August 4, 2011
Great GReAT Guys: Costin G. Raiu in the Spotlight.
During my career I’ve given thousands of interviews. Really! There’ve been times when I’ve even had like a dozen or so interviews in a single day (and this still happens when I’m at CeBIT or taking part in our press tours) – enough chattering in a day to make one hoarse.
Not that I’m complaining. I love talking to journalists. I find they always give me the opportunity to think more and in slightly different ways about the things I considered to be all thought out already.
From the business perspective interviews are something that raises public awareness. But I always pursue the plain and simple goal of educating users about cyber threats and trying to spread the word on best practices of how to protect their computers.
The journalists don’t let me trick you: I avoid pushing products and instead talk exclusively about trends and countermeasures. Remember our motto, “We’re here to save the world”. Money is not an end in itself. We strive to do a great job protecting customers. Money is something that comes to you when you succeed in doing a great job.
Anyway, I’ve decided to indulge myself by being on the other side of the interview. I’ll start a series of posts interviewing key people at KL.
Today I have the pleasure of asking Costin Raiu all about the many interesting things in his life, his professional experience, and about his hobbies and other stuff, presenting him to the public in a very informal way.
Short bio
Costin joined Kaspersky Lab in the year 2000 as a leading antivirus researcher.
Since 2010 he has been leading the Global Research & Analysis Team (GReAT) – one of the company’s most important technological assets comprised of top-notch security researchers around the globe constantly analyzing new cyber threats and developing protection.
Prior to becoming Director of GReAT, Costin held the position of Chief Security Expert, overseeing research efforts in the EEMEA region. Costin specializes in malicious websites, browser security and exploits, e-banking malware, enterprise-level security and Web 2.0 threats.
Costin has extensive experience in antivirus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board, a member of the Computer AntiVirus Researchers’ Organization (CARO), and a reporter for Wildlist Organization International. Prior to joining Kaspersky Lab, Costin worked for GeCAD as one of their chief researchers and as a data security expert with the RAV antivirus developers group.
His hobbies include playing chess, high precision arithmetic, cryptography, chemistry, photography and science fiction literature.
You can follow Costin on Twitter (@craiu) and read his personal blog at Securelist.
So, Costin, how did it all get started? How did you come to be a security researcher?
Ever since I was a child I’ve liked electronics and fixing stuff in general. My father was an engineer and he’d spend evenings fixing our neighbors’ TVs and radios, and that’s how I acquired my passion for electronics.
Later, immediately after the 1989 Romanian Revolution, the country’s borders were opened and foreign products became more popular. That’s how computers first appeared in Romania and how I got the chance to work with them.
It was around 1990 when I saw a PC for the first time and became interested in computers. My parents bought me a Z80 clone and with this computer I started learning Basic. Then, when Basic became too slow, I started hacking into machine code.
When I got hold of an 8086 assembly book from a friend, I was amazed by the possibilities opened up by 16-bit processing. About the same time I was studying 8086 assembler, my school received a donation of five computers – four 286’s and one 486SX server running Novell NetWare.
One day, problems started in our little school network; they turned out to be caused by a nasty virus called BadSectors.3428! Back then, no antivirus product was able to detect it, so using my assembler skills I took it apart and wrote a cleaner for it. I remember spending half a day and a whole night to do it – I was so afraid that somebody else in our school would come up with a solution faster than me.
After this incident, my friends started sending me other computer viruses and asking for cleaning tools. By this time my parents had bought me a 16Mhz 80286 computer with 1MB of RAM and 40MB of HDD, which is where I developed my antivirus called “MScan”, later renamed RAV.
We’ve been working together for almost 11 years now. Can you tell the readers the story of how we bumped into each other?
In the summer of 1994, a small Romanian company called GeCAD became interested in distributing a commercial version of my then-free scanner, MScan.
We decided to rename it RAV (RSN AntiVirus, later renamed Reliable AntiVirus) and started selling it.
Back in 1996, the main problem was boot viruses; these were slowly replaced by macro viruses around 1997. It was around this time that I tried getting in touch with other researchers over the Internet to exchange samples. The only person who replied to my messages was a guy named Eugene Kaspersky from AVP. As you remember, you visited me and my colleague Mady Marinescu in Bucharest- and that was the beginning of our friendship.
In the following years I visited Moscow and met and talked with you and really liked what you were doing and the company you were building. Although small, it had the best technology in the world and you were an amazing mentor to learn from. So it should come as no surprise that when I decided to leave RAV my top choice was Kaspersky Lab.
What are the greatest challenges to IT security nowadays?
Compared to ten years ago, today’s world is completely different.
I believe the main reason for the rapid change was quick adoption of the Internet coupled with the miniaturization of computer devices. Actually, both these two are still a reason for change today. We’ve moved from large stand-alone mainframes to mini-computers, netbooks, tablets and smartphones, all connected to each other.
As a result, the threats have become different too. Although viruses and Trojans are still a problem, people now worry about other things as well – information leaks, social networks, privacy issues and targeted attacks. There’s a very interesting book called “The Singularity Is Near”, by Ray Kurzweil, which deals with this storm of changes and the inevitable emergence of A.I. in the near future. When that happens, I guess we will become more like doctors than engineers, though we’ll still be needed to fix things round and about…
Does the infosec industry have the guts to tackle the challenges it faces, and what will the security landscape look like in, say, five years’ time?
For over 30 years, infosec has mostly been about catching up.
What I mean is that security vulnerabilities are found, the bad guys exploit them, and the security vendors find solutions. In the case of antivirus products for instance, I remember the time when updates were sent out to customers by snail mail.
Then we switched to the Internet and weekly updates; then daily; and finally hourly updates. This was probably the point at which security companies discovered that it’s not all that productive to go any faster – instead, a different solution appeared; here I am talking about the Cloud, of course.
Additionally, experts have been experimenting with new technologies, such as virtualization and whitelisting, as alternatives to the conventional “blacklisting” approach found in AV programs. I am not sure which one will succeed. Actually, I don’t think that any single technology will provide a solution to all security problems. Instead, it will be a combination of better hardware, better operating systems, cloud security, virtualization and user awareness.
That’s my best shot at how the security landscape will look in five to ten years’ time.
What were some of the most personally significant pieces of malware you’ve ever analyzed? Any tales?
For me I guess the most personally significant has to be the BadSectors.3428 virus that infected my school, though I remember another interesting one, in 1998.
Once you gave me a virus called StrangeBrew, which was written entirely in Java. You gave it to me during your trip to Bucharest. After you left, I spent all day and night analyzing it – decompiling the bytecode and trying to understand how it works.
Just like with BadSector, I feared someone else would be faster and publish analysis before me! I think Symantec had a description available by the time mine was finished, but theirs was not as complete as mine. I was really proud of it. It was also the subject of my second Virus Bulletin article.
Outside working hours, is there anything you are interested in besides all things viruses and arithmetic?
I have a passion for photography. For a while I was the editor of a Romanian photography magazine called FotoMagazin.
I was also actively involved in the creation of the Bucharest photo-club – “Fotoclub de Bucuresti” – and I have many fond memories from that period; sending prints to contests for instance.
Due to work commitments and a general lack of time, I abandoned this hobby for a while, although recently I’ve started taking photos again. I have several cameras at home – a Canon EOS 5 (film), a Canon 5D Mark II, a Leica M6 and a Contax G2. I love the Contax G2 with the incredible Zeiss lenses – especially how they render images on black and white film – although that’s sadly becoming harder to work with because it’s difficult to find labs that process film nowadays. Maybe I should set one up at home?…
I’ve recently also started playing chess “again”. I played a lot of chess back in my university days. Recently, when I was lucky enough to get the opportunity to play with Anatoly Karpov, I decided to resume this hobby.
I now play mostly on chess.com (username “craiu”). I think my game with Mr. Karpov was probably my worst ever, but also my most memorable. I was so excited that I completely forgot all the opening theory and made some scandalous blunders! It was still fantastic playing with him.
Just recently you became a father. How’s this new status sit with you?
It’s an amazing feeling! The moment I went to the hospital and first saw my daughter, I felt like a different man.
Now Daria is three months old and beginning to learn things and recognize our faces. And despite the protests of her grandparents, we’ve decided that she’ll be a great chess player, not a ballerina – like all girls want :)
Thank you so much, Costin. You made me very sentimental about the past, and have strengthened my conviction that we have a truly great GReAT team led by an inspired guy who lives and enjoys a very interesting life!