WHILE most Malaysians were still in bed at 4.42am, June 14 last year, Mikko Hypponen sent out this little tweet that became the week’s most-talked about event: “Anonymous plans an attack against Malaysian Government website.”
The pony-tailed Hypponen, who is the chief research officer (CRO) at Helsinki, Finland-based computer security firm F-Secure, was the first to sound the alarm that “hacktivist” group Anonymous will launch “Operation Malaysia” the next evening.
“This is business as usual whenever we see an oncoming attack we warn people,” he tells StarBizWeek during a recent trip here.
“We get lots of information from various places, and we actively follow both the online criminals who want to make money and hacktivists like Anonymous. When online criminals launch attacks, they are typically very quiet about it.
“But when people like Anonymous do it, it’s fairly easy to see because they’re gathering people. There are (informants) who tell us this is going on. I collect this information and pass it on to the targets, which in this case was the Malaysian government.”
He then reveals nonchalantly: “There’s a similar one planned by Anonymous this Saturday (March 31). If they succeed, in theory, the whole Internet goes down.”
But the chances of them succeeding were low, he assures, and indeed, that day has passed without a hitch.
Although his name may not ring a bell among Malaysians, the Finnish is very much an icon in technology circles and has been at the forefront of the fight against computer malware since the 1990s.
The F-Secure blog, which he writes for, is one of the most widely-read in the business, and he has given presentations on computer security at TEDTalk, Google Zeitgeist, military events, and some of the most important security-related conferences globally.
Hypponen was in town to brief the Government on various Internet security issues. It was a generic briefing, he says, the kind they do regularly for governments and law enforcement agencies around the world.
Mother knows best
It was his mother who introduced him to computers.
“Mother had an astonishing career in computers. She started in the 1960s, when nobody was using them,” he says, adding that his mother then worked for the state computing agency.
“For me, computers had always been there. The first computer arrived at our house in 1984, a Commodore 64 with an 8-bit system and 64 kilobytes of memory.”
He was hooked and began programming almost immediately. “I started with playing games like most people, but I got bored very quickly,” he explains. “I wanted to understand how the games worked and how to make them myself.”
So he learnt to “write” games, and by the time he was 15, Hypponen was selling his own software.
In 1991, he joined a small company called Data Fellows, which was later renamed F-Secure. “I was employee No. 6,” he quips. “And now we have over 1000 employees in 22 countries. I’ve seen this company change from a small start-up to where it is today, and I’ve seen the industry change from those early days when security software didn’t really exist to this multibillion dollar industry.”
F-Secure was listed in the Helsinki Stock Exchange in 1999 at the height of the dot-com boom, and its stock surged more than a thousand percent, making its CEO (now chairman), Risto Siilasma, the richest man in Finland, albeit briefly.
However, Hypponen points out, malware had evolved as well, from its early days as viruses in floppy disks to the sophisticated attacks of the present, such as banking Trojans and keyloggers.
“The biggest change I’ve seen is the change of intent. The early attackers, they didn’t really have a motive. They just created viruses for the fun of it or for the challenge. But today the malware industry is worth trillions. So the enemy has completely changed.”
According to him, cyber-attackers could be put into three groups based on their motives. “Group No. 1 are the criminals, their motive is money. Group No.2 are hacktivists like Anonymous. Their motive is not money but protest; they have a political agenda.
“Then group No.3 are attacks from governments, for example Stuxnet which was launched by a foreign government to affect the Iranian nuclear programme, and others for spying between countries.”
The biggest and most problematic of these, Hypponen says, are the criminals. “With keyloggers for example, you’re surfing the web, you go to a website and they drop a keylog into your computer.
“They record your email, passwords, and Google searches, but what they’re really looking for is when you go to an online store because then you’ll be typing in your credit card number and security code,” he elaborates, and with a few deft clicks on his laptop brings up a stolen file with someone’s credit card details.
“With this information, they can go to any online store and buy anything they want with your credit card.”
No funny business
Hypponen’s interest in anti-virus was spurred by a challenge from his boss. “When I started working with F-Secure we did a wide range of things computer security was only one part of the business,” he says.
“Then on Sep 13, 1991, I still remember the date, my boss gave me a sample of a new virus that no one had seen before and asked if I could take it apart. He asked me because I was the only in-house programmer who knew the assembly’ language (a low-level programming language), and I knew it because I used to write these old games on my home computers.
“It took me several days but I managed to decode it and named it omega, because the virus would display an omega sign on Friday the 13th and override the hard drive.”
That later sparked a tradition in the company whereby employees who had worked for 10 years received an Omega watch.
“So I know what you’re thinking, I should have named the virus Ferrari,” he jokes. “Next time.”
Hypponen believes 2003 was one of the worst years in virus history. “There were so many outbreaks, I don’t think I slept at all that year,” he enthuses.
The first money-making virus reared its head in 2003.
Incidentally, that was also the year F-Secure made a name for itself by taking down Sobig.F, a virus that came close to disabling worldwide networks. “Sobig.F was a landmark because it was the first time we fought a virus by shutting down servers,” he says.
Hypponen remembers the experience vividly: “We had shut down servers before, but not on that scale. We found it on Tuesday, and it was going to connect to 16 servers and download and run a programme on Friday. We called up people running servers and asked them to shut them (the servers) down.
“Some said yes, but others said, Who are you? Go away.’ Still, we managed to shut down half of them by Thursday. Then we contacted the FBI, Scotland Yard and so on and started shutting down the remaining servers.
“It really became a race to do that before 10pm on Friday. By 6pm we shut down all but three servers, and at 10pm there was one left.
“We couldn’t shut it down, but the traffic ended up being too heavy on that one server and it crashed, so nothing happened.”
But ask him which virus he thinks was the most challenging and he will say it was Stuxnet, the worm that was said to have been aimed at taking over Iran’s uranium enrichment facilities.
“It took us a while to figure out the nuclear connection. From the beginning we saw that it was completely unusual ten times larger and more complicated. When we realised it was targeting Iran, it was just like a movie,” Hypponen recounts.
And who might have been the culprit for this attack? “It is logical to assume that it is the US government. But they never admitted anything,” he says.
Fear not the Internet
As CRO, Hyponnen is in charge of F-Secure’s future threat research, which means anticipating and preparing for potential cyber-threats and their motives. This involves a fair-bit of espionage-type work, such as infiltrating criminal gangs online, creating fake hacker personas and snooping around forums.
One possible attack he sees coming in a year or so is what he calls “exploit-driven mobile malware”, which are viruses that can infect smartphones even without being installed.
“Right now you have to install a trojanised’ programme in your phone for a virus to get in,” he remarks. “One day, maybe next year, we’ll see attacks where they can infect you while you’re just surfing the web. Or you could be sleeping, and you get a text message that infects your phone.”
In spite of these looming terrors, Hyponnen is no advocate of fear.
“I don’t believe in scaring people to leave the Internet,” he says. “I’m sure there are criminals on the streets in KL, but you still work here. You just use common sense and take safety precautions.”
Hyponnen declines to delve into his family life because, as he puts it, “I work with criminals”, so personal details are off-limits.
Interestingly, the 43-year old’s role model is the Nintendo game character Super Mario. Says Hyponnen: “He goes against impossible odds and wins anyway.”
Asked whether he had ever thought of becoming a hacker himself, his answer is a clear “No”. “Have you ever thought about becoming a criminal?” he shoots back good-naturedly.
“I’d rather not break the law, or go to jail. I believe the job I’m doing, and the job we’re all doing here at our labs, is exactly as exciting and interesting as the work of a hacker.”
“I haven’t had a boring day at work, even after 21 years, and there’s always something new happening.”
In his spare time, Hyponnen restores old arcade games like Atari’s Battleship, Asteroid, Pac Man and Space Invaders.
He bought his first full-sized coin-operated arcade game, Marble Madness, in the late 1990s for about a 100 euros, and has since bought and fixed many others, keeping them in a small game room in his house.
When he has the time, perhaps after retirement, he would like to create a “3D car-shooting game”.
“I often wonder,” he says in self-reflection, “What if we solved the problem of viruses and caught all the virus writers and there was no more business for me?”
“If that happened, and it never will, I wouldn’t be unhappy at all,” he smiles. “I will go back to writing games. I was pretty good at it.”