187
Aladdin’s Lamp: The Theft
and Re-weaponization of
Malicious Code
Abstract: Global superpowers do not have a monopoly on cyber warfare. Software
thieves can steal malware written by more advanced coders and hackers, modify it,
and reuse it for their own purposes. Smaller nations and even non-state actors can
bypass the most technically challenging aspects of a computer network operation –
vulnerability discovery and exploit development – to quickly acquire world-class
cyber weapons. This paper is in two parts. First, it describes the technical aspects of
malware re-weaponization, specically the replacement of an existing payload and/or
command-and-control (C2) architecture. Second, it explores the implications of this
phenomenon and its ramications for a range of strategic concerns including weapons
proliferation, attack attribution, the fog of war, false ag operations, international
diplomacy, and strategic miscalculation. And as with Aladdin’s magic lamp, many
malware thieves discover that obtaining a powerful new weapon carries with it risks
as well as rewards.
Keywords: malware, cyberwar, re-weaponization, false ag, attribution
Kārlis Podiņš
CERT Latvia
Riga, Latvia
Kenneth Geers
Comodo Group
Toronto, Canada
2018 10th International Conference on Cyber Conict
CyCon X: Maximising Eects
T. Minárik, R. Jakschis, L. Lindström (Eds.)
2018 © NATO CCD COE Publications, Tallinn
Permission to make digital or hard copies of this publication for internal
use within NATO and for personal or educational use when for non-prot or
non-commercial purposes is granted providing that copies bear this notice
and a full citation on the rst page. Any other reproduction or transmission
requires prior written permission by NATO CCD COE.
1. IntroductIon: stealIng cyber weaPons
In Arabian Nights, a poor but clever Aladdin nds a magic lamp offering power,
wealth, and love. However, the acquisition of these benets also carried a burden
of risk and responsibility. This parable offers lessons for aspiring cyber armies. The
theft of advanced malware facilitates a similar shortcut to increased power on digital
national security terrain. Computer code written by the Great Powers, including the
United States, Russia, China, and Israel, can be acquired, reverse-engineered, and re-
weaponized by small nations and even non-state actors.
