Mikko Hyppönen, cybersecurity expert and author, on stage at WithSecure’s “TheSphere22” conference in Helsinki. Photo/Getty Images
A PC-era information security expert, Mikko Hyppönen, recently sent a copy of his book, If it’s smart, it’s vulnerableperfectly timed to coincide with two well-known hacker conferences in the United States, Black
Hat and DEF CON.
Hackers, in this context, means what it meant before, i.e. computer coders; the two conferences above are among the oldest and most popular.
DEF CON, for example, is only a year away from its 30th anniversary and still draws tens of thousands of attendees from all walks of life.
Hyppönen started in the IT security industry even earlier, in 1991, which is around the time that everything we have today started happening. It’s about open, programmable personal computers connected to the Internet and, of course, malware and security issues everywhere.
You might even have used the antivirus app from the global company he helped found, F-Secure, which was originally called Datafellows, a name that didn’t quite describe what it did.
The first mentions of Mikko Hyppönen in the New Zealand Herald date back to 2000. He’s up there with Eugene Kaspersky, Peter Norton (who actually didn’t develop antivirus) and the late John McAfee, who did. .
If it’s smart, it’s vulnerable refers to “Hyppönen’s law”. This indicates that adding communication features and capabilities to devices means they become vulnerable – to hacking, that is. As Hyppönen points out, you can’t hack a traditional wind-up wristwatch, but a smartwatch is a small computer that runs code and is online, which means it can be hacked.
The same goes for modern cars and industrial control systems, which should make everyone sit down.
This long track record from the very beginning of the PC revolution means there is gold in the book.
Hyppönen is candid in his stories and recounts several facepalm-inducing mistakes, very familiar to people older than yourselves, who have learned things in difficult and embarrassing ways.
It’s not just InfoSec geeks and developers who will appreciate If it’s smart, it’s vulnerable: everyone uses computing these days, and Hyppönen’s book provides an excellent summary of how networked computing became what it is today, a monster unlike anything what mankind has never seen before.
When I last spoke to Hyppönen, he called the internet the greatest social experiment ever, and that couldn’t be truer.
In the book, there is a good reflection on ethics and how people cannot be reprogrammed to act in the desired way, because that is how we are.
No matter how much awareness training users receive, they’ll always do the most humane thing, like opening email attachments from strangers and spinning the whole thing.
The book is not without flaws that could have been corrected. A more precise editing could have brought together the same subjects which are approached several chapters apart; moreover, some of the chapters are non-sequential briefs that need more development.
The parties on blockchain, bitcoin, non-fungible tokens and cryptocurrencies in general feel underdone, with, in my opinion, not enough emphasis on how they are speculative instruments, soaked in the crime, and little or no useful day-to-day transactions.
While reading If it’s smart, it’s vulnerable made me realize the problem with the phrase “security is a process” that the folks at InfoSec like to utter.
That means you can’t just fix something and go back to sleep with both eyes closed.
On the contrary, you must constantly pay attention to what is happening. Which, as any geek worth their salt knows, can be really tricky.
Nevertheless, the hard work of the people at InfoSec over the years has paid off in some ways.
There are no more computer viruses (as such). Opening Microsoft Word documents isn’t quite the Russian roulette it used to be, with horrific macro viruses unleashed, causing sleepless nights for IT as they battle devastating infections.
Instead, we have ransomware from criminal organizations that run affiliate programs where would-be hackers can rent malware for extortion purposes. We have state-sponsored large-scale hacking, espionage and sabotage operations, as well as surveillance capitalism, in which tech giants know everything about you and sell that information to the highest bidder.
It’s much worse, because none of us can avoid using computers or connecting to the Internet. There’s more of the same on the horizon, as artificial intelligence is likely to get smarter than humans at multiple tasks, but thankfully Hyppönen and other experts don’t think that means machines will try. to kill us.
Ideally though, we should try to abandon some of the dystopian aspects of networked computing mentioned above, but how? The book addresses some of those issues, like following Apple’s lead of not letting code run wild on iPhones and iPads, and taking a hard line on privacy and security.
Will that be enough, but maybe saving humanity from the unethical dangers of technology could be the killer application for AI and machine learning?