15 years in Kazakhstan!

Selem folks!

I’ve still plenty more to tell and show you about our Kurils-2019 expedition, and also about my recent trip to Mongolia and its Gobi Desert, but in the meantime I’ve been visiting yet further countries less-visited – including… Kazakhstan! Now, I know I’m behind on my Kuril-and-Gobi catch-up, but I don’t want that tardiness to cross over into other trips. Accordingly, herewith, a brief side excursion – to Almaty!

I was in Kazakhstan’s largest city to celebrate a jubilee – the 15th anniversary of our presence in the region, and that covers the whole of Central Asia, including Mongolia!

(The photos are official ones – taken by a professional photographer)

First there was the day’s work, which was non-stop: press conference, Q&A, presentations for partners and clients, and preparations for the evening’s celebrations.

Next – the evening’s celebrations!…

Which were just how we liKe them: fun, friendly, singing-and-dancing, and with assorted attractions.

The boss down there – Evgeny Pitolin. Been with us at K now, oooh – lost count: many, many years ).

Crikey! Now that’s some birthday cake!

So… how do you go about cutting that. Where do you start?! Such a shame to destroy it!

Ok, here goes!…

Time to party – and rock!

(Of late – over the last few years, I mean – we’ve had quite a few local-office anniversaries: Italy, Poland, Spain, but I digress).

So, 15 years in Kazakhstan, eh? Now, if it were, say, five years in Kazakhstan, I’d no doubt dig up blogposts, FB posts, Instagrams and the like from five years ago for a little nostalgic retrospective from back when the office was founded. However, 15 years ago – no blogs, no FB, no Insta – not even our Fan Club! So let me give you a roundup of the status of K back then – manually, as it were…

️ 2004-1: our antivirus engine – yes, it was the best in the world (really; and it’s stayed the best:);

️ 2004-2: Sure, the Anti-Virus with my surname on it – it was a little wonky; this is where the ‘Kaspersky slows things down too much’ thing came from; however, that’s long since a thing of the past;

️ 2004-3: We made some timid, uncertain steps toward making a for-business product. Our competitors laughed – hard. But those were important first baby steps. Fast-forward to today and no one’s laughing anymore – we’re ahead of everyone );

️ 2004-main things: (i) it was this year when, due to performance issues, we turned our whole approach to antivirus upside-down – including a complete overhaul of our engine; (ii) it was from around this year when we started expanding our presence across the whole world.

In 2004, besides Kazakhstan, we opened rep offices in the U.S., France, Germany and Japan, and a subsidiary in China. Later, after a brief breather – we were at it again and soon had offices everywhere.

Other figures from 2004:

✔️ Earnings = US$27m;

✔️ 380 employees.

15 years later we were earning 25 times more and employing 11 times more staff. Our product range also went through the roof ). Plus: assorted services, education, this, that, universities, schools, Security Analyst Summit (SAS). And the icing on the cake: KasperskyOS and secure online voting using blockchain.

How we’ve come on in 15 years!

Ok – back to Kazakhstan after that nostalgic digression…

After the work – and the play – it was time for a spot of tourism. So off we popped to Big Almaty Lake, naturally ).

Unfortunately you can’t swim in the lake; if you do you can end up in prison, apparently! Shame!

What a beauty!

Next – over to Shymbulak. I remember it from decades ago. But there were no glass bottoms back then like there are now…

No snow! So it was a quick up and down, then back to Almaty. Next day it was back to Moscow. And from the plane:

That’s all for today folks!

Krenitsyna in the Kuril sun: volcanic scenes that simply can’t be outdone!

Let’s say you’re near the top of Krenitsyna Volcano in the Kurils, you’ve applied the Strategic Stratovolcano Stratagem to secure some imminent sunny weather, you have tents with you, sleeping bags and gas stoves (no firewood up there) and all the rest, which you’ve carried with you 500+ meters along the vertical and 9km on foot (7.5km to the edge of the caldera; 1.7km to the pond), you dump it all down on the grass (or put up the tents straight away if the weather’s still poor), sit on the very edge (ideal spot – very comfortable) and are ready to behold the most mind-blowingly picturesque volcanic scene on the planet…

So, what next?…

Next, you just sit and wait. Everything will work itself out. Namely, that just-mentioned most mind-blowingly picturesque volcanic scene on the planet slowly but surely comes into full view. Oh my grandiose! Then, you just stay sitting there, unable to tear your eyes away from it – as if you’d want to ).

Read on…

i-Closed-architecture and the illusion of unhackability.

The end of August brought us quite a few news headlines around the world on the cybersecurity of mobile operating systems; rather – a lack of cybersecurity of mobile operating systems.

First up there was the news that iPhones have been getting attacked for a full two years (!) via a full 14 vulnerabilities (!) in iOS-based software. To be attacked, all a user had to do was visit one of several hacked websites – nothing more – and they’d never know anything about it.

But before all you Android heads start with the ‘nah nana nah nahs’ aimed at the Apple brethren, the very same week the iScandal broke, it was reported that Android devices had been targeted by (possibly) some of the same hackers who had been attacking iPhones.

It would seem that this news is just the next in a very long line of confirmations that no matter what the OS, there may always be vulnerabilities that can be found in it that can be exploited by certain folks – be they individuals, groups of individuals, or even countries (via their secret services). But there’s more to this news: it brings about a return to the discussion of the pros and cons of closed-architecture operating systems like iOS.

Let me quote a tweet first that ideally describes the status of cybersecurity in the iEcosystem:

In this case Apple was real lucky: the attack was discovered by white-hat hackers at Google, who privately gave the iDevelopers all the details, who in turn bunged up the holes in their software, and half a year later (when most of their users had already updated their iOS) told the world about what had happened.

Question #1: How quickly would the company have been able to solve the problem if the information had gone public before the release of the patch?

Question #2: How many months – or years – earlier would these holes have been found by independent cybersecurity experts if they had been allowed access to the diagnostics of the operating system?

To be frank, what we’ve got here is a monopoly on research into iOS. Both the search for vulnerabilities and analysis of apps are made much more difficult by the excessive closed nature of the system. The result is almost complete silence on the security front in iOS. But that silence does not actually mean everything’s fine; it just means that no one actually knows what’s really going on in there – inside those very expensive shiny slabs of aluminum and glass. Even Apple itself…

This state of affairs allows Apple to continue to claim it has the most secure OS; of course it can – as no one knows what’s inside the box. Meanwhile, as time passes – yet no independent experts can meaningfully analyze what is inside the box – hundreds of millions of users are just lying in wait helpless until the next wave of attacks hits iOS. Or, put another way – in pictures…:

Now, Apple, to its credit, does put a lot of time and money into increasing security and confidentiality with regard to its products and ecosystems on the whole. Thing is, there isn’t a single company – no matter how large and powerful – can do what the whole world community of cybersecurity experts can combined. Moreover, the most bandied-about argument for iOS being closed to third-party security solutions is that any access of independent developers to the system would represent a potential vector of attack. But that it just nonsense!

Discovering vulnerabilities and flagging bad apps is possible with read-only diagnostic technologies, which can expose malicious anomalies upon analysis of system events. However, such apps are being firmly expelled from the App Store! I can’t see any good reason for this beside fear of losing the ‘iOS research monopoly’… oh, and of course the ability to continue pushing the message that iOS is the most secure mobile platform. And this is why, when iUsers ask me how they’re supposed to actually protect their iDevices, I have just one simple stock answer: all they can do is pray and hope – because the whole global cybersecurity community just ain’t around to help ).

Enter your email address to subscribe to this blog
(Required)

Gobi Desert: the red rocks of Bayanzag.

Hi folks!

It was a bright, clear morning, and it was time to head further along the route of our express-journey across the Gobi Desert. Next port of call – the Flaming Cliffs, aka Bayanzag.

It’s around about here where many dinosaur bones and even whole dinosaur skeletons have been discovered. And the internet tells me it was here where the first fossilized dinosaur eggs were found. Yes, I think that’s highly likely: I’m sure they could have simply fallen out of these here red-rock cliffs that were eroded over the years to expose them. And anyway, besides their usefulness to prehistorical studies, these red rocks and cliffs are also delightfully beautiful – and very reminiscent of Utah. U.S.A.:

Read on

Okey-dokey – let’s chopper over the Gobi.

And now for more Gobi desert.

The Gobi is a huge desert consisting of several regions. It occupies Mongolia’s southern and south-western territory and a considerable part of central northern China. We only saw a small portion of it in southern Mongolia, but that was more than enough for our first visit. I can’t stress it enough: the Gobi is absolutely magical in gentle summer weather, and I highly recommend that everyone sees it with their own eyes. There are vast, infinite spaces. I want to say it’s where the horizon goes beyond the line of horizon’!

Read on…

Our fan club is a teenager already!

If ever I mention while chatting with someone that Kaspersky has a fan club, I immediately get asked: Why? How come an antivirus company has a fan club? Here are the why’s: because it’s been a long time since we just made antivirus protection; because our company is always actively doing fun and interesting stuff; and because people want to participate in what Kaspersky does even if they’re not employees. And, well, it’s just cool to have one.

All this tomfoolery began, it’s scary to recall, 13 years ago, back when we cranked out version 6, which was praised throughout the computer security industry. Almost daily we posted new builds on the forum, where dozens of volunteers would immediately grab this raw but very promising code, install it, and test how well it worked. I think the main motivator for them to participate was the feeling that the developers (the entire team, without exception, followed the forum) instantly incorporated any feedback from bug reports and feature wish-lists. Users liked that they could have a say in the look, behavior, and fate of a popular software product.

Users still have this power to shape our products even today. Every year, our R&D division tests new versions of our products, which have now become numerous and very diverse — there’s even a dozen mobile apps — and the volunteers from our fan club still participate in this testing process. Fans are interested in tinkering with the latest builds, testing new features, and catching bugs. That’s why they participate in these types of closed beta tests. Well, it’s also cool to have the chance to use new products a few months earlier than the rest of the world! Not that we settle for thanking our friends with mere pats on the back … but more on that below.

Read on…

The King of Volcanos: Krenitsyn volcano, Kuril Islands.

Now we’re done with the northernmost Kuril islands, and it’s time to head south. On the right hand side, we see two islands Antsiferov and Makanrushi. I’ve not heard anything interesting about these two, which is why we pass them by without calling in; perhaps there is something worth seeing that I don’t know about. If anybody knows of something worth seeing on those islands, let me know and I’ll try and visit them next time I’m around this way.

Next on our Kurils route comes sunny Onekotan, a truly remarkable and delightful place! What makes it so special is the Krenitsyn volcano, the most beautiful volcano in the world, positioned at the island’s southern tip. No words or comments can match its beauty… This is the king of all volcanos! A stunning creation. Oh… and there I was trying to steer clear of “words or comments”. Even just looking at these pictures, it takes your breath away… Wow!

Read on…

Cyber-news: nuclear crypto mining.

Hi folks!

The i-news section is back with a bang after the summer holidays. Straightaway there’s some hot industrial cybersecurity news.

In case anybody missed my posts about how I spent this summer, here you go. Meanwhile, how some of the personnel at the South Ukraine Nuclear Power Plant spent their summer was reported in recent crime-related news. Ukraine’s Security Service (SBU) recently terminated cryptocurrency mining at the power plant’s restricted access facilities. This, erm, extra-curricular activity resulted in the leak of top-secret information about the power plant’s physical security. This is not only pretty depressing but also downright scary.

source

According to expert forecasts, the ICS market is set to reach $7 billion by 2024. Attacks on critical infrastructure are increasingly hitting the headlines. The recent Venezuela blackout, for example, immediately looked suspicious to me, and just a couple of days later it was announced that it was caused by a cyberattack.

This July, in collaboration with ARC Advisory Group, we published a lengthy report on the state of things in the industrial cybersecurity sphere. It’s a good read, with lots of interesting stuff in there. Here is a number for you to ponder on: in 2018, 52% of industrial cybersecurity incidents were caused by staff errors, or, in other words, because of the notorious human factor. Behind this number is a whole host of problems, including a shortage of professionals to fill key jobs, a lack of technical awareness among employees, and insufficient cybersecurity budgets. Go ahead and read the report – it’s free :)

Attention all those interested in industrial cybersecurity: you still have a few days (till August 30) to sign up for our annual Kaspersky Industrial Cybersecurity Conference 2019. This year, it’s being held from September 18-20 in Sochi, Russia. There’ll be presentations by over 30 international ICS experts, including yours truly. So, see you soon in sunny Sochi to talk about some serious problems and ways to deal with them!

Full-on Gobi experience!

My summer schedule has whirled into a frantic tornado. It’s only likely to ease up … at the end of October :) It was only 16 days ago that I returned from my trip to the Kurils, Sakhalin, Komandorski and Kamchatka, and since then I’ve been on a round trip to Malaysia, Mongolia and Kazakhstan. And now my suitcase is packed and I’m ready to fly again…

There are still about 5,000 photos “in the pipeline”. It’s scary to think when that backlog may get cleared up, especially considering the very interesting places in my upcoming world travel plans. They’re the kind of places that leave a lingering imprint in your memory – and photos on the internet. However, it’s now time to catch up on some old stuff.

There was one place on the planet that I had long been dreaming of visiting – the Gobi Desert in Mongolia. I’ll add some stories later. For now, I just want to post a selection of some of the very best photos. Here you go!

Endless wilderness…

Read on…