One of the leading experts in cybersecurity, now CEO of Withsecure, tells his point of view on the present and on the risks that go through our time.
Posted on 28 June 2022 by Redazione
Among the world's leading experts in computer science and cybersecurity is mikko Hyppönen, speaker at numerous international conferences and lectures from the most prestigious universities, such as Stanford, Oxford and Cambridge. So authoritative that in 2016 he drafted a law on the security of the Internet of Things that bears his name, and that reads broadly like this: if an appliance is described as smart, then it is vulnerable. Today, after thirty years of career in computer science, he is at the helm of Withsecure, a Finnish company born from the ashes of F-Secure.
In this article Elena Vaciago, curator of The Innovation Group's blog dedicated to cybersecurity, tells us about Mikko Hypponen's vision of a world today shaken by profound transformations and the role that cybersecurity itself can play to positively address change. Happy reading!
Mikko Hypponen. Technology is not neutral
• June 26th, 2022
• Cyber Risk, Interviews with experts
The opportunity to meet in Milan Mikko Hypponen, Chief Research Officer of WithSecure, one of the world's leading experts in cybersecurity, is to understand what are the major concerns of those who every day set themselves the goal of increasing the defense of IT infrastructures from the increasingly advanced attacks of hackers. For Mikko Hypponen the biggest problem is the direction that some technological developments are taking, because (taking his words verbatim) "once something is invented it is impossible to go back", and some inventions born for positive purposes, have then become a daily tool for highly dangerous illegal activities.
Born in Finland in 1969, at F-Secure since 1991, Mikko Hypponen is a world-renowned cybersecurity expert. TED speaker, he has participated in the most important conferences dedicated to security in the world and has written for the New York Times, Scientific American and Wired. He is often invited as an expert on cybersecurity issues in international television broadcasts, he has lectured at the universities of Stanford, Oxford and Cambridge. In addition, Mikko has been named one of the top 50 people on the web by PC World Magazine and the FP Global 100 Thinkers list.
"In my 31-year career, I've been able to see how the world has changed," said Mikko Hypponen . My generation will be remembered in history as the first to go online. And we were also the first to be able to testify not only to the benefits but also to the problems generated by the network: the crimes, the risks and the death of privacy. For everything, you can see both the advantages and the downside."
Global connectivity, for example, has allowed minorities, who would otherwise have continued to live in isolation, to connect via social networks to communities with the same interests. On the other hand, criminals or terrorists could also use the network to find tools and people on the Internet in order to carry out any crime.
Technology is not neutral
"Technology is not neutral: it is a mistake to think so – underlines Mikko Hypponen -. This is demonstrated by the fact that there are tools that have a predominantly harmful use. On the Tor network, for example, you can publish Hidden Services, sites that cannot be identified. Ideal for everything that is illegal, because while with a site . com or . normal en, the server on which the site resides is easily accessible, as well as its hosting provider, and can be turned off, if you use Tor, there is no way to locate the site to remove the information it contains. Initially born to promote freedom of speech, the Tor anonymization technology today has a largely criminal use, that is, it is used to resell illegal content, weapons, drugs".
The same goes for some cryptocurrencies: if Bitcoins are mainly used by common investors, digital currencies such as Monero are perfect for cyber crime. According to a recent study by blockchain analytics firm CipherTrace ("Current Trends in Ransomware"), Monero (XMR) ransom payment demands have increased in 2021 . There are at least 22 strains of ransomware (from an incomplete list of more than 50) to accept only payments in Monero, while another 7 accept both Monero and Bitcoin (if Bitcoins are used for payments, being easily traceable, there is however an extra cost that varies from 10 to 20%). Monero is preferred by those who demand ransoms as it is a cryptocurrency that privileges privacy and prevents the tracking of transactions. In countries such as the UK and Japan, Monero and other cryptocurrencies such as Dash (DASH) and Zcash (ZEC), have been eliminated from some exchanges.
How technology is changing the world
"Technology is transforming our society, at ever-increasing speeds," added Mikko Hypponen . Because we live in this revolution, we have a hard time seeing its extent. A few years ago I coined a new definition for cybergang: from a point of view of the capabilities and resources they have reached, they have become Unicorn companies, tech startups that grow daily in terms of people and funds available. Moreover, they get paid in cryptocurrencies, which in recent years have increased their value, thus enriching these criminals even more".
So what about the use of spyware like Pegasus, a software from the Israeli company NSO accused of selling it to authoritarian governments that use it to spy on activists and journalists?
"From the point of view of those who deal with security, the fact that this software, a hacking tool for smartphones, has a price around 200 thousand euros, means that the current verification mechanism of the apps to be installed – especially for iPhone, as Android phones are already more open – works well. For PCs hacking tools are available for free in large quantities!", This is to say that, in theory, any of us can be spied on, but if the cost is very high, only some will be (ministers, activists, journalists ...), and we will have reasonably safe technology at our disposal.
Mikko Hypponen: what has changed with the war in Ukraine
"Today there is a new fact – commented Hypponen -. We have never seen the participation of Western tech companies participate in the defense of a country. For example, Microsoft and Google have been present in Ukraine for months in defense against cyber actions initiated by the Russian government. In addition to what Ukraine is doing, which is very good at defending cybersecurity. So far, Russian government hackers have mainly attacked Ukraine: instead, in Western countries, attacks by Russian patriotic hackers and cyber gangs of Russian criminals, interested in supporting their country, arrive. For the near future we can expect an increase in cyber actions against the West: we have followed the activities of Killnet for years, and we know that this cybergang does not like it to be disrespected: for this reason they have raged against Italy. We will also see, at least in the short term, greater collaboration between the Russian government's cyber military forces and Russian cyber gangs, which will provide expertise and tools in exchange for impunity. Although not all Russian cyber gangs have sided with the government, because this choice may not be signed by some of the affiliated hackers."
In conclusion, according to Mikko Hypponen, we are making big mistakes in underestimating the risks related to the spread of highly vulnerable connected digital technologies that are already widely attacked by hackers. "I am an optimist, I believe that in the Internet what is good outweighs what is evil, but it is very likely that in the future, looking back on these years, we will ask ourselves how we could have taken all these risks."
Curated by: Elena Vaciago, @evaciago