Monthly Archives: June 2018

Caribbean geography lesson – in a helicopter.

Looking over all my Caribbean pics, the main thing that stands out is that there a lot of them; so many that I’m getting my Caribbean-post titles mixed up. The other day we had Montserrat, but I’m sure, with hindsight, we should have had an intro post about all the islands together. Oh well, too late for that, so now we’ll have a summary photographic overview of the Lesser Antilles instead, with pics taken from a helicopter.

Quick caveat: I apologize for some of the pics being a bit blurry. Helicopters tend to jolt around up in the sky, and twist and turn and shudder a lot, so setting up perfect shots was practically impossible.

All righty. Off we chopper – south from Anguilla. The first island we come to?…

Saint Martin – one half French, the other – Dutch. So the island has a France-Netherlands state border running across it!

Read on…

Peter: Picture-perfect for KL-partner-conf.

St. Petersburg when the sun’s come out to play is to me the best city to be in in Europe. And I’m not alone in declaring such a bold sentiment – I’ve heard it from many others from many different countries too. But why ‘in Europe’? That’s just so as to be able to compare meaningfully. It’s difficult comparing Russia’s second city with, say, Hong Kong or Singapore, as they’re just so different on so many levels. But I digress. So, about StP!…

Read on: nostalgic!…

Flickr photostream

Instagram photostream

Dutch hacker, big cyber-politics, and the anatomy of ‘real’ fake news.

Almost 21 years ago, I embarked on a mission to make the world a safer, better place. Today, we’re proud to protect with our cybersecurity solutions the digital lives of over 400 million consumers and 270,000 organizations around the world. Like many other companies whose aim is enhancing people’s lives, we also know that the higher you go, the stronger the winds can be. For us these winds include false media reporting. And in today’s environment of ‘media-ocracy’ and fake news, the situation is getting worse.

For nearly four years now, certain U.S. media outlets have been printing outlandishly preposterous false stories about cyber-conspiracies concocted between secret service folks and Yours Truly against the ‘free world’.

Evidence suggests that a Dutch politician is behind a fake story about Kaspersky Lab in the biggest Dutch daily newspaper

These tales from the paranoid side about us all fit the same template. Accordingly, their basic structure and rhetoric are always identical:

  • Unnamed U.S. intelligence officials share certain ‘shocking details’ about [insert as applicable] with a select few representatives of a given media outlet;
  • Anonymous sources are mostly used; any ‘sources’ cited are incompetent/unqualified to be sources;
  • Zero evidence of any wrongdoing on our part is presented (logical: there is no wrongdoing);
  • Distortion of reality based on the Pareto principle (80% truth + 20% fiction = monstrous lie);
  • These media stories are then used as a basis for taking political decisions (proof).

Incidentally, you may be wondering why, if all the stories about us are indeed false, we’ve never taken legal action in the U.S. The short answer to that is that U.S. legislation makes establishing the truth of a media story very difficult. Meanwhile, we get a ‘media-ocracy’ – with ‘news’ that isn’t news at all, just a vehicle for instilling in readers’ minds images of an ‘enemy’, so as to influence the underlying opinions of the people reading those media. But it doesn’t stop there. This non-news is used to justify high-level political moves against the next-in-line-to-be-out-of-favor company. Yes, of late it’s not just KL being pinpointed; this is growing bigger and bigger every month, affecting other companies too.

Worryingly, this media-ocracy is very influential – and highly contagious; so much so that it can now be felt all around the world, not just in America. And that now includes even the Netherlands.

Media-ocracy: vehicle for instilling in readers’ minds images of an ‘enemy’ and using false allegations for taking political decisions. Alas, it’s highly contagious.

On February 3 of this year, the largest Dutch national daily newspaper, De Telegraaf, published a ‘sensational’ article about a hacker who, allegedly, had claimed to have hacked into the network of our Dutch office (from just outside the building) and managed to obtain a number of IP addresses – all as part of a supposed investigation to help uncover a leak in the Dutch parliament – a leak organized to help ‘the Russians’. Inevitable questions like why specifically we were hacked, why those particular IP addresses were obtained, etc. are left unanswered, but for us the key thing to be addressed was the claim that someone had breached our own highly secure corporate network.

So yes, we took the claims very seriously. We’re a cybersecurity company, remember?! So naturally we carried out an internal investigation. And guess what it showed. No hack occurred. But that’s only the start of this sorry tale.

