NOTA BENE

Notes, comment and buzz from Eugene Kaspersky – Official Blog

Tag Archives: law enforcement

July 26, 2014

Cybernews from the dark side – July 26, 2014.

Remote controlled car – your car, while you’re driving it…

News about new hacks, targeted attacks and malware outbreaks is beginning to bore the general public. It’s becoming an incessant stream after all. What isn’t boring the life out of the general public is something a bit more unusual: stuff you wouldn’t dream could be hacked… getting hacked.

A report from China told how hackers broke into the Tesla motor car’s gadgetry – as part of a contest during a hacker conference. So, why Tesla? What’s so good about Tesla? Well, that’ll be its being an electric car, and its being crammed with so much ‘smart’ electronics that it hardly resembles an automobile than a mobile supercomputer. Still, what was Tesla expecting? Any new functionality – especially that developed without the involvement of IT security experts – will inevitably bring with it new threats via vulnerabilities, which is just what the hackers at the conference in China found.

Cybernews from the darkside

Read on: malware getting closer to industrial systems…

July 3, 2014

Beyond good and evil?

A few days ago Microsoft announced a large scale raid on the dynamic DNS service No-IP, as a result of which 22 of its domains were seized. The guys in Redmond said there were very good reasons for this: No-IP hosts all kinds of unpleasant malware; No-IP is a breeding ground of cybercriminals; No-IP is an epicenter for targeted attacks; and No-IP never agrees to working with anyone else on trying to root out all the badness.

Like in most conflicts, the sides have exchanged the contradictory volleys of announcements in the eternal tradition of ‘it’s his fault – no she started it’.

In particular, No-IP has said it’s a real goody-two-shoes and always willing to cooperate in eliminating sources of cyberattacks, while its clients are most displeased with the raid and consider it an illegal attack on legal business – since it’s possible to find malware practically anywhere, so interrupting services through a court is simply not on.

Is it legal to shut down a service because of #malware found?… When it can be found everywhere?…Tweet

In the meantime, the result of the raid has been rather far-reaching: more than four million sites were pulled, including both malicious and harmless ones – affecting 1.8 million users. Microsoft is trying to sieve the wheat from the chaff and get the clean sites back up and running; however, many users are still complaining about ongoing disruption.

To work out who’s to blame is a thankless and probably hopeless task. I’ll leave the journalistic investigations to… the journalists. Instead, here let me give you some food for thought: dry, raw facts and figures – so maybe/hopefully you’ll be able to come to your own conclusions about the legality and ethicality of MS’s actions, based on those facts and figures…

1)      Shutting down 22 No-IP domains affected the operations of around 25% of the targeted attacks that we keep track of here at KL. That’s thousands of spy and cybercriminal operations ongoing for the last three years. Approximately a quarter of those have at least one command and control center (C&C) with this host. For example, hacker groups like the Syrian Electronic Army and Gaza Team use only No-IP, while Turla uses it for 90% of its hosts.

2)      We can confirm that out of all large providers the No-IP dynamic DNS was the most unwilling to cooperate. For example, they ignored all our emails about a botnet sinkhole.

3)      Our analysis of current malware shows that No-IP is often used by the cyberswine for botnet control centers. A simple search via the Virustotal scanning engine confirms this fact with a cold hard figure: a total of 4.5 million unique malware samples sprout from No-IP.

4)      However, the latest numbers from our security cloud (KSN) show something not quite so cut and dry. Here’s a table showing detections of cyberattacks from dozens of the largest dynamic DNS services:

Service % of malicious hosts Number of detections (in a week)
000webhost.com 89.47% 18,163
changeip.com 39.47% 89,742
dnsdynamic.org 37.04% 756
sitelutions.com 36.84% 199
no-ip.com 27.50% 29,382
dtdns.com 17.65% 14
dyn.com 11.51% 2321
smartdots.com 0.00% 0
oray.com 0.00% 0
dnserver.com 0.00% 0

So – No-IP isn’t leading in the number of detections, even though they’re still really high compared to most.

Here’s some more info for comparison: the % of malware hosts in the .com zone makes up 0.03% of the total; in the .ru zone – 0.39%; but in No-IP the figure’s 27.5%!

And now for other figures that add a bit of a different perspective: in one week, malware domains on No-IP generated around 30,000 detections, while in the same week on one of the most malicious domains in the .com zone, the figure was 429,000 – almost 14 times higher. Also: the tenth most infected domain in the .ru zone generated 146,000 detections – that is, about the same as the first ten providers of dynamic DNS mentioned above put together!

