The threats of the Age of cyber-warfare: Eugene Kaspersky on cybercrime

Eugene Kaspersky Co-founder and CEO of “Kaspersky Lab” Eugene Kaspersky delivers a speech called “The threats of the Age of cyber-warfare”, expressing his vision on the current state of the global cybercrime and exemplifying his research with some observations and evidence of close affiliation of malware related crime with real-world facts.

Today we are here to discuss the problems, explaining our view on the existing situation and the future. This is the main topic of my presentation, and I am going to start.

Well, computers are everywhere. How many computers do you have or use in your life? You don’t know. You don’t know how many computers you have in your car. You don’t know how many computers manage the train, if you use train to get to New York. You don’t know how many computers manage the elevators in this hotel. Everything is digital, everything is online.

Everything is digital, everything is online.

Entertainment…It’s digital. Oh, well, except poker in Las Vegas. But in Las Vegas, poker is under the control of cameras which are for sure digital and report that to the digital systems.

How many times did you open paper printed encyclopedia last year? Zero. How many times did you open Wikipedia or Wikileaks? As to Wikileaks, usually I say, please don’t publish so much information at the end of Friday, because secret services – they are humans too. They have families and they want to have weekends.

Social lives – well, how many people here in the room have 5 or more accounts in social networks? Well, I understand I am talking to journalists, it’s not fair, okay, okay. But when I am in a business audience, or I deliver a speech to students in universities, if someone raises the hand, I ask security to catch that person and to write down the name, to report that to the employer or to the professor.

If you are in 5 social networks, do you have time to sleep? Usually no, especially students. The students now don’t have time to live. When I was a student, I had to split my life into 2 pieces: education and girls. Now it’s education, Internet, and girls – it’s crazy. The problem is that many people mix private and social life. And this is also a very serious security issue but it’s a little bit outside of the mainsteam. But talking about social networks and private information, I think that there has to be more government control and regulation on social networks, because so many people publish a lot, so many criminals, including traditional criminals, use social networks for bad things. And revolutions are also managed through social networks.

Do you imagine a business that doesn’t have computers, which doesn’t have access to the Internet? Every business must pay taxes, that’s it. So only businesses which don’t pay taxes can be Internet free. So every legal business is connected.

The world is online:

– Entertainment

– Knowledge

– Social Life

– Private Life

– Businesses, Services

– Governments

– Industrial Systems

Governments are another issue. Governments want to be online. And a very serious problem is that the new generation wants be 100% online. And if you don’t have Internet government or online government, if you don’t have Internet voting, then the new generation, kids – they will never go to the election office. If there is no online service, they will never go to vote. If you don’t have secure online voting, Internet passports – that will be the end of democracy. Well, this is also a very special topic, and maybe we will discuss that later.

Industrial systems – unfortunately, or fortunately, all these systems, well, they are not online, but it’s possible to bring USB, so they are partly online. And unfortunately, it’s a very, very big danger, and I have some examples of what’s already happened because of the security issues with industrial systems.

So, everything is online, and unfortunately everyone, every business, every person is under the attack. There are so many targets: individuals, governments, businesses. And there are 3 main sources of these attacks.

The first source is not so serious, that’s just script kiddies1, vandals. Still there are kids who develop malware just for fun, like in the past. But less and less kids are doing that, because they don’t have time, they play computer games. In the past, these kids were presenting themselves, they wanted to make themselves proud because they wrote a super computer virus. Not anymore. They play computer games, they grow into super heroes in computer games.

Sources of cyber threats:

– Hacktivists

– Cyber criminals

– Cyber combatants

There are hacktivists, which are also some kind of vandals. Is there any difference between the gangs which crash shops on the streets and the people which do the same in the Internet? There’s almost no difference: same motivation, they protest; but people in the Internet don’t really understand that they do almost the same things.

The second source is cyber criminals. I needn’t explain what cybercrime is and who cyber criminals are. Just read police reports and the stories, investigations, arrests, sometimes pictures.

And the third source is organizations, governments or individuals which attack the Internet in very different ways with cyber weapon, with distributed DoS attacks, which develop spying software to steal critical information. Unfortunately, we are getting more and more reports about that.

