instagram bug hunter, mikko and jani, young hacker

10-Year-Old Who Took Home $10,000 Instagram Bug Bounty Visits F-Secure Labs

Mikko Hyppönen -- our Chief Research Officer and probably the most famous code warrior ever to come out of Finland -- likes to point out that he was born the same year as the internet. Jani -- the ten-year-old from Helsinki who made international news by earning Instagram's top bug bounty prize for uncovering a security flaw in the photo-sharing site -- was born a couple a years after Facebook was invented in 2004 and just four years before Instagram went online in 2010. And he's already made some history. Jani discovered a flaw in the site that would have allowed him -- or anyone -- to delete content from any user from the site, even stars with tens of millions of followers including Taylor Swift, Selena Gomez and Beyonce. Like any good white-hat hacker he didn't take advantage of the vulnerability. Instead, he reported the bug to Facebook, which now owns the app, directly. His maturity paid off. Even though he is not technically old enough to use the site according Instagram's terms and conditions, he's become the youngest person ever to win a $10,000 bug bounty, which he's used to purchase a soccer ball, a bike and other essential gear for being ten. To celebrate his feat, F-Secure Labs invited Jani to visit our headquarters for a hamburger and a tour. The visit gave our experts a chance to share their stories about how they were drawn to cybersecurity. Mikko learned to love computers from his mother who was in the industry. Päivi was guided into the field by her father and discovered that she has a passion for rooting out spam.  When Tomi was a kid striving to learn the rules of the coin games his friends played so he could hack them and win, he recognized that he didn't see the world like everyone else. Jani has already discovered the same thing. Though he finds plenty of time for school and playing with his friends, he spends 2-3 hours during his off days hunting for vulnerabilities and looking out for new bug bounty programs -- like our own -- that allow him to test his skills. How did he find the vulnerability in Instagram? First he created two accounts. He posted a comment using one account and then just using the publicly available content id number he was able to delete the comment using the other. Immediately he recognized the potential for such a flaw to be exploited. Mikko and Tomi were impressed by how Jani used Linux and Burp Suite --  a tool that pros like the analysts in our Labs use to analyze network traffic -- to help identify the bug. While he used to be interested in a career in video games, Jani says he's now thinking about becoming a cybersecurity specialist. Mikko and Tomi advised him to finish school and stay on the right side of the law. They also invited him to spend a week or two working at the Labs to see how he likes the job, when he's old enough. He's planning on taking them up on the offer, saying that F-Secure looks like a "fun and cool" place to work. Nice. We're always looking for new talent and even Mikko may retire one day.  

June 22, 2016
BY 
Hillary Clinton, email scandal, phishing scam

If You’re Involved with the 2016 Elections, Assume You’re Being Hacked

Cyber espionage is more and more likely to play a significant role in the extraordinarily consequential elections taking place in 2016. First Russian-backed hackers breached the network of the Democratic National Committee and stole opposition research on likely Republican nominee for president Donald Trump. Now the Clinton Foundation -- established by the family of likely Democratic nominee for president Hillary Clinton -- seems to have been hacked. Any organization with some geo-political importance should assume assume they're next. And the smart ones were already worried. "One British government official I spoke to commented that they would be disappointed if nobody would see them relevant enough to engage in spying," says our cyber security advisor Erka Koivunen. Even before F-Secure Labs sounded the alarm about the Russian-backed "Dukes" gang last year, government officials had been aware of the cyber espionage being enabled by Advanced Persistent Threats. Anywhere there's an event of international import -- like the 2016 U.S. election or the "Brexit" vote on June 23, which will decide if the United Kingdom will stay in the European Union -- you can bet hackers are aiming to get data that hasn't been made public. For the U.S. election, campaign offices or any organization related to the candidates are prime targets. "It can be se said that all the campaign groups, the Democratic National Committee, the Republican National Committee and various Super PACs are operating in a 'high-risk mode'," Erka explains. The details of the attacks help point a finger at the likely culprits “The forensic tools they apparently used after the fact is what gave them the drop on their attackers,” Erka tells our Business Security Insider blog. “Organizations like the DNC are high-profile targets at the moment so they should have been monitoring their network carefully, and the RNC and others involved in the upcoming US election should take note and make sure they have the ability to detect attacks as they unfold. Relying entirely on forensic work has limitations, but it’s better than nothing and in this case the investigators were able to get evidence to help determine what happened and how the breach occurred, which lead to educated guesses about who was responsible.” Though the perpetrators of both the DNC and Clinton Foundation attacks seem to be Russian, the risk of intrusion comes from both domestic rivals and international foes. You may remember that the U.S.'s Watergate scandal that led to the resignation of President Richard Nixon began with a physical breach of the DNC's offices. And foreign leaders -- such as Vladimir Putin -- are very interested in any dirt Democrats may have discovered on Trump, who is new to politics. Campaign and foundation networks -- with large, transient and constantly stressed staffs -- are the perfect target for the sort of tactics groups like the Dukes have used to fool users into inviting them into their network, including spearfishing. For the Brexit vote, "campaign organizations would not be the primary target," Erka says. "Instead, EU’s and member states’ governments' plans to respond to either outcome would be highly interesting to nation-states," he adds. "The negotiation positions are the most valuable assets the governments both in the UK and in other member states have. Knowledge about those will be useful even for the more mundane purpose of financial speculation." Are such attacks taking place now? "We can confirm that there is activity taking place towards the UK government. As this is happening on a continuous fashion it is however extremely difficult to tell whether it is specifically attributable to the referendum." So what should groups protecting data that other countries are after do? "I would encourage campaigns like the DNC to plan and deploy a continuous monitoring scheme that would give out timely indication of not only the breach but also attempts to penetrate the controls and gain foothold," Erka says. "Expect to be breached and make sure the evidence is preserved in a separately controlled place." Without such a scheme attacks could last, as the DNC one seems to have, for well over a year. "Without access to 'offline' monitoring data you will have a slim change of conducting any investigation without tipping the attackers as they have a plan to hide their tracks, leave quickly and come back when the dust has settled," he says. Hackers are a lot like roaches. If you don't clear them out completely, you may not see them anymore but they know how to right back in. "Once in, these guys will have no difficulty in coming back again. They either leave backdoors that they can exploit or at least know the target well enough and literally inside out that they can plan their next inject by choosing several possible vectors." So you have two choices if you're involved in international politics: protect your network or hope you're so irrelevant that no one bothers to hack you.

June 22, 2016
BY 

Latest Posts

Juhannus

In Finland, there is this thing called juhannus. A few years ago, our former colleague Hetta described it like this: Well, Midsummer – or juhannus – as it is called in Finnish, is one of the most important public holidays in our calendar. It is celebrated, as you probably guessed, close to the dates of the Summer Solstice, when day is at its longest in the northern hemisphere. Finland being so far up north, the sun doesn’t set on juhannus at all. Considering that in the winter we get the never ending night, it’s no surprise we celebrate the sun not setting. So what do Finns do to celebrate juhannus? I already told you we flock to our summer cottages, but what then? We decorate the cottage with birch branches to celebrate the summer, we stock up on new potatoes which are just now in season and strawberries as well. We fire up the barbecue and eat grilled sausages to our hearts content. We burn bonfires that rival with the unsetting sun. And we get drunk. If that isn't vivid enough, this video may help: [protected-iframe id="f18649f0b62adf8eb1ec638fa5066050-10874323-9129869" info="https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fsuomifinland100%2Fvideos%2F1278272918868972%2F&show_text=0&width=560" width="560" height="315" frameborder="0" style="border: none; overflow: hidden;" scrolling="no"] And because the celebration is just so... celebratory, it's easy to lose your phone. So here are a few ways to prepare yourself for a party that lasts all night. 1. Don't use 5683 as your passcode. That spells love and it's also one of the first passcodes anyone trying to crack into your phone will try. So use something much more creative -- and use a 6-digit code if you can on your iPhone. You can also encrypt your Android. 2. Write down your IMEI number. If you lose your phone, you're going to need this so make sure you have it written down somewhere safe. 3. Back your content up. This makes your life a lot easier if your party goes too well and it's pretty simple on any iOS device. Just make sure you're using a strong, unique password for your iCloud account. Unfortunately on an Android phone, you'll have to use a third-party app. 4. Maybe just leave it home. Enjoy being with your friends and assume that they'll get the pictures you need to refresh your memory. And while you're out you can give your phone a quick internal "clean" with our free Boost app. [Image by Janne Hellsten | Flickr]

June 22, 2016
instagram bug hunter, mikko and jani, young hacker

Mikko Hyppönen -- our Chief Research Officer and probably the most famous code warrior ever to come out of Finland -- likes to point out that he was born the same year as the internet. Jani -- the ten-year-old from Helsinki who made international news by earning Instagram's top bug bounty prize for uncovering a security flaw in the photo-sharing site -- was born a couple a years after Facebook was invented in 2004 and just four years before Instagram went online in 2010. And he's already made some history. Jani discovered a flaw in the site that would have allowed him -- or anyone -- to delete content from any user from the site, even stars with tens of millions of followers including Taylor Swift, Selena Gomez and Beyonce. Like any good white-hat hacker he didn't take advantage of the vulnerability. Instead, he reported the bug to Facebook, which now owns the app, directly. His maturity paid off. Even though he is not technically old enough to use the site according Instagram's terms and conditions, he's become the youngest person ever to win a $10,000 bug bounty, which he's used to purchase a soccer ball, a bike and other essential gear for being ten. To celebrate his feat, F-Secure Labs invited Jani to visit our headquarters for a hamburger and a tour. The visit gave our experts a chance to share their stories about how they were drawn to cybersecurity. Mikko learned to love computers from his mother who was in the industry. Päivi was guided into the field by her father and discovered that she has a passion for rooting out spam.  When Tomi was a kid striving to learn the rules of the coin games his friends played so he could hack them and win, he recognized that he didn't see the world like everyone else. Jani has already discovered the same thing. Though he finds plenty of time for school and playing with his friends, he spends 2-3 hours during his off days hunting for vulnerabilities and looking out for new bug bounty programs -- like our own -- that allow him to test his skills. How did he find the vulnerability in Instagram? First he created two accounts. He posted a comment using one account and then just using the publicly available content id number he was able to delete the comment using the other. Immediately he recognized the potential for such a flaw to be exploited. Mikko and Tomi were impressed by how Jani used Linux and Burp Suite --  a tool that pros like the analysts in our Labs use to analyze network traffic -- to help identify the bug. While he used to be interested in a career in video games, Jani says he's now thinking about becoming a cybersecurity specialist. Mikko and Tomi advised him to finish school and stay on the right side of the law. They also invited him to spend a week or two working at the Labs to see how he likes the job, when he's old enough. He's planning on taking them up on the offer, saying that F-Secure looks like a "fun and cool" place to work. Nice. We're always looking for new talent and even Mikko may retire one day.  

June 22, 2016
Hillary Clinton, email scandal, phishing scam

Cyber espionage is more and more likely to play a significant role in the extraordinarily consequential elections taking place in 2016. First Russian-backed hackers breached the network of the Democratic National Committee and stole opposition research on likely Republican nominee for president Donald Trump. Now the Clinton Foundation -- established by the family of likely Democratic nominee for president Hillary Clinton -- seems to have been hacked. Any organization with some geo-political importance should assume assume they're next. And the smart ones were already worried. "One British government official I spoke to commented that they would be disappointed if nobody would see them relevant enough to engage in spying," says our cyber security advisor Erka Koivunen. Even before F-Secure Labs sounded the alarm about the Russian-backed "Dukes" gang last year, government officials had been aware of the cyber espionage being enabled by Advanced Persistent Threats. Anywhere there's an event of international import -- like the 2016 U.S. election or the "Brexit" vote on June 23, which will decide if the United Kingdom will stay in the European Union -- you can bet hackers are aiming to get data that hasn't been made public. For the U.S. election, campaign offices or any organization related to the candidates are prime targets. "It can be se said that all the campaign groups, the Democratic National Committee, the Republican National Committee and various Super PACs are operating in a 'high-risk mode'," Erka explains. The details of the attacks help point a finger at the likely culprits “The forensic tools they apparently used after the fact is what gave them the drop on their attackers,” Erka tells our Business Security Insider blog. “Organizations like the DNC are high-profile targets at the moment so they should have been monitoring their network carefully, and the RNC and others involved in the upcoming US election should take note and make sure they have the ability to detect attacks as they unfold. Relying entirely on forensic work has limitations, but it’s better than nothing and in this case the investigators were able to get evidence to help determine what happened and how the breach occurred, which lead to educated guesses about who was responsible.” Though the perpetrators of both the DNC and Clinton Foundation attacks seem to be Russian, the risk of intrusion comes from both domestic rivals and international foes. You may remember that the U.S.'s Watergate scandal that led to the resignation of President Richard Nixon began with a physical breach of the DNC's offices. And foreign leaders -- such as Vladimir Putin -- are very interested in any dirt Democrats may have discovered on Trump, who is new to politics. Campaign and foundation networks -- with large, transient and constantly stressed staffs -- are the perfect target for the sort of tactics groups like the Dukes have used to fool users into inviting them into their network, including spearfishing. For the Brexit vote, "campaign organizations would not be the primary target," Erka says. "Instead, EU’s and member states’ governments' plans to respond to either outcome would be highly interesting to nation-states," he adds. "The negotiation positions are the most valuable assets the governments both in the UK and in other member states have. Knowledge about those will be useful even for the more mundane purpose of financial speculation." Are such attacks taking place now? "We can confirm that there is activity taking place towards the UK government. As this is happening on a continuous fashion it is however extremely difficult to tell whether it is specifically attributable to the referendum." So what should groups protecting data that other countries are after do? "I would encourage campaigns like the DNC to plan and deploy a continuous monitoring scheme that would give out timely indication of not only the breach but also attempts to penetrate the controls and gain foothold," Erka says. "Expect to be breached and make sure the evidence is preserved in a separately controlled place." Without such a scheme attacks could last, as the DNC one seems to have, for well over a year. "Without access to 'offline' monitoring data you will have a slim change of conducting any investigation without tipping the attackers as they have a plan to hide their tracks, leave quickly and come back when the dust has settled," he says. Hackers are a lot like roaches. If you don't clear them out completely, you may not see them anymore but they know how to right back in. "Once in, these guys will have no difficulty in coming back again. They either leave backdoors that they can exploit or at least know the target well enough and literally inside out that they can plan their next inject by choosing several possible vectors." So you have two choices if you're involved in international politics: protect your network or hope you're so irrelevant that no one bothers to hack you.

June 22, 2016
Internet Safety for Kids

Part of being a parent is keeping kids safe, but it’s also about helping kids grow up to become responsible, independent adults. And there can be a bit of friction between these two ideas. How do parents find the right balance between protecting their kids and letting them behave independently? This friction is very apparent when it comes to how parents let kids use devices and online services. A recent article in the The Atlantic by tech researcher Alexandra Samuel broke down approaches to digital parenting into three categories based on a survey about how parents regulate their kids’ online behavior. Samuel classified the respondents in three way different ways: digital enablers, who place very few restrictions on how kids use devices; digital limiters, who actively try to limit how kids use devices; and digital mentors, who try to actively participate in how kids use devices. According to Samuel, digital mentoring tends to be the most effective way to teach kids how to use the internet in a healthy, responsible way. Samuel goes on to suggest that digital mentoring is the best way to avoid some of the problems produced by other approaches. For example, Samuel found that digital limiters’ kids were three times more likely to impersonate a classmate, peer, or adult than children brought up by digital mentors. Some Do’s and Don’ts of Digital Mentoring Digital mentoring is basically aligned with a lot of the digital parenting advice we provide, as it tries to give parents guidance that protects kids, respects their boundaries, and encourages them to grow into adults that know how to behave online safely and responsibly. On Safer Internet Day, we suggested talking to kids about how they use technology in order to learn about what they like to do online. Talking to kids about what they do online is a pretty important part of digital mentoring. But you also need to have boundaries – not just out of respect for kids’ privacy rights, but also to understand that being a digital helicopter parent isn’t the way to help kids develop healthy online habits. So if you want to be a digital mentor to your kids, here’s a few things you can do, and a few things you should avoid. 1. Help kids learn to use technologies responsibly. Show them how to choose strong passwords and get them a password manager. When they’re old enough to start using social media, show them how to use account settings that prevent them from exposing information they want to stay private. Even though kids will eventually start adopting new technology without your supervision, they’ll know how to do it safely without relying on a quick online tutorial. “Online tutorials provided by service providers are typically designed to get people using the service as quickly as possible – not as securely as possible. But kids will rely on this information unless they know better, so getting kids used to taking advantage of privacy settings on their own can prevent them from exposing all kinds of information online,” says F-Secure Security Advisor Sean Sullivan. DON’T assume that kids really understand technology just because they know how to use it. 2. Lead by example. It seems like common sense that teens and toddlers need different rules. What’s less apparent is how you’ll influence whether they follow these rules or not. Adults might not think about setting rules for themselves, but many of us have already picked up bad online habits (such as using terrible passwords, or spending too much time staring at our phones). While your bad habits might seem harmless, they can set a poor example for kids. “Kids look to parents for guidance, but that doesn’t mean they’re going to actually ask for it,” advises Sean. “If parents don’t want their kids getting addicted to the internet, they need to put down their own phones and step away from their own laptops. If parents want their kids to enjoy being outside, they need to spend time outside themselves. Don’t just tell kids to follow rules – demonstrate that the rules work by making an effort to follow them yourself.” DON’T use gadgets as pacifiers – they’re tools, not nannies or substitutes for other things kids need. 3. Offline parental guidance should still apply to online behavior. You can make a big deal about how the internet has changed the world, but chances are a lot of advice you got from your parents still applies. Most parents teach kids not to be bullies, so just teach them that they shouldn’t use the internet to cyber bully. Teach young kids to avoid talking to strangers, both in real life and on the internet. You wouldn’t let your kids visit a dangerous place unsupervised, so don’t let them visit websites or use online services that could expose them to threats (security features like browsing protection and parental controls are tools to help you do this). “A lot of the threats both kids and adults face online are social ones, so the internet has a lot of the same problems that people worry about offline,” says Sean. “Crime, for example is both online and offline, so teach kids to avoid it in both places.” DON’T think that kids’ online and offline lives are completely separate. They’re growing up in a connected world, so teach them to live in one. And remember, you need to be around to keep kids safe AND teach them to behave responsibly, so make sure you're there for them when they need you the most. [youtube=https://www.youtube.com/watch?v=URk16N62czU&w=560&h=315]

June 16, 2016
Dukes malware, Russian malware, social media malware

Russian-backed hackers have breached the network of the Democratic National Committee (DNC) in search of opposition research on likely Republican nominee for president Donald Trump, according to the Washington Post. The hack of the DNC network - apparently conducted by two separate threat families - was first noticed in April and finally cleared out last weekend. This attack fits within the known tactics of Russian-government backed hackers who have been engaged in 7-years of cyber espionage against the West, which F-Secure Labs first exposed in a report last year on the Advanced Persistent Threat group called "The Dukes." "We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making," the Labs reported, introducing a whitepaper with all the juicy details on the subject. Reports suggest that the DNC was first breached by The Dukes (referred to as Cozy Bear by the investigators) last summer. After our report and the international news coverage that followed in September, the group seemed to have gone quiet, apparently while still lurking in the DNC network and possibly elsewhere. A different group of Russia-backed attackers appears to be responsible for the much more recent second breach, suggesting an even more active push to gain insight into the ongoing presidential elections in the US. The hackers who hit the DNC weren't after any donor or credit card that would have interested traditional hackers, and instead focused on research involving Trump. These groups are primarily interested in politically valuable information, and naturally, any non-public insight on U.S. presidential candidates would surely do. "Russian President Vladimir Putin has spoken favorably about Trump, who has called for better relations with Russia and expressed skepticism about NATO," The Post explains. "But unlike Clinton, whom the Russians probably have long had in their spy sights, Trump has not been a politician for very long, so foreign agencies are playing catch-up, analysts say." Political organizations involved with the 2016 U.S. election, which will decide who will be the most important person in world "are virtually painting a bulls-eye on their back" for hackers, explains our cyber security advisor Erka Koivunen. "Given the sheer size and complexity of these organizations, the enormous length of the campaigns, high-pace way they need to interact with the external world and the fact that there are volunteers, staffers, hired help and embedded whatnots all using the network, it is an impossible task to keep even a moderately skilled but determined attacker out," he said. And given that The Dukes are both highly skilled and extremely determined it's likely the Russians already know more about Trump than his Republican primary opponents did.

June 15, 2016
Porn blog post image

In the grand scheme of things, there certainly are more important facets to online privacy than keeping one’s porn habits private (government overreach, identity theft, credit card fraud to name a few). However, adult browsing histories are one of the secrets in their online lives people want to protect the most, so it might be disconcerting to know that porn browsing is not as private as one might think. A large majority of web users are lulled into a false sense of security by incognito mode or private browsing, but this is only one of the steps needed toward becoming private online. Here are a few people who have access to this info, along  with a few easy tips that can be taken to prevent this from happening. 1. Anyone on the same hotspot No one is suggesting you should watch porn at your local coffee shop (in fact, please don’t). However, what people surf in places like the privacy of their hotel room should probably stay there. With that in mind, the following statement might be more than a little disconcerting: What you do on Wi-Fi can be usually be seen by pretty much anyone connected to that hotspot. It doesn't require great hacking skills to see what other people connected to the same network are doing. Only traffic on encrypted websites starting with https is always secure, and almost no adult sites fall under this category. 2. Foreign web service providers When traveling, it's easy to forget that what might be culturally acceptable in one country can land you in hot water with the authorities in another. Whether on public Wi-Fi or roaming on the network of a foreign internet service provider, they may be bound by law to report anyone surfing adult material. The personal freedom we enjoy to surf anything we want online is so second nature to many of us by now, we easily forget the same isn't true for others. 3. Analytics and advertisers (often one and the same) It might not bee too surprising to hear that most companies aren't exactly jumping at the chance to be associated with adult websites. For this reason, networks that serve ads to adult websites don't serve ads to "normal" websites, making porn sites mostly self-contained when it comes to using your private information for advertising purposes. Unfortunately, your adult browsing can still be connected to you. Many adult websites implement analytic services, as well as "like" and "share" buttons, that feed into major advertisers such as Google and Facebook. 4. Your employer (in the U.S. and many other countries) Now, we are DEFINITELY not suggesting you watch naughty stuff at work. I mean, they call it NSFW for a reason. However, that doesn’t change the fact that in some countries, companies have an uncomfortable amount of rights to spy on their workers. It’s natural that employers don’t want their workers doing anything illegal, but you still have a right to privacy, even on a work network. What are your options? So what can you do to prevent privacy intrusions? The first and most obvious choice is to not supply any personal information to adult websites. A lot of porn sites require registration in order to comment on videos (if that's your thing) or to view content in higher quality. Keeping a separate email address for adult websites is therefore highly recommended. The other obvious choice is to always have private browsing on, as this prevents cookie-based tracking and embarrassing browsing histories from being saved on your computer. A slightly more technical but still very easy tip is to disable JavaScript from your browser settings while surfing adult websites. A lot of websites don't function without JavaScript, but all the adult websites we tried for research purposes work just fine. JavaScript makes it much easier  to do something called device fingerprinting. This frustratingly intrusive method of snooping involves the use of scripts to identify your computer based on variables such as your screen size, operating system and number of installed fonts. It might not seem like it, but there are enough variables to make most devices in the world completely unique. But the simplest and most efficient method of controlling your privacy is to use a VPN. A VPN (virtual private network) encrypts all your traffic, meaning no one is able to intercept it and see what sites you visit or what you download. It also hides your real IP address, the unique number which can easily be used to identify you online. A top-tier VPN like Freedome also contains extra features like anti-tracking to stop advertising networks from identifying you, and malware protection to automatically block webpages that contain malicious code. The app is easy to use, and available on most platforms. Online privacy is not a difficult or expensive  goal to achieve, and by following these few steps you will be able to surf what you want without worry.

June 13, 2016
682390157_3d1f46917e_b

F-Secure Chief Research Officer Mikko Hypponen appeared on the BBC recently to talk about cyber security, data breaches, and “dadada.” [youtube=https://www.youtube.com/watch?v=o19KaRl2ihQ&w=560&h=315] During the interview, Mikko described the current state of cyber security as a “cat and mouse race between the attackers and between the defenders.” It might not be as exciting as watching Formula 1 or a marathon, but it’s not as dull as writing some software that stops computer viruses. It’s about actions and reactions - it’s a race. So where do the defenders go to talk shop? Well, this week they’ll be congregating at the annual CyberDef-CyberSec Forum in Paris. CyberDef-CyberSec is an annual event that brings together various stakeholders in the cyber security and cyber defense fields to share knowledge and discuss issues. This year’s event is expected to be massive, with 55,000 industry professionals from 143 countries, as well as 173 official delegations and 700 journalists, slated to attend. F-Secure’s joint sponsoring this year’s event, and sending some of our cyber security experts, including Mikko to share their insights on the threat landscape facing people, companies, and governments. Mikko will be giving a 45-minute talk called “The Cyber Arms Race” that explores the evolution of online threats into weapons for cyber warfare. Also making an appearance is F-Secure’s cyber security guru Erka Koivunen, and F-Secure Regional Head of Corporate Sales Olivier Quiniou. Both will touch on how today’s cyber threats are wreaking havoc on the cyber security of companies. Erka’s talk, entitled “Data Breaches eat CEOs for Breakfast”, may be particularly poignant in the aftermath of the recent firing of the CEO of FACC – an aircraft component manufacturer that was hit by a cyber attack earlier in the year. Olivier, meanwhile, will be giving a 15-minute speech about the chaos cyber attacks can cause for companies. You can check out the program for the conference for dates and times. [Image by dougwoods | Flickr]

June 13, 2016