To summarize…

On the one hand, blocking popular services that are used by thousands – if not millions – of typical users: it ain’t right. On the other hand, closing spawning grounds for malware is right – and noble.

The takedown of No-IP domains. Was it right or wrong? Ambiguity with a big ATweet

But then mathematics takes on the role of devil’s advocate, and proves:

Quantitatively, closing all the domains of No-IP is no more effective in combatting the distribution of malware than closing one single top malware domain in one of the popular zones, i.e., .com, .net, or even .ru. Simpler put, even if you were to shut down all providers of dynamic DNS – the Internet still wouldn’t become ‘cleaner’ enough to notice the difference.

So there you have it – ambiguity with a big A. 

It leaves anyone in their right and honest-with-themselves mind to admit things are far from black and white here, and as regards the right and wrong, or good and bad, or Nietzsche’s thing – who can tell?

Still, another thought comes to mind at some point while reflecting on all this…

It’s further evidence that as soon as the quantity of piracy or degree of criminality gets above a certain threshold, the ‘powers that be’ get involved all of a sudden and start closing services, ignoring any notions of Internet freedom or freedom to do business. It’s just the way things are, a rule of life of human society: If it stinks, sooner or later it’ll get cleaned up.

The list of blocked services is already rather long: Napster, KaZaA, eMule, Pirate Bay and so on. Now No-IP‘s been added to the list.

Who’s next?

// Bitcoin? It’s already begun.

 

November 14, 2013

Cybercriminals beware: CYBERPOL is coming…

Who are these folks? Maybe the color of (most of) the ties should give you a clue…

INTERPOL - Global Center for InnovationAnd I was trying to blend in…

…For most of you they’ll never have anything to do with you, and you’ll have nothing to do with them. You hope.

But for those who make up the Internet minority who steal money from online banks, clog up e-mail with spam, hack websites, produce credit cards with stolen numbers, etc. – maybe they should take note of this modest crowd. Because these here suits and ties have a particular, burning… obsessive professional interest in that same Internet minority.

Read on: so, who are these people?…

October 2, 2013

The patent trolls can be defeated – just never give up!

Hurray! Drum roll… cymbal crash + orchestral hit! We’ve beaten yet another US patent troll! The enemy is defeated, demoralized, and on the run! Churchill was right: “Never give up!” We’ve followed his advice in our fight against a particular troll. As a result the troll gave up and ran away with nothing and its tail between its legs.

“Shock, happiness, joy and adrenaline – all in one”

– That’s how N.K. (our Chief Intellectual Property Counsel) described this victory. For this time the troll was of a higher caliber and its ‘connections’ were way more heavyweight.

lodsys

Shock, happiness, joy and adrenaline all in one – I couldn’t agree more. Our 18-month court case with Lodsys (one of the ‘tentacles’ of the world’s largest and most notorious of patent trolls – Intellectual Ventures (“IV”)) was brought to a sudden halt by a full and unconditional capitulation by this abominable patent parasite. As per the norm, we won once again alone, with another 54 defendant companies deciding to settle with the extortionist, while others shamefully fled the battlefield altogether. In all the patent troll has shaken down more than 400 IT companies!

Now for the details…

More: Once upon a time there was an inventor, who invented feedback…

April 29, 2013

Kings of Lyon.

A little while back we had the General Secretary of Interpol, Ronald Noble, visit us in Moscow. He really is quite a guy. He’s been awarded the French Legion of Honor, is a professor of the New York University School of Law, and – surprise, surprise! – is an honorary professor of the Urals State Legal Academy (if you believe the Russian Wikipedia page on him:). Anyway, it’s now my turn to pay him a combined business and social call…

eugene-kaspersky-interpol1

Lyon in France houses the head office of Interpol. When I asked “Can I take photographs?”, I was delighted by the answer, “whatever and wherever you like”.

More: So I took some photographs…

April 3, 2013

INTERPOL drop inter KL.

A few days ago our first – ah, no, second! – ever A-list guests dropped by our new office to see us. Ronald Noble, the Secretary General of INTERPOL, and our good acquaintance Noboru Nakatani, the head of INTERPOL’s new cyber division in Singapore, came to see us on a friendly visit that resulted in the official announcement of our cooperation to more effectively fight cybercrime on a global level.

interpol-kaspersky-team-fight-cybercrime-international-level1

More: Calling all cyberswine – watch out!…

September 19, 2012

Catching the Phishes.

I’m not completely sure why, but  somehow since the invention of the Internet, there has always existed a stereotypical attitude towards all things WWW. That attitude sees the net as little more than a toy, while the viruses that come with it are put down to mere playing about at best, and just hooliganism at worst. However, the reality is quite something else – especially lately.

Remember Cascade and other similar viruses? Ah, so naïve and innocent compared to what was to come… Fast forward a couple of decades and the bad guys started stealing data, Trojanizing computers for zombie networks to perform distributed attacks, and milking bank accounts. And today we’ve arrived at attacks on industrial, infrastructural and military systems. Some toy!

We need to get away from such a stereotype ASAP. Faulty impressions give cybercrime a romantic aura, which in turn attracts the younger generations of would-be cybergeeks-come-cybercriminals – who can’t seem to grasp the seriousness of their “fun” or understand how many years they could face in jail.

Then there’s another stereotype: that computer crime pays, and the perpetrators don’t get caught. Romanticism! Ok, it’s true that several years ago in many countries computer crime was in fact not all that often prosecuted; however, now that situation has changed: the law enforcement bodies have both the experience and know-how required, have made great strides in terms of cyber-criminalistics (cyber-CSI stuff), and have established good working relations with professionals, all leading them to now being able to solve one hi-tech crime after another.

We are always ready to assist national and international law enforcement agencies if they request it. I think the development of such cooperation is crucial for the successful fight against cybercrime – as security companies are the ones that possess the necessary knowledge.

Now, let me give you an illustrative example of how it works in Russia.

More: Catching the phishes …

December 6, 2011

SOPA-Dodger.

- or why have we decided to withdraw from the Business Software Alliance (BSA).

Hi all!

Recently the US blogosphere has become increasingly alarmed by the new Anti-Piracy Act – Stop Online Piracy Act or SOPA. Discussions of the topic are, to put it mildly, quite frank, with comments like: “These idiots are coming for your internet” (read here).

What is SOPA?

It is support for and development of something that is currently very relevant – the protection of intellectual property. Ladies and gentlemen, this really is important! “Thou shalt not steal,” as the Bible says! An author – or more often than not, a team – spends sleepless nights writing a book, composing music, shooting a film, creating software or testing software packages. Doesn’t that deserve a financial reward? Yes or no? Think before you answer – someone could well ask the same question about your profession… So?

More: A vinyl-age law for Internet? …

November 18, 2011

It’s the End of the Net as We Know It.

Hi everybody!

Time to tell you about a bunch of really exciting events I’ve been to over the past few weeks. It’s been a fairly crazy mini-tour covering Geneva, Dublin and London non-stop. Two or three days in each city and each time talking to some very interesting people on all sorts of hot topics.

It all started with the United Nation’s International Telecommunication Unit (ITU) meetings in Switzerland. The organization is showing great progress towards developing a common approach to fighting cybercrime on an international level. However, I’m afraid I can’t tell you any further details. It was a very hush-hush private meeting behind closed doors where we discussed some issues I can’t share with you at the moment. Nevertheless – stay tuned and soon I’ll be able to uncover some details…

Next up was Dublin and the F.ounders 2011 conference, which we’ve already mentioned here.

Last stop – the London Conference on Cyberspace. This was quite something – in fact, it unexpectedly turned out to be this year’s best event I was involved in!

The conference, organized by the British Foreign Office, took place on November 1-2 in the Borough of Westminster. I would like to thank the British Foreign Secretary and First Secretary of State William Hague for his personal invitation to me to take part in the event. I must say it was a surprise to find myself as the only “boss” from the IT security industry to address the audience. But then on the other hand I think the Foreign Office made the right choice – big-wigs from competitors would only have given the audience the same old BBB (Boring Business Blah blah blah) and spoiled the event!

Eugene Kaspersky at the London Conference on Cyberspace

More > Saving the Internet in London …

July 11, 2011

Law-abiding Cyber-folk of the World – Unite!

All-righty! Here we are with the latest news.

What we have been for ages talking about, explaining, and encouraging, at last is finally showing some signs of actually being put into practice.

A new body – the International Cyber Security Protection Alliance (ICSPA) (news, site)  – has been founded in London: an international non-commercial organization that brings together “governments, international business and law enforcement bodies, including Europol”. The aim of the new organization is simple: to tackle nationalistic narrow-mindedness, unite parochial strengths, and fight cyber-crime on a global level – together.

This is what we’ve been been advocating constantly for more than ten years. It’s impossible to tackle international criminals with traditional methods alone, when every country just thinks of itself, covers its own backside, and the rest of the world can go whistle.

Read more > United we stand