advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

Web extra to May/June 2007 issue

Interview: Eugene Kaspersky

The founder and head of research and development of Kaspersky Lab talks to SA Mathieson

Eugene Kaspersky may well be the most casually-dressed man at Infosecurity Europe – in contrast to all the suits and corporate polo shirts, he is dressed down in a casual shirt. But he is about to offer a rogues’ gallery of which any uniformed police officer would be proud.

His seminar consists of a short history of the development of the producers of malware. “We are not in touch with the bad guys, we just see the malicious stuff coming from them,” he says. But by monitoring who is arrested around the world, he has come to some surprising conclusions. “We don’t see links between traditional criminals and IT criminals,” he says. “IT criminals are just IT people who change their mind, or have a broken mind. It seems that traditional criminals are quite far away from that. IT criminals don’t see their victims, so it’s easier for them to do it, because they don’t feel their hand in someone else’s pocket.”

This is not what the media wants to report. “There was a report that the American mafia started to pay attention to carding, [credit card fraud] and once we received a report from Russia when traditional criminals forced a software developer to develop a Trojan. Neither the criminals nor the developer had an idea how to do it, and were arrested. So it seems there are no links at the moment, but I’m not sure about the future,” he says.

Kaspersky says that competent IT criminals try to avoid attention. “I see no reasons for them to make big stuff [happen], like an internet collapse or something like that. People who develop malicious code at the moment are paid money, so they want the internet working,” he says. “If they make big news, they will be arrested.”

“Year by year, there are a few hundred arrests around the globe of people developing malicious code,” he adds. “It’s the stupid people who are arrested. The clever criminals use the internet in such a way that they stay in the shadows. They do their job, day by day – it’s a business for them. We see the numbers of malicious stuff decreasing during Christmas and New Year, because they are human too.”

Producing malware in a low-key way is “a very low risk business,” Kaspersky says. “It’s easy to do and earn money.” As a result, last year saw twice as many new malicious samples than 2005. “This year the trend is the same,” he says. “It looks like there are more and more criminals appearing in the IT business, and they generate more and more samples, which we have to handle, to process.”

There are further problems for Kaspersky Lab and its competitors. “The quality of the samples is getting better,” says Kaspersky. “They pay extra attention to virus technologies. They have to have computers infected, and they know that computers are protected by anti-virus systems, so they analyse the most popular anti-virus products, and they develop malicious stuff so that it’s very difficult to detect. We have to handle this situation – believe me, it’s not easy.”

But Kaspersky seems to relish the challenge. “It’s like an endless game, it’s like arms-racing,” he says. “They develop a new type of attack, we develop a new type of protection. They develop a better attack, we develop better protection. That’s why I love my business, because it’s very interesting to do.”

“The size of anti-virus updates is getting bigger and bigger,” he adds, and if this continues, “in 10 years the internet will not be able to process all the anti-virus updates. Actually, that’s a joke, but, well, it’s going this way”.
The Cold War may be over, but with Russia behaving aggressively towards its neighbours some may worry about using one of its companies for protection. “To me as a Russian company, it’s a challenge to enter Europe, the United States and Asian markets, with our products and our technologies,” Kaspersky concedes.

But he argues that his country has advantages in software development and innovation. “I think we have a very promising position, with more than 100 million people and a good [university] education system. For hundreds of years it was supported by government, then by the Soviet Union, now by the president. So I’m quite optimistic about technology development in Russia, not just IT security and software, but the rest of the stuff as well.”

“Russia is a bit different to China and India,” he adds. “Russia and India are almost similar in number of students educated in technical universities, but the size of India is eight times the size of Russia in population. We’ve had a very long history of technology, research, innovations, and we have an education system based on the people who were students. Now they are teachers with new students, so this knowledge is going from generation to generation without any break.”

And he dismisses the idea that the country continues to suffer a brain-drain of talent. “I think that people in Russia who wanted to exit, already emigrated,” he says. “We see the opposite, people starting to return to Russia after leaving at the beginning of the 1990s.”

More from Infosecurity Europe 2007

Extended version of interview with Bruce Schneier

Extended version of interview with Ray Stanton

Cybercrime unreported due to reputation risks

Police criticised on cybercrime

Put people above technology, says (ISC)2

House of Lords call for more police involvement in internet security

More from the May/June issue

Perfect database security is a fairytale, says William Knight



 

 
Search this Site:
Google Custom Search



Click here...