23 January 2015

Interview with Eugene Kaspersky II: On war, espionage and the mafia in cyberspace

2015-01-21

Eugene Kaspersky's rise from a whiz-kid in high school solving advanced mathematical problems to the leader of a gobal cyber-security empire has been meteoric. His company, Kaspersky Lab, is today one of the pre-eminent Anti-Virus and cyber security companies in the world, with a cutting-edge database of 1.3 million records.

Enterprise Innovation sat down with Kaspersky late last year for an exclusive interview on how he sees the cybersecurity space evolve in the future, the difference between Asian and Western security spaces, and looking ahead to designing anti-malware products for technologies that are still on the cusp of public adoption.

Could you talk about your day to day role at Kaspersky?

From the very beginning, we were very focused on two things.

First of all, on the technologies, on being the very best in security technologies for computers, then for mobile devices, and work in industrial security as well. And the second focus was on our global presence - to build our partner network everywhere around the world and every nation.

At the moment, the company has about 3000 employees. About 1000 are technical guys: system engineers, software engineers, security experts - that’s quite a lot. A very good team.

The company’s managed in a way that – of course, there’s a hierarchical structure, but it’s not like strict reporting lines, like you have to do that all the time, reporting, asking permissions, etc. We give quite a lot of freedom to managers on every level, and for employees, the freedom to make decisions and to be responsible for the decisions.

That’s why I can travel a lot around the world. I don’t really need to manage the company day by day. There’s a management team able to totally own the decisions and not to ask the boss all the time.

The company is still private, so our financial health is very strong and we don’t really need extra funding. We are doing quite well. The company’s innovating all the time with technologies, with our partner networks, sometimes with our unusual marketing projects. It is fresh, innovative, and our employees are very focused on the results.

Do you guys have a particular strategy in terms of innovation? How do you start innovating while you have to keep running your daily core business?

There are different teams [at work]. For end-point security, we have our own team - this is our main business and most of the staff are involved in this business. At the same time, we handle startups with security. We work only with security - we don’t do anything else. So we have startups, special teams for some new ideas, and it’s not only about products and services, but also about technologies.

Because we recognize that we have to improve our end-point or network security with new components, new technologies, this functions like a startup. But startup is not a product, it’s the technologies that will be embedded into all the solutions.

So in addition to endpoint security, we have for instance anti-malware protection, transaction security services, mobile security,and those sorts of startups inside the company.

How do you see the Asian cyberspace compared to the West?

From a technological point of view, it’s almost the same because they have the same computers, the same networks and financial services.

From time to time, in different nations, there are some unique services, unique opportunities for cyber criminals. So the cyber criminals sometimes behave in a very unique way.

What are some of the most exciting things happening in the industry right now?

The most exciting thing, I’m afraid, is new types of attacks - these are not really new, but now they’re at different levels.

Targeted attacks on enterprises, especially in the financial sector, [are conducted] by very professional criminals and it’s not just groups of engineers. In some cases, they are gangs, which have their engineers, leaders, managers and soldiers and so on, and people in between. Sometimes they’re very professional so they design very unique attacks.

In some cases, they’re able to hack even very protected networks and get access to the core of financial services, and that’s really scary. I don’t want to mention the technical details because some of them are still under investigation, but one of the last cases was attacks on ATMs. They managed to infect computers inside the ATMs and control them, and then take cash from ATMs without any cards. So they come, they type the activation code and the ATM starts to release cash. It’s scary because the banks which were affected lost quite a lot of money.

So that’s quite simple. But there are highly complicated attacks that sometimes take weeks to understand because of the unique and complex logic involved.

And they are very close to state-sponsored attacks in complexity. Sometimes we don’t really understand, is it a criminal attack or is it an espionage tool? Sometimes we can’t tell. Maybe it’s not simple criminals behind these attacks.

The typical criminal attack is quite simple stuff, unlike this. Most of these simple attacks are processed automatically - we download new malicious code and we have an automatic system to process all this, so the engineers don’t have a look at that at all. The robots are working, and there are engineers developing the robots with new variants of robot technologies.

How do you guys see yourself positioned within the geopolitical landscape? Do you guys work with governments?

Well, unfortunately you’re right. [There are] too many state-sponsored attacks, but we don’t do retribution. We can’t point a finger at a nation and say that nation was behind this particular attack because we don’t have enough abilities to do that.

We collect the malicious code from the internet, from our customers, but we don’t know who is behind the proxy server - it’s a common server. We’re not an internet provider, we’re not the police, we’re not the secret service, to have the abilities to get there and to read the traffic because that’s for different organizations.

But we can recognize the language that is spoken by the people - not in every case, but in many cases - we can see the language or the owners of these applications. So if this espionage is state-sponsored, we can see that the budget behind these attacks is sometimes millions of dollars - that’s not criminal, definitely. It’s not a hacker behind all that, so it could be...perhaps ‘upper level organizations’.

The most spoken languages there – Chinese, native English, broken English, Spanish (Spanish Spanish and Latin American Spanish), French, and many many other languages as well. Russian, did I mention Russian? Russian, of course, a lot. So if we believe that the language indicates the country, I will say there are many states in North America, in South America, in Europe, in Russian-speaking countries, in Asia, behind the state-sponsored attacks.

How do we behave? We’re a security company and we stay far away from the politics. Secondly, if we take the rabbit out of the hat, we can put the rabbit back into the hat. If we find an attack which looks like a state-sponsored attack, we can forget about this. We will process it, we will add detection, and sometimes we release the news

If it’s a really serious attack, we will release news about this. And we can’t make it hidden, because if we make it hidden, it means we are complicit with a state that could be behind this attack.

No comments: