Lorenzo Franceschi-Bicchierai

NEW: I spoke to cybersecurity legend Mikko Hyppönen about his decades-long fight against computers viruses first, and then malware — and how computers have gotten safer over time.

Mikko also told me why he has decided to now turn his focus to fight another enemy: killer drones. And, as it turns out, some of the technical challenges are very similar.

http://techcrunch.com/2026/04/04/after-fighting-malware-for-decades-this-cybersecurity-veteran-is-now-hacking-drones/

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now working on systems to stop killer drones.

TechCrunch
Apr 4 at 3:03pmWeb
Show threadMarius (windsheep)1d ago
@lorenzofb Drones are much more serious than most people assume. They create the sense of human garbage by gamification of war, and erode the sense of the civilian in the war doctrine. They are a game changer on the battlefield but also in politics, because the accountability of remote warfare is lower. The Huthis have drones, so do the Ukrainians. Some with 3d printed components.
Show threadVessOnSecurity1d ago

@lorenzofb Some remarks:

1) Form.A wasn't that widespread. It never arrived in my country, for instance. A better example for a really widespread boot sector virus is PingPong.A, which was literally everywhere, until PCs upgraded from 8088 to better CPUs, which that virus couldn't run on.

Show threadVessOnSecurity1d ago

@lorenzofb
2) LoveLetter (ILOVEYOU) wasn't "wormable". A vulnerability can be wormable, if it is possible to write self-spreading code that uses it. LoveLetter was a *worm* - although it didn't rely on any vulnerabilities; just on people clicking attachments.

Also the text "It arrived via email as a text file, purportedly a love letter. If the target opened it, it would overwrite and corrupt some files on the person’s computer, and then send itself to all their contacts." while technically correct, is imprecise enough to be misleading.

It didn't spread when the victim opened the e-mail containing it. It arrived as an attachment, which was a VBScript file (although it claimed to have a .txt extension, relying on the fact that Windows hides the file extensions by default, so Foo.txt.vbs is displayed as "Foo.txt"). It spread only if the recipient double-clicked on this attachment to "open" this "text" file.

Show threadVessOnSecurity1d ago
@lorenzofb
3) The reason why viruses are no longer a problem (which Mikko probably mentioned but you didn't understand well), is because nowadays anti-virus programs self-update automatically over the Internet, so when an anti-virus producer implements a detection of a virus, it will spread to the users much faster than a virus spreading from computer to computer via infected files or boot sectors could. Only worms (viruses spreading over the network) can compete with AV updates - but worms usually rely in vulnerabilities, such wormable vulnerabilities are hard to come by these days - and, besides, OS patches fixing them spread over the Internet, too, so even a worm wouldn't have much of a change, unless it spreads *extremely* fast (or hits a really large and well-connected victim, like NotPetya did with Maersk).
Show threadVessOnSecurity1d ago
@lorenzofb
4) NotPetya wasn't a "mass-hacking campaign". It was a LAN worm. Didn't spread over the Internet, only between machines connected via a local network (ActiveDirectory these days; which is what bit Maersk).
Show threadVessOnSecurity1d ago

@lorenzofb
5) As an aside (and with the disclaimer that, unlike computer viruses, I am not an expert in this field), if his present company relies on jamming drones, it is already behind the times. Nowadays the Russians employ drones controlled by optic cables, which cannot be jammed - although have shorter range.

The end.