developing a secure one.

            • Sure, they can be made "secure", I didn't mean to imply they couldn't be, I was just pointing out that security isn't the problem. I appreciate the link to the Three Ballot systems entry, but even that article mentions the usability problems and doesn't address how it would be used electronically. It's a great concept, but impractical given the fact that in 2004 we had a wide spread problem with people getting just one ballot right. I would also like to point out that I don't have any problem with the peopl
              • by Hentes (2461350)

                Another advantage of electronic voting is that client-side programs can make the whole process easier. Online voting doesn't need specialized machine for the counting, and of course any system should be thoroughly tested by whitehats before use. We should use paper until digital voting is absolutely secure: unlike you, I'm pretty sure that parties exploit any opportunity they get to gain advantage.

                • unlike you, I'm pretty sure that parties exploit any opportunity they get to gain advantage.

                  What makes you think I don't believe parties will exploit any opportunity they get? I didn't say that. What I said was electronic voting has a great chance of fraud and the potential for abuse. It makes me wonder if you even read my comments. I'm all in favor of having a discussion on the topic, but please refrain from putting words in my mouth or jumping to conclusions.

                  Election fraud and vote fraud occur rather often around the world, with paper ballots. Electronic voting simply has a higher margin of fr

            • by amorsen (7485)

              But if you don't trust the humans operating the machines then why do you trust the humans counting the votes in a paper-based election?

              Because I can volunteer to do it myself. Even if some are corrupt, they would only be able to move a few votes each, and it would be difficult to do undetected. If there was suspicion of fraud in one election, a lot of people would volunteer in the next.

              • by Hentes (2461350)

                The counting machines could also be operated by similar committees.

                • by amorsen (7485)

                  Yes, but that only solves a tiny part of the problem. The machines themselves could be compromised or buggy, and I cannot verify that. Volunteering to be next to the machine does not help anything.

            • by F.Ultra (1673484)
              I don't know how it's done where you live but over here (Sweden) all the manual handling is performed by members from opposing parties so they will each monitor each other so to speak, and I as a citizen has every right to remain during the whole process and thus become an observer. Crashing that system would require quite a large amount of resources.
              It's not that mistakes and fraud doesn't happen with the current system, but the thing is that each such attempt has always been detected and reported due to
        • by amorsen (7485)

          Online voting could be made secure, assuming that political will actually wants a secure system.

          How do you know it was done securely? How will you verify it?

          Unless you give up on secrecy, in which case it becomes a lot easier.

          • by Hentes (2461350)

            Exactly, any secure voting system has to be totally open. Which is why it shouldn't be developed by private companies.

            • by amorsen (7485)

              Exactly, any secure voting system has to be totally open.

              Are you sure that you want votes to be public record? I promise you, some employers will use past voting records when making decisions about who to employ.

              • by Hentes (2461350)

                I did not say the votes should be public, what I did say is that the system should be open source.

                • by amorsen (7485)

                  Doesn't work. You can't prove that the client computers and the servers run precisely the software you have reviewed and nothing else.

        • No, you cannot. And I'm not even talking about verification of results, which is trivial in a paper ballot (here's the slips, count your heart out) but requires very special skill in a computer controlled environment, and even then there is no certainty.

          Even assuming we're dealing with flawless, impartial servers (which is a problem all by itself), how do you want to make certain that the information you get from the user's computer is actually the information the user typed in? A nice little trojan I analy

      • The online voting part is especially troubling. With paper votes, anybody can see a paper ballot, understand who the vote was for, and tally up the votes. They can even be clever and just weight the ballots, if they can't count very high.

        But with online voting? Whoever controls the servers, controls the voting. And there is absolutely NOTHING that can be done to fix that issue. Not only will electoral fraud be trivial, it will be impossible to prove that no electoral fraud took place. Secure the servers? Th

        • by F.Ultra (1673484)
          To add to your list of problems, consider what would happen in families with a controlling spouse and online voting! And what would stop your employer from telling you how to vote if you want to keep your job and with online voting he's even able to see that you voted as he told you.
          Not to mention vote buying, with todays system you cannot buy votes since you cannot verify that they actually voted the way they told you, with online voting you can check yourself and thus this will enable large scale vote bu
        • With paper votes, anybody can see a paper ballot, understand who the vote was for, and tally up the votes.

          Uumh ... no. Only if you restrict the voting to a simple list of choices and allow one only one option to be picked. There are more advanced voting schemes, giving voters more power over the list (of candidates picked by parties). In Germany for example community elections in some states allow "Kumulieren" (cumulate) and "Panaschieren" (cross-voting) along with "Streichen" (scraping). See this ballot ( [flensburg-online.de]

    • Hmm. How about encrypted ballots? You get an encrypted value (upong voting) which, if you and your friends are bothered that there has been some voting irregularities, can be used to decrypt the actual vote. And each one is unique.

      • by amorsen (7485)

        That means you can sell your vote and prove who you voted for. In the past it was common in some countries for employers to demand that their employees vote "appropriately", and the same can happen today with spouses.

        You can defeat that by letting people vote several times with only one of the votes actually counting (so you can prove to your spouse that you voted for Kodos while you actually changed the vote to Kang). However, if you do that, you cannot then use the tokens to prove that the counting was fr

        • by F.Ultra (1673484)
          And with voting-several-times, I would of course force you to sell me your credentials so my minions can perform the online voting instead of you. So that is no real protection either.
          • by amorsen (7485)

            So that is no real protection either.

            It kind of is, because you could engage in vote sniping right before the election closes... Of course that would require CAPTCHA or the bad guys would automate it and always win.

            • by F.Ultra (1673484)
              I could have a requirement that I would only buy your credentials if the envelope is still sealed so that I know that you haven't gotten a copy :)
    • I do not agree with Kaspersky's vision of online elections. As you said: a paper ballot does the job just fine and prevents a lot of the problems any other means of voting raises.

      There are other types of "votings" besides elections, though. Some of which are in place already (citizens' decision), some of which are not feasable now because of the time/money needed to do them the "old-fashioned" way. I'll just make one up on the fly: vote for/against single positions in the proposed budget of your community.

  • by Hentes (2461350) on Tuesday May 22, 2012 @11:26AM (#40077547)

    FUD was always good for the AV market.

  • Treaties always work. Never has a country ignored a treaty to accomplish some sort of nefarious goal. You'd think the Russians would have learned their lesson in 1942.
  • Die out in 20 years? (Score:4, Interesting)

    by wjousts (1529427) on Tuesday May 22, 2012 @11:29AM (#40077587)
    The guy must be an optimist. After Citizens United, most of us concluded that democracy was already dead.
    • Re: (Score:2, Insightful)

      by Kenja (541830)
      Citizens United only effects the United States of America, which was never a democracy. We are, and always have been, a democratic republic.
      • by Anonymous Coward on Tuesday May 22, 2012 @11:33AM (#40077649)

        Actually, that's what the US used to be. Now it's an oligarchic empire play-acting as a democratic republic.

        • by Baloroth (2370816)
          No, it's still a democratic republic, it's just a democratic republic where a significant number of the population watches Jersey Shore and similar shit. Not hard to manipulate that.
          • by cpu6502 (1960974)

            >>>Not hard to manipulate that.

            As Bush, Obama, and now Romney have shown. I can't believe we got such lousy anti-Bill of Rights, pro-killing, pro-debt spending people in a row. The only explanation is that the De'mos (the People) are easily manipulated. Maybe the Founders were correct in NOT having the president chosen by a direct vote... maybe the job really should be left to the Electoral congress (chusen by the States) or the U.S. Congress (parliamentary style).

          • by perpenso (1613749)

            No, it's still a democratic republic ...

            Actually I think it is a constitutional republic. Representative not democratic in nature.

            • by Baloroth (2370816)
              Republic already implies representative rather than direct democracy. It is democratic because the leaders are elected by vote. I suppose you could call it a "constitutional democratic republic." But it depends a lot on exactly how you define your terms ("republic" doesn't have a precise universal definition).
    • The guy must be an optimist. After Citizens United, most of us concluded that democracy was already dead.

      Citizens United is about speech not votes. You can ignore speech. For example there is no amount of TV ads that Newt Gingrich could have run to convince someone significantly left of center to vote for him. Another example, BP can run many millions of dollars worth of "green" TV commercials and very few will be convinced that they are an environmentally friendly company.

      It is still one person one vote. The only threat to democracy is complacency.

      • by cpu6502 (1960974)

        Naive'. The politicians then "pay back" the corporations that funded them during the campaign. Example: Obama paying back his insurance company donors by giving them ~50 million new customers (via the mandated purchase). Example 2: Bush giving his defense corporate donors a massive war. Example 3: Giving bailouts to financial corporations that gave donations. Example 4: Rewarding Hollywood corporations by signing ACTA, installing a copyright czar, and pushing for SOPA/CISPA passage.

        Citizens United is

        • by perpenso (1613749)
          You examples are flawed. For example the financial firms gave to both sides. Eventually the bailout was supported by both parties. There was eventually a genuine fear of economic collapse. To say the bailouts were merely political payback is quite revisionist. Similarly it is a stretch to say the health care mandate was merely payback. There were many legitimate concerns regarding a public option and a mandate was a practical alternative.

          Citizens United (CU) actually has little effect. Keep in mind that
          • by cpu6502 (1960974)

            >>>For example the financial firms gave to both sides.

            Doesn't change my point that corporations expect to be repaid by the Congressmen or presidents in the form of favorable legislation.

            >>>"corporations are people" thing was pure spin, the court never said that

            You couldn't be more wrong. They did say that, back in a case of the 1890s, and that precedent of treating a corporation as a person has been carried forward ever since.

            And as for whether corporations should have a right to speak?

            • by perpenso (1613749)

              >>>"corporations are people" thing was pure spin, the court never said that

              You couldn't be more wrong. They did say that, back in a case of the 1890s, ...

              I was referring to the Citizen United decision. I actually read/skimmed through it at the time. It said two things. Groups of people have the same rights as individuals, groups may be corporations, trade unions, special interest groups, etc. A media corporation has no special rights or privileges with respect to speech, TV Network Inc has no more right to political speech and opinions than Widget Maker Inc.

              Have your read that 1890s decision? I suspect you are repeating someone else interpretation/spin.

              ... and that precedent of treating a corporation as a person has been carried forward ever since.

              S

        • by lgw (121541)

          But you simply can't prevent an organization (incorporated or otherwise) from advertizing in favor of a candidate they like without directly destroying free speech. The problem is that advertizing spending swings too many votes. Allowing groups of people to advocate their political position is a fundamental right, not a problem.

          • by cpu6502 (1960974)

            >>>But you simply can't prevent an organization (incorporated or otherwise) from advertizing in favor of a candidate they like without directly destroying free speech.
            >>>

            Individuals have rights. Individual humans. Not dogs. Or trees. Or rock. Or buildings. Or corporations (which are government creations, not naturally occuring in nature). And yes a group of individuals CAN still speak..... as individuals. For example nobody is denying the right of the ~100,000 GM employees from sp

            • by lgw (121541)

              But where do you draw the line? Seriously - stop me when you think it's not OK any more:

              Me and my friends are concerned about X, and so want peaceably to assemble, and to petition the government for a redress of grievances related to X.

              We're just a few, but we figure there are many who share our concerns about X, and so we want to get the word out. We pool our resources to buy a printing press (we incorporate as part of this, just to keep it clear what money we've devoted to this project vs normal persona

  • I hope they will be! (Score:4, Interesting)

    by delphi125 (544730) on Tuesday May 22, 2012 @11:37AM (#40077707)

    "conventional modes of democracy could be extinct within two decades"

    At present "conventional democracy" has a vote every 4-5 years (perhaps with mid-term or local elections halfway) in which your bit of information (if that!) ends upo with a single bit of who leads for the next 4-5 years, during which politicians tend to drop their campaign promises.

    Internet technology allows for finer-tuned democracy, yes, but if anything "election day" should be an annual day on which everybody does physically go to the polls and cast a secret ballot. Because although technology does allow secrecy (not necessary for all votes, but essential for some), the risk of back doors will always be greater than when a simpler and less technological procedure is used.

    I'm in my forties now and want to be able to vote issues, not parties. I'd also like to be able to vote for individuals who have proven leadership qualities without them being beholden to a party. Not that I could vote Perot - being European - nor that I would want his finger on the button anymore than anybody else, and at least Obama comes across as somewhat statesmanlike even if his mantra of "Change" never really happened, but you should see the bunch of twits in Europe nowadays (on all sides of the political spectrum).

    Almost as if we are forgetting what populism brought in the 1930s.

    • by cpu6502 (1960974)

      We have more "democracy" over corporations than we do over our own government. Every dollar we cast is another vote for a business we like (and not casting dollars == driving the business out of the market; like we did with Circuit Shitty).

    • by perpenso (1613749) on Tuesday May 22, 2012 @12:43PM (#40078463)

      ... want to be able to vote issues ...

      You intentions are good but I think the wisdom of the founding fathers wins on this point. Direct democracy voting on issues is not the panacea one might think. For example look at California and its propositions system, it is largely what you are asking for and some really bad/dumb stuff gets passed.

      The flaw in your plan, and a flaw the founding fathers presumably were expecting, is that direct democracy assumes a well informed electorate that seriously contemplates the issues and votes for the common good rather than self interest.

  • by Ellis D. Tripp (755736) on Tuesday May 22, 2012 @11:41AM (#40077741) Homepage

    Would he suggest regulating programming languages, compilers, etc. as "cyber weapons precursors"? After all, certain chemicals and nuclear materials are strictly watched because they can be used to create chemical or nuclear weapons, right?

  • I know it sounds crazy, but just think, if we all vote online, we can all keep track of our votes. We can see what/who we voted for, and have the option to publicly announce it online. If we think someone has been fudging the numbers, a re-count could be a simple has checking your email, and verifying how you voted. I would think that it would be easier for computer geeks to catch problems if something doesn't look right. When I vote on paper, I never see that ballet again. Who knows what happens to it, pr
    • by Nyder (754090)

      I know it sounds crazy, but just think, if we all vote online, we can all keep track of our votes. We can see what/who we voted for, and have the option to publicly announce it online. If we think someone has been fudging the numbers, a re-count could be a simple has checking your email, and verifying how you voted. I would think that it would be easier for computer geeks to catch problems if something doesn't look right.

      When I vote on paper, I never see that ballet again. Who knows what happens to it, probably gets trashed.

      Voting is private, what you are suggesting isn't really private.

  • More democracy Mr. Kaspersky? Okay. Keep the representatives, allowing them to craft laws and write bills, but when it's time for the "ayes and nays" have the reps stand-aside and submit the bill to the People for a direct referendum.

    Also keep the Senate as is (a house representing the 50 Member States). If we had such a system the TARP Bailout Bill never would have passed the House, and 1 trillion not transferred to the top 0.1% as corporate welfare.

     

  • by Marrow (195242) on Tuesday May 22, 2012 @11:55AM (#40077889)

    1. You get a print-out of your vote.
    2. You can optionally get a print-out that says whatever you want in case you are under duress.
    3. There is a picture record of who voted for your ID in case of a question of voter fraud.
    4. The machines are already everywhere, wired and secure enough to handle money.
    5. You dont have to congregate at a place away from your work.
    6. Your vote is filed under a random number, so you can call your vote back up if you are concerned about tampering
    Im sure threre are other good reasons

  • ...steal cars.

    Clearly we need stronger legal controls.

  • by Anonymous Coward on Tuesday May 22, 2012 @12:13PM (#40078103)

    No.

    NO NO NO NO NO NO NO.

    Mr. Kapersky obviously has no idea just how oppressive and invasive most governments are willing to be when enforcing WEAPONS laws. The American BATF is currently being investigated for a false-flag gun-smuggling conspiracy meant to justify a huge increase in their power and authority. Lots of European weapons regulatory agencies are even more ruthless.

    He does NOT want that camel's nose under the tent with anything having to do with programming or software development. There is nowhere for that to go but downwards.

  • by TheCarp (96830) <sjc AT carpanet DOT net> on Tuesday May 22, 2012 @12:18PM (#40078157) Homepage

    Its high time for such a conference. Not only do I support it, I fully support locking the doors and setting fire to the building about 15 minutes into the keynote address.

    If there is anything we don't need more of, its more dead weight profiteer warmongers who do nothing more than invent bogeymen to protect us from, and expect us all to thank them and pay for it.

  • From the article:

    He warned Cebit delegates that unless young citizens were provided with safe and reliable ways to vote online, democracy as we know it could be dead within 20 years. People would expect biometric, cryptographic online identification verification that was 100 per cent secure in order to vote online.

    Without that he said that without that conventional modes of democracy could be extinct within two decades as the younger generation would not vote in a conventional physical polling booth, which could lead to âoevery serious conflict between the generations.â

    Really young'uns won't show up to the ye olde fashioned polling boothe? And his evidence for this is.. what exactly? The Arab Spring, where polling booths ..... didn't work... correctly?

    He recommends biometrics.. what biometrics exactly? Surely not this:

    http://blogs.technet.com/b/steriley/archive/2006/09/20/457845.aspx [technet.com]

  • by rickb928 (945187) on Tuesday May 22, 2012 @12:32PM (#40078319) Homepage Journal

    There are, essentiually, two options for social networking sites:

    1. Total freedom.
    2. Censorship and/or denial.

    No middle ground. But then this is freedom. You are either free, or you are not. No middle ground. Freedom in some things does not change the lack of freedom in others.

    Crap, now I sound like a Libertarian. I hate that.

  • by PPH (736903) on Tuesday May 22, 2012 @12:38PM (#40078391)
    1. 1. Kaspersky testifies about threat of cyber weapons.
    2. 2. People rush to install Kaspersky s/w.
    3. 3. Kaspersky calls for switch to on-line voting.
    4. 4. Kaspersky elected King of the World!
    5. 5. ??????
    6. 6. Profit!
  • Treaty are between nations. Any individual, or group of individuals, in any or several parts of the world, can make a "cyberweapon", no expensive or controllable resources needed to build something that could qualify as such. And for them to believe that they control that means handling them in a silver plate the privacy and basically freedom, of everyone and every organization in any part of the world, except the prepared enough individuals that could do that "weapons".

    In the other hand, nations already s

  • Am I the only person who can't see the logic in either of these statements?
  • by Paul Fernhout (109597) on Tuesday May 22, 2012 @07:06PM (#40082131) Homepage

    ...because the same technologies of computing could be used to create material abundance for all so there would be little reason to fight (like by sharing knowledge or collaborating online to build open robotics and advanced manufacturing systems). http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html [pdfernhout.net]

  • by anwyn (266338) on Tuesday May 22, 2012 @08:05PM (#40082473)
    When international cyber arms are outlawed, only international cyber outlaws will have arms. In many countries, private cyber arms have already been outlawed. How is that working out? .....

    Cyber arms are invisible. You don't have to dig for uranium or run a cyclotron.

    If such a treaty were signed, some counties would continue to use them, almost certainly using untraceable and denyable sub-contractors.

    Therefore, no country with half a brain would sign such a treaty, with intent to obey it.

I don't have any use for bodyguards, but I do have a specific use for two highly trained certified public accountants. -- Elvis Presley

Working...