20 July 2016

AN INTERVIEW WITH CYBERWARRIOR EUGENE KASPERSKY

BY NINA BURLEIGH ON 7/19/16 
http://www.newsweek.com/cyber-war-stuxnet-eugene-kaspersky-edward-snowden-russia-north-korea-iran-481508
In 2010, analysts working for Russian cybersecurity magnate Eugene Kaspersky discovered Stuxnet, the first cyberweapon ever used for offensive purposes. Last year, they also discovered the Equation Group, one of the most sophisticated cyberweapons to date. Experts say the U.S. and Israel developed Stuxnet to slow the development of Iran’s nuclear program. The terrifying potential consequences of its effect on the global internet grid are the subject of a documentary released earlier this month called Zero Days. I recently caught up with Kaspersky, 52, a rumpled man who bears close resemblance to Philip Seymour Hoffman, in Tenerife, Spain, at the Starmus conference, a gathering of Nobel Prize–winning scientists. He spoke to Newsweek about cyberwar, Edward Snowden and privacy in the digital age.

You have been saying that we live in “the dark age of cybersecurity.” What’s that mean?
There was a very professional cybergang recently that stole a billion dollars from banks. Now we see hundreds of these attacks not only on banks but on the supermarkets and on the public. You can block some of them and others—they're spreading infection around the world.
You are known for criticizing social media because you believe it can be used by malign forces to foment civic unrest. But author Evgeni Morosev argues that the ability of social media to foment revolution is vastly overrated. Isn’t social media more like a tool for the government to track people?
There's nothing new in this world. These Twitter revolutions remind me of the propaganda papers which were dropped from planes in World War II. What's the difference? It's almost the same. The way I see it, social media is used for manipulating the people's opinion. I'm afraid that some states—I don't want to say they create internet propaganda—but let’s say they want to do good things but by intervening in social media, and they stimulate other governments to implement more control in the media. It’s delicate stuff.

In the United States, Google tracks us for commercial purposes. What is your feeling about Google and that kind of information collection on a giant basis?
The more services we have, the less privacy we have. In the past, when we were just tribes ofHomo sapiens, you could be private. Then, you needed passports to travel. If you don't travel, then, hey, you don't have a passport. You stay in your village. You can be private. But if you want to travel, you have to have your passport. You drive your car, you have to have plates and driving license. Your credit card is also tracked by banks. Do they disclose information or not? I don't know! Maybe yes! And maybe your mobile phone. They can track you! And maybe you booked into your hotel. They know. Sure, you can stay private, just don't use those services. Loss of privacy is a kind of taxation for using this “new perfect world.”

Of course you've heard of Edward Snowden. He lives in your town now.
[Laughing] I don't know who he is.

Did his revelations change your mode or amount of business at all?
Not at all. People's behavior after the Snowden did not even change. Only 2 or 3 percent changed their behavior.

You also track state-sponsored cyberattacks? How do you identify where they are from?
Well, let’s say they [the attackers] speak native English. We see their text strings. We see how they communicate, so we can guess the language. We also see Russian, Chinese. And German, French, Spanish, Latin American, Brazilian, Arabic. Not Japanese. Korean—but we don't know which Korean. North Korean or South Korean?

You have talked about the need for a universal ban on zero-day cyberweapons like Stuxnet, comparing them to sarin gas. Is there any feasibility to that?
I have been talking about this with officials for a couple of years in the States, in Russia and the U.N. We agreed with the U.N. to promote this idea to ban cyberweapons, but it was discontinued. I don't know why. Around 2012, 2013. I still agree about this idea, but I don't really promote it because I tried to explain it, I tried to talk about that, I tried to do something about that, and it was like...nothing happened

How can you compare cyberweapons to nerve gas? That’s pretty apocalyptic stuff.
We depend on cyber. Do you know how vulnerable the United States is? Talk to the DHS, to Homeland Security. Not only the United States—it's other governments. The systems are vulnerable because they were not originally designed to be safe and secure. You have to redesign everything! There's no nation in the world that has enough engineers to do that.

What’s the worst-case scenario? A Stuxnet type weapon manipulates a nuclear plant?
Stuxnet is just an example. It’s just proof of concept. But I'm not comfortable to talk about this in public.

You have said you disagree with Bill Gates, Elon Musk and Stephen Hawking on this idea that artificial intelligence poses a great threat to human beings. Explain.
What they call artificial intelligence is not really intelligent. It is just algorithms, and they can’t change themselves. But I agree with them in the future. It may be just the next step of evolution. I'm afraid that...this is the end of evolution of Homo sapiens because the world is global. But maybe Homo sapiens will make artificial intelligence and slowly improve themselves. Maybe make new genetic chains. It will happen. But I hope I will die before that.

The New York Times and Bloomberg have said Kaspersky is soft on cyberattacks from the Russian government. True?
No. How could it be true? We have a Global Research and Analysis team (responsible for analyzing the most professional attacks). Most—99 percent, well, 99.999 percent—of all the malicious stuff we collect from the internet is criminal. With the most complicated and targeted attacks we don't know if they are criminal or state, but if we are going to catch the fish, we don't know what sort of fish [we have] until we take it from the water. So in many cases, we catch the fish and we don't know which language the fish is speaking.

What about when you find something like Stuxnet, linked to governments that may be politically at odds with Russia?
We protect the government levels in Russia and in some other nations, but not so much in the West. So that's why we see more attacks from the West. Our customers are mostly Russian and Eastern Europe, although we do have some government customers in Western Europe too.

Homeland Security isn't calling Kaspersky and saying help us?
To share some information, yes, but not to protect the networks. We don't see what's going on with the government in the States. We don't know. Maybe because of this we don’t see all of the Russian attacks. I'm pretty sure that the United States and Russia and China are more or less on the same level in terms of their abilities and in terms of quantity of attacks and the scale. I can't prove it. But I smell it.

Do you ever wake up and think, Oh man, if that goes wrong, that’s it?
No, typically what wakes me up at night is turbulence. [Kaspersky travels incessantly, speaking at conferences and exploring.] Second, of course, this is a huge company, and I'm responsible for not only my own family, but the families of my employees and partners and the customers. That's scary. And the third thing is the worst case scenarios about attacks on infrastructure. That is on my mind all the time. The unexpected, unpredictable, very damaging attack, which we are not ready to stop.

No comments: