Published January 03, 2012
Japan reportedly has paid Fujitsu $2.3 million to build a self-replicating assassin squad -- a computer virus it can set loose in the network to track down and eliminate other viruses.
Japanese newspaper Yomiuri Shimbun reported that the Defense Ministry’s Technical Research and Development Institute began developing the anti-viral virus in 2008. The government agency in charge of weapons development paid the heavy industries firm $2.3 million (178.5 million Yen) to create a virus that can analyze cyberattacks and even identify their source.
It sounds like an answer to Stuxnet or Duqu -- cyberweapons so potent that one security official called them “the hydrogen bomb of cyberwarfare.” And the cyberwar is clearly heating up, said Dave Aitel, president and CEO of security firm Immunity Inc.
“Stuxnet was just the beginning,” Aitel told FoxNews.com. “Self-replicating code is an important part of any national arsenal … the Japanese are just getting started.”
The cyberdefense tool would be able to trace an attack to its source, the paper reported, along the way disabling it and collecting key information. Such a tool is a clear escalation in online warfare, said Jeff Bardin, chief security strategist for Treadstone 71.
“The Japanese model represents a communicated and demonstrated increase in virtual arms escalation,” Bardin told FoxNews.com. “It ups the ante to a new level that may not be sustainable, especially when -- not if -- the code for the 'good' virus gets out.”
He argues that such a tool, while perhaps inevitable, may lead us into full cyberwarfare.
“The most virulent ... virtual arms will not be used unless there is either an all out cyberwar raging -- or someone wishes to start one.”
To that end, defense cybertools are a clear necessity for any nation. But are “good viruses” a good idea? A renegade virus running loose, like a ghost in the machine, may be anything from a far-fetched fantasy to a potentially very, very bad idea, others argue.
“An out-of-control 'good' virus could spread randomly or unexpectedly from machine to machine, meaning it may be hard to contain,” wrote Graham Cluey, senior technology consultant for security firm Sophos.
“All programs, including viruses, contain bugs that can have unintended and damaging consequences," he said.
Aitel disagrees, saying the concept of "anti-viral viruses" has already proved successful in early tests.
“Our firm did some early research on self-replicating attack code which we called 'Nematodes.' And we found out that it’s not that hard to do this type of program. It’s possible to develop a controllable and effective worm," he said.
Indeed, tests of Fujitsu’s defensive cyberweapon run in closed networks in Japan confirmed its functionality, The Yomiuri Shimbun reported.
Keio University professor Motohiro Tsuchiya, a member of a government panel on information security policy, told the paper that Japan should accelerate anti-cyberattack weapons development immediately, arguing that other countries have already launched similar projects.
Bardin agreed, arguing that all countries will find themselves forced to respond, either with defensive tools or more aggressive cyberweapons.
“Stuxnet took it to another level,” he told FoxNews.com.