Read on: It gets even more ridiculous…

Enter your email address to subscribe to this blog

Hamburg and ships please.

I wrote in my last post that I was headed home after Sheffield. But I’d forgotten about our scheduled stay en route in Hamburg – possibly the most beautiful city in Germany. I think that’s a sign the trip had been a bit too hectic: forgetting completely about an upcoming port-of-call is most unlike me.

So here we are – in Hamburg!

The possibilities for the tourist in Hamburg are vast. It was tricky deciding but, after the day’s business, my travel companion and I plumped for an Elbe river and seaport (one of the largest in Europe, and Germany’s main port) boat excursion.

Off we go! And the first thing we see: Tolkien!

Read on…

Up north for a (s)pot of snooker.

I often get asked what’s my favorite sport (along with, of late, which matches I’m planning on watching during the upcoming World Cup).

And my usual answer normally seems to disappoint a little: I don’t really have one, as I don’t like sitting in one spot in a stadium or on the sofa in front of the TV watching sport. I prefer to be doing the sport – rather, active activities – myself. Scaling volcanoes, going off on long expeditions in far-flung corners of the world, or just trekking along the banks of a river down a mountainous valley – that’s my bag.

And besides, I don’t watch TV – at all (dreadful habit:).

(Oops – me telling fibs again; I do watch TV in tiny doses: I watch kiddies’ stuff together with my own kiddies; I sometimes glance at the zombie-panel in the gym between sets; on the treadmill in the gym I switch to the nature/wildlife channels; and I’m not averse to peeking at a screen in business lounges in airports. But that really is it:)

Wait. I also watch Formula 1 races on screens, but that’s not quite ‘TV’. It’s normally in the Ferrari paddock, and there’s technical race info on the screens too. But I don’t watch a Grand Prix of a Sunday afternoon on regular TV.

So, yeah – you get it: I generally don’t watch telly. But there is one exception I make (besides all the other quasi-exceptions mentioned above). There is one thing on the TV that can force me to sit in one place for a long time. And it is a sport. And it is… snooker!

Not pool, not billiards… snooker, with its more refined rules and more tactical gameplay. And, by a strange (!) coincidence, we happen to sponsor one of the stages of the World Snooker Championship – Riga Masters.

And since I was in the UK, and my travel/business schedule permitted it, I got myself up to Sheffield, to watch the semi-final of the World Snooker Championship 2018!

Read on…

Thames Path – pt. 5.

Having just completed a vacation-till-you-drop tour of the Caribbean and Bahamas – up early every morning, late to bed every night, daily flights between the islands, sore index finger from all the snapping – it was time for a complete change: of continent. But the island theme, arguably, continued, for we were headed to London, capital of the UK – another island nation.

I find myself in the British capital frequently – our European HQ is here, so there’s always plenty of business needs seeing to. And seeing as though I’m here often, and have been known to enjoy a lengthy, brisk stroll if I can fit one into my working schedule, I decided a few years back to walk different sections of the Thames Path at different times, whenever I can. You can’t do the whole Path in one go as it’s just too long – nearly 300km! Well, I’d done four sections to date, with the last one taking me as far as Richmond Lock. Now, it was time for the fifth installment…

So, setting off from above-mentioned lock, the first things we come to are two bridges:

Conveniently, practically all bridges along the route have paths or tunnels going under them beside the river, meaning you don’t have to climb up from the Thames to get past them.

Read on…

Bahamama Mia!

Get ready folks – this post is full of extremely bright colors. I recommend wearing sunglasses (and a Panama hat) so you don’t get blinded (and sunburned:). For this post is dedicated to the 365 Bahaman islands – cays – of Exuma, one of the most beautiful places in the world…

As often occurs on these here blogpages when I encounter off-the-scale natural beauty, there’ll be few words today and, you guessed it, lots of pics…

Read on:

Features you’d normally never hear about (ver. 2018): KFP – Keeps your Funds Preserved!

When it comes to choosing an item of clothing – the only thing that’s important for me is functionality. Nice packaging, a designer brand, status level and other stuff don’t matter to me one bit. Same with cars really: if one gets you from A to B in good time, safely, and in reasonable comfort (so, maybe with a/c.) that’s all that really matters.

The same ‘ignore the unimportant stuff’ principle should be applied when it comes to one’s choice of cybersecurity product too. One really should – though many don’t – make sure one doesn’t fall for the ‘other stuff’ (= marketing waffle) that has no relation to actual protection. For it turns out that in thorough independent testing, new glamorous ‘next-generation antivirus’ products are shown to contain under their hoods fake artificial intelligence, adopted AV detection, and ‘protection’ full of holes. Put another way: they’re placebos, nothing more. So, in order not to become a victim of shiny marketing based on unsound security, you need to lift the hood yourself to have a look at how things work.

Of course, not everyone has the time and patience and technical knowledge to be able to plough through technical documentation of a cybersecurity product and understand it. But even if someone did, there’s still a chance the developer is mostly spinning a yarn throughout all that techy jargon.

With us, on the other hand, it’s just the opposite: we’re proud of our technologies, openly publish their technical details (without the yarns) and consider that anyone can understand them if explained appropriately. Ultimately we’re the most transparent cybersecurity company around – even to the extent that we’re ready to share our source code for inspection.

But to add to the clarity and accessibility of some of our tech, seven years ago, I started a series of regular posts on this here blog with the technology tag, in which all the main points of our more complex tech features are explained in simple language (complex tech features ‘you’d normally never hear about’, much less – read about in the regular, for-geeks-only technical notes). These are the largely invisible – under-the-hood – features, but they’re the ones that happen to be the real nuts-and-bolts of our cyberprotection.

Ok. Intro over. Today’s post is about how banks recognize a hack into your bank account.

Let’s say that one day you get a message from your bank that goes along the lines of: ‘Suspicious activity has been detected on your account…’. The first thing you do is go over the last few days trying to recall everywhere you’ve been, where you withdrew cash and how much, what you bought in shops/cafes, etc. and/or online, and so on.

In my case, it may look like this: (i) withdrew Norwegian kroner from an ATM in Longyearbyen, Svalbard, Norway; (ii) bought a steak and a beer salad and a mineral water in Oslo Airport, Norway; (iii) bought the missus a present in Schiphol Airport in Amsterdam, Holland – plus another salad and mineral water for lucky me; (iv) somewhere in the vicinity of the Azores bought some airplane internet access time; (v) withdrew some balboas in Tocumen Airport in Panama; and (vi) paid for dinner for a large party in a village not far from Panama City. And that was all in just one day!

Now, of course, to a bank, that string of transactions with a credit card – registered in none of the countries mentioned – sure could look suspicious. Quite who starts the day in the northernmost town in the world, buys an expensive duty free item a while later in a European capital, and ends up in Panama in the evening and forks out for a banquet, but has never taken such an unusual route before ever?

Sure. But let’s face it, banks can’t keep track of their millions of clients. How many employees would they need to do so? No, instead, the bank has a smart automated system (like Kaspersky Fraud Prevention (KFP)) that recognizes fraud automatically and with a high degree of accuracy. Ok, let’s have a look under KFP’s hood and see how it protects your money.

Each client of a bank has a model of behavior: a mathematical graph that contains the devices (computers, smartphones, tablets) and accounts of the user, bank services used (e.g., internet banking), and also rules for interaction among all the just mentioned. The model is built on the basis of collected anonymized data about specific activity of the client on the internet and using mobile bank. Crucially, the system isn’t interested in concrete transactions, sums involved, invoice details, names and so on – banking secrecy remains banking secrecy. Threats are calculated based solely on technical metadata and analysis of anonymized actions.

Such an approach allows to automatically detect many different kinds of cyber-fraud.

Example 1: Citizen X uses his internet banking application on his home computer. To authenticate his identity he uses the USB token given him by the bank. But since for protection he’s installed a next-generation antivirus based on a ‘cutting-edge AI system’, one day a malicious Trojan gets through. That Trojan – assisted by the token being forgotten about and left in the USB port – starts to transfer money on the quiet from Citizen X’s account. But it’s not ‘on the quiet’ for the banking anti-fraud system, which detects the anomalous behavior quickly, blocks the operation and informs the bank’s security department.

KFP control panel

Read on…

Montserrat: half-paradise, half-ghost-isle.

Hi folks!

Next up, Montserrat, aka, the Emerald Isle of the Caribbean.

Brief main info: This is another British Overseas Territory. Population: ~5000. Again, the locals don’t live too high on the hog; however, the island has a pleasant climate and outward appearance, which makes it a hit with foreigners who live very high on the hog and who like to visit, as can be seen from all the very nice houses and villas (from a helicopter).

Read on…