Global cyber criminals

Global cyber criminals

So, a little bit about online crime. First of all, it’s global. It’s not just Chinese cyber criminals, it’s not only Russian cyber criminals – it’s global. Of course there are more cyber criminals in Asia, in Russia, in Latin America than in Europe or in the United States. But if you look at these faces, these pictures of criminals, you can see quite different faces: Americans, Russians, Palestinian… It’s everywhere. Computers are everywhere, Internet is everywhere, except Antarctic, I was there and checked, there was almost no Internet. So maybe Antarctic is the only one region free of cybercrime, but the rest isn’t – it’s everywhere.

Sreenshot of a web page selling botnets

Sreenshot of a web page selling botnets

Unfortunately, it’s very effective, it’s possible to stop a country with the help of malware. It’s organized. This is a very, very old screenshot (see image) but I like it, because it’s a part of the business, it’s a gang which develops botnets2 and trades these botnets. So actually this is a price list: how many bots you want to use, how many days you want to use these botnets. There’s an ICQ number for technical support; there is also something about discounts if you buy the service 2 or 3 or more times; Terms of Service.

That’s a business. There is B2C (business to customers), B2B (business to business), well, I call this C2C – criminals to criminals. That’s organized world, huge well organized world with a lot of money in there, and it’s very profitable.

Car accident in Moscow, 19-year-old cyber criminal deceased in his BMW

Car accident in Moscow, 19-year-old cyber criminal deceased in his BMW

This picture here shows the consequences of illegal street race in Moscow. Believe me, Moscow doesn’t look like this everyday. So there were a couple of Russian cyber criminals in that car. It’s a new BMW 7. One of them died in this incident, he was 19 years old. A 19-year-old boy driving a new BMW. They have lots of money.

Unfortunately, these guys have much more money than software engineers, than IT security software engineers. This is the answer to the question. Will cyber criminals be looking for a job in your company? Never, because they have much more money, unfortunately.

And it is easy to do because it’s just software, the Internet. They don’t need to invest too much, and they don’t have physical contact with victims. That makes the life of cyber criminals very simple. And it’s low risk. If they have enough of brain, they can do it in such a way that it is very, very difficult to find them, to trace them.

They attack from different countries using proxy servers, and in some cases they don’t attack victims in their own country. They don’t want local police to have calls from local victims. Some of these guys are extremely clever. We still don’t know the names of criminals which were responsible for some kinds of very big attacks like Conficker3, or Kido, attacks in the past, with 10 million infected proxy servers. I still don’t know the names. They were very professional people.

So it’s global, it’s very effective, organized, profitable, easy to do, no risk… of course there will be more and more cyber criminals. And also, keep in mind that there are more and more Internet users from very poor countries. And we live in the same territory, in the same city, on the same streets.

Annual global financial impact of malware-based cybercrime amounts to about $100 billion.

So, I don’t know how much money we lose because of that, because cyber criminals don’t report their financial figures. I am sure Gartner4 doesn’t have reports from cybercrime gangs. However, we tried to count, to approximate the financial impact, and we got the number – 100 billion dollars. And this is only from the cybercrime based on malware. Spam, credit cards, trading counterfeit stuff – it’s not counted. Only the cybercrime business which is based on malware costs global economy at least 100 billion dollars a year. So, if it’s 500 billion per all cyber crime, I am not surprised. And compared with that disaster in Japan, they said it was about 300-billion-dollar impact – every year we have at least one tsunami impact on the global economy.

Read next: The threats of the Age of cyber-warfare 2: Kaspersky on cybercrime

1Script kiddie is a derogatory term used to describe those who use scripts or programs developed by others to attack computer systems and networks and deface websites.

2Botnet is a collection of compromised computers, each of which is known as a ‘bot’, connected to the Internet and used for cybercrime purposes.

3Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows software and dictionary attacks on administrator passwords to propagate while forming a botnet.

4Gartner, Inc. (NYSE: IT) is an information technology research and advisory firm headquartered in Stamford, Connecticut, United States.

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: