Join Mikko on a Brain Adventure

Do you remember these things?

They’re 5.25-inch floppy disks. And if you’re under twenty-five years old, you’ve probably never used one as anything other than a coaster for a drink.

But back in the 1980s, these beauties were the state of the art. The forerunner of 3.5-inch disks and CD-ROMS, floppy disks usually held less than one megabyte of data, which meant you could get carpal tunnel taking disks in and out. In fact, if you were going to install Windows 7 using 5.25 inch disks, you’d need 2,084 of them.

In January of 1986—exactly 25 years ago—the first ever PC virus ended up on one of these disks. The virus was called Brain and it was created by “Basit and Amjad” in Lahore, Pakistan. Of course in 1986, there was no public Internet, writing viruses was legal and only science fiction writers and IT experts were worried about the threat of self-replicating computer programs.

Did Basit and Amjad have any idea what kind of phenomenon they were sparking?

F-Secure’s Chief Research Officer Mikko Hypponen has decided to travel to Pakistan to interview the creators of Brain. He’ll find out what they’re doing now and how they feel about the development of computer viruses over the last 25 years. And he’ll be documenting his trip on film and through his Twitter account.

We’d love for you to participate in this adventure. Do you have a question you’d like to ask the creators of Brain? Post it here. Mikko will be taking the best ones with him.

You can also expect lots more information about Brain and 25 years of PC viruses over the next month. We’ll be looking back on the digital world that Brain helped created and forward to a more secure future. And we hope you’ll join us.



More posts from this topic


5 Things You Need to Know About the Threat of Election Hacking

Cyber security is playing an starring role in the drama surrounding the question of who will be the next president of the United States. "The security aspect of cyber is very, very tough," Republican nominee for president Donald Trump said, when asked about securing American secrets from cyber attacks during the first debate. "And maybe it’s hardly do-able." Even the integrity of the election has been put into doubt by the threat of hacking -- which may be exactly the point. The questions about cyber intrusions into the electoral system and the wild speculations those intrusions provoke can be hard to put in perspective. So here are five basic premises to help you assess the situation as this historic election transpires. It would be almost impossible to hack the entire U.S. election. The biggest reason this U.S. presidential election is unhackable is that most of it doesn't depend on computers. More than three out of four Americans will vote on a paper ballot this November 8, Techcrunch's Ben Dickson reports. And the fact that all Americans don't vote in the same manner points to the biggest reason you probably couldn't hack the election. Each state has its own system, with some federal guidance. Nearly every state lacks sufficient funding to fully upgrade their systems, hence the reliance on outdated technology. So while voting machines are definitely vulnerable to hacking, hitting just the right ones in a systematic way that just happens to sway the electoral college vote in favor of one candidate would involve both a massive investment of time and money and an even larger serving of luck. But that doesn't mean an election can't be "hacked." “To ‘hack’ a US presidential election, all you need to do is to obviously tamper with one county’s system, then leak that the tampering occurred,” our security advisor Sean Sullivan told Dickson. “Many people will rush to assume that all of the other typical issues that occur may also be the result of hacking — and thus, you’ll end up delegitimizing all of the results.” A delegitimized election equals a  delegitimized winner. You don't even have to hack an election to hack an election. The hacks of the Democratic National Committee and Hillary Clinton's campaign chair John Podesta could end up being far more consequential in swaying the election than hacking either voting processes or actual vote counts -- especially if the resulting leaks end up revealing something extraordinarily damaging to the candidate in the documents being dripped out by Wikileaks. “Owning an election is gold; being able to influence it is silver; knowing the outcome in advance is bronze,” F-Secure cyber security advisor Erka a Koivunen explained. It's pretty clear that someone is at least after the silver in this election. Someone has definitely poking around in the U.S. election system. The United States has been clear that it believes that Russia is trying to hack this election. This month U.S. officials have explicitly stated that the Russians are behind the hack of a contractor that works on the electoral system of the key swing state of Florida. Similar hacks were reported by the states of Arizona and Illinois. U.S. intelligence also believes Russia is behind the hack of Podesta's emails and a security firm believes it found evidence that the nation led by President Vladmir Putin was behind the hack of the DNC. Russian Foreign Minister Sergei Lavrov told CNN that the accusation that it was behind the Podesta hack "flattering." When pressed to confirm or deny his nation's involvement, Lavrov said, “No, we did not deny this, they did not prove it." Trump himself questioned whether the hack actually happened in the second debate and if he's concerned about Russian hacking, he doesn't seem to be showing it. At one point he even -- jokingly, he said later -- asked Russia to hack his opponent's missing emails. Election technology needs to improve quickly. It's safe to say that no matter who is hacking the U.S. elections, the U.S. is probably hacking them, too. The richest nation on Earth is just not engaging, as far as most people can tell, in the leaks that have followed the recent U.S. hacks. In this new era of cyber attacks backed by nation-states or "privateers" employed by nation-states the rules of cyber espionage are unclear and the fog is thick. No matter what happens in 2016, digital technology will play ever-increasing role in both campaigns and election, and the U.S. needs to take steps to ensure the integrity of its elections. Sullivan believes that the Department of Homeland Security should go through with its proposal to declare voting system critical infrastructure and then adapt its defenses to catch up with the threats. “Network monitoring is rapidly becoming a requirement,” he told Techcrunch's Dickson. And voting must be made to feel at least as secure as using your credit card to buy a coffee. “Smartcard technologies are available in several European countries for online identity authentication,” Sullivan said. “They aren’t widely used. If a country such as the United States were to get serious about rolling out such tech, it would be a game changer.” All of this focus on the security of election systems means that there are “more people checking stuff.” The question now is who is putting in more resources -- the attackers or the people doing the checking. [Image by Maryland GovPics | Flickr]

October 13, 2016
Christine Bejerasco

Meet the Online Guardian Working to Keep You Safe

Every time you go online, your personal privacy is at risk – it’s as simple as that. Whether you’re creating an account on a website, shopping, or just browsing, information like your email, IP address and browsing history are potential targets for interested parties.   All too often, that information is sold on or sometimes even stolen without you even knowing it. And the threats to our online privacy and security are evolving. Fast.   As F-Secure’s Online Protection Service Lead, Christine Bejerasco’s job is to make life online safer and more secure.   “We’re basically online defenders. And when your job is to create solutions that help protect people, the criminals and attackers you’re protecting them against always step up their game. So it’s like an arms race. They come up with new ways of attacking users and our job is to outsmart them and defend our users,” Christine says.   Sounds pretty dramatic, right? Well that’s because it is. While it used to be that the biggest threat to your online privacy was spam and viruses, the risks of today and tomorrow are potentially way more serious.   “Right now we’re in the middle of different waves of ransomware. That’s basically malware that turns people’s files into formats they can’t use. We’ve already seen cases of companies and individual people having their systems and files hijacked for ransom. It’s serious stuff and in many cases very sad. If your online assets aren’t protected right now you should kind of feel like you’re going to bed at night with your front door not only unlocked but wide open.”   Christine and her team of 11 online security superheroes (eight full-time members and three super-talented interns) are on the case in Helsinki.   Here’s more on Christine and her work in her own words:   Where are you from? The Philippines   Where do you live and work? I live in Espoo and work at F-Secure in Ruoholahti, Helsinki.   Describe your job in 160 characters or less? Online guardian who strives to give F-Secure users a worry-free online experience.   One word that best describes your work? Engaging   How long is a typical work day for you? There is no typical workday. It ranges from 6 – 13 hours, depending on what’s happening.   What sparked your interest in online security? At the start it was just a job. As a computer science graduate, I was just looking for a job where I could do something related to my field. And then when I joined a software security company in the Philippines, I was introduced to this world of online threats and it’s really hard to leave all the excitement behind. So I’ve stayed in the industry ever since.   Craziest story you’ve ever heard about online protection breach? Ashley Madison. Some people thought it was just a funny story, but it had pretty serious consequences for some of the people on that list.   Does it frustrate you that so many people don’t care about protecting their online privacy? Yeah, it definitely does. But you grow to understand that people don’t value things until they lose it. It’s like insurance. You don’t think about it until something bad happens and then you care.   What’s your greatest work achievement? Shaping the online protection service in the Labs from its starting stages to where we are today.   What’s your idea of happiness? Road trips and a bottle of really good beer.   Which (non-work-related) talent would you most like to have? Hmmm… tough. Maybe, stock-market prediction skills?   What are your favorite apps? Things Stumbleupon   What blogs do you like? Security blogs (F-Secure Security blog of course and others – too many to list.) Self-Help Blogs (Zen Habits, Marc and Angel, etc.)   Who do you admire most? I admire quite a few people for different reasons. Warren Buffett for his intensity, simplicity and generosity. Mikko Hyppönen for his idealism and undying dedication to the online security fight. And Mother Theresa for embodying the true meaning of how being alive is like being in school for your soul.   Do you ever, ever go online without protection? Not with systems associated to me personally, or with someone else. But of course, when we are analyzing online threats, then yes.   See how to take control of your online privacy – watch the film and hear more from Christine.  See how Freedome VPN will keep you protected and get it now.

July 14, 2016
Could the Sony and Hacking Team hacks have been detected sooner?

Hacks in the Headlines: Two Huge Breaches That Could Have Been Detected

The Sony hack of late 2014 sent shock waves through Hollywood that rippled out into the rest of the world for months. The ironic hack of the dubious surveillance software company Hacking Team last summer showed no one is immune to a data breach - not even a company that specializes in breaking into systems. After a big hack, some of the first questions asked are how the attacker got in, and whether it could have been prevented. But today we're asking a different question: whether, once the attacker was already in the network, the breach could have been detected. And stopped. Here's why: Advanced attacks like the ones that hit Sony and Hacking Team are carried out by highly skilled attackers who specifically target a certain organization. Preventive measures block the great majority of threats out there, but advanced attackers know how to get around a company's defenses. The better preventive security a company has in place, the harder it will be to get in…but the most highly skilled, highly motivated attackers will still find a way in somehow. That's where detection comes in. Thinking like an attacker If an attacker does get through a company's defensive walls, it's critical to be able detect their presence as early as possible, to limit the damage they can do. There has been no official confirmation of when Sony's actual breach first took place, but some reports say the company had been breached for a year before the attackers froze up Sony's systems and began leaking volumes of juicy info about the studio's inner workings. That's a long time for someone to be roaming around in a network, harvesting data. So how does one detect an attacker inside a network? By thinking like an attacker. And thinking like an attacker requires having a thorough knowledge of how attackers work, to be able to spot their telltale traces and distinguish them from legitimate users. Advanced or APT (Advanced Persistent Threat) attacks differ depending on the situation and the goals of the attacker, but in general their attacks tend to follow a pattern. Once they've chosen a target company and performed reconnaissance to find out more about the company and how to best compromise it, their attacks generally cover the following phases: 1. Gain a foothold. The first step is to infect a machine within the organization. This is typically done by exploiting software vulnerabilities on servers or endpoints, or by using social engineering tactics such as phishing, spear-phishing, watering holes, or man-in-the-middle attacks. 2. Achieve persistence. The initial step must also perform some action that lets the attacker access the system later at will. This means a persistent component that creates a backdoor the attacker can re-enter through later. 3. Perform network reconnaissance. Gather information about the initial compromised system and the whole network to figure out where and how to advance in the network. 4. Lateral movement. Gain access to further systems as needed, depending on what the goal of the attack is. Steps 2-4 are then repeated as needed to gain access to the target data or system. 5. Collect target data. Identify and collect files, credentials, emails, and other forms of intercepted communications. 6. Exfiltrate target data. Copy data to the attackers via network. Steps 5 and 6 can also happen in small increments over time. In some cases these steps are augmented with sabotaging data or systems. 7. Cover tracks. Evidence of what was done and how it was done is easily erased by deleting and modifying logs and file access times. This can happen throughout the attack, not just at the end. For each phase, there are various tactics, techniques and procedures attackers use to accomplish the task as covertly as possible. Combined with an awareness and visibility of what is happening throughout the network, knowledge of these tools and techniques is what will enable companies to detect attackers in their networks and stop them in their tracks. Following the signs Sony may have been breached for a year, but signs of the attack were there all along. Perhaps these signs just weren't being watched for - or perhaps they were missed. The attackers tried to cover their tracks (step 7) with two specific tools that forged logs and file access and creation times - tools that could have been detected as being suspicious. These tools were used throughout the attack, not just at the end, so detection would have happened well before all the damage was done, saving Sony and its executives much embarrassment, difficult PR, lost productivity, and untold millions of dollars. In the case of Hacking Team, the hacker known as Phineas Fisher used a network scanner called nmap, a common network scanning tool, to gather information about the organization’s internal network and figure out how to advance the attack (step 3). Nmap activity on a company internal network should be flagged as a suspicious activity. For moving inside the network, step 4, he used methods based on the built-in Windows management framework, PowerShell, and the well-known tool psexec from SysInternals. These techniques could also potentially have been picked up on from the way they were used that would differ from a legitimate user. These are just a few examples of how a knowledge of how attackers work can be used to detect and stop them. In practice, F-Secure does this with a new service we've just launched called Rapid Detection Service. The service uses a combination of human and machine intelligence to monitor what's going on inside a company network and detect suspicious behavior. Our promise is that once we've detected a breach, we'll alert the company within 30 minutes. They'll find out about it first from us, not from the headlines. One F-Secure analyst sums it up nicely: "The goal is to make it impossible for an attacker to wiggle his way from an initial breach to his eventual goal." After all, breaches do happen. The next step, then, is to be prepared.   Photo: Getty Images

May 31, 2016