NOTES, COMMENT AND BUZZ FROM EUGENE KASPERSKY – OFFICIAL BLOG
June 7, 2018
Get ready folks – this post is full of extremely bright colors. I recommend wearing sunglasses (and a Panama hat) so you don’t get blinded (and sunburned:). For this post is dedicated to the 365 Bahaman islands – cays – of Exuma, one of the most beautiful places in the world…
As often occurs on these here blogpages when I encounter off-the-scale natural beauty, there’ll be few words today and, you guessed it, lots of pics…
June 6, 2018
When it comes to choosing an item of clothing – the only thing that’s important for me is functionality. Nice packaging, a designer brand, status level and other stuff don’t matter to me one bit. Same with cars really: if one gets you from A to B in good time, safely, and in reasonable comfort (so, maybe with a/c.) that’s all that really matters.
The same ‘ignore the unimportant stuff’ principle should be applied when it comes to one’s choice of cybersecurity product too. One really should – though many don’t – make sure one doesn’t fall for the ‘other stuff’ (= marketing waffle) that has no relation to actual protection. For it turns out that in thorough independent testing, new glamorous ‘next-generation antivirus’ products are shown to contain under their hoods fake artificial intelligence, adopted AV detection, and ‘protection’ full of holes. Put another way: they’re placebos, nothing more. So, in order not to become a victim of shiny marketing based on unsound security, you need to lift the hood yourself to have a look at how things work.
Of course, not everyone has the time and patience and technical knowledge to be able to plough through technical documentation of a cybersecurity product and understand it. But even if someone did, there’s still a chance the developer is mostly spinning a yarn throughout all that techy jargon.
With us, on the other hand, it’s just the opposite: we’re proud of our technologies, openly publish their technical details (without the yarns) and consider that anyone can understand them if explained appropriately. Ultimately we’re the most transparent cybersecurity company around – even to the extent that we’re ready to share our source code for inspection.
But to add to the clarity and accessibility of some of our tech, seven years ago, I started a series of regular posts on this here blog with the technology tag, in which all the main points of our more complex tech features are explained in simple language (complex tech features ‘you’d normally never hear about’, much less – read about in the regular, for-geeks-only technical notes). These are the largely invisible – under-the-hood – features, but they’re the ones that happen to be the real nuts-and-bolts of our cyberprotection.
Ok. Intro over. Today’s post is about how banks recognize a hack into your bank account.
Let’s say that one day you get a message from your bank that goes along the lines of: ‘Suspicious activity has been detected on your account…’. The first thing you do is go over the last few days trying to recall everywhere you’ve been, where you withdrew cash and how much, what you bought in shops/cafes, etc. and/or online, and so on.
In my case, it may look like this: (i) withdrew Norwegian kroner from an ATM in Longyearbyen, Svalbard, Norway; (ii) bought a steak and a beer salad and a mineral water in Oslo Airport, Norway; (iii) bought the missus a present in Schiphol Airport in Amsterdam, Holland – plus another salad and mineral water for lucky me; (iv) somewhere in the vicinity of the Azores bought some airplane internet access time; (v) withdrew some balboas in Tocumen Airport in Panama; and (vi) paid for dinner for a large party in a village not far from Panama City. And that was all in just one day!
Now, of course, to a bank, that string of transactions with a credit card – registered in none of the countries mentioned – sure could look suspicious. Quite who starts the day in the northernmost town in the world, buys an expensive duty free item a while later in a European capital, and ends up in Panama in the evening and forks out for a banquet, but has never taken such an unusual route before ever?
Sure. But let’s face it, banks can’t keep track of their millions of clients. How many employees would they need to do so? No, instead, the bank has a smart automated system (like Kaspersky Fraud Prevention (KFP)) that recognizes fraud automatically and with a high degree of accuracy. Ok, let’s have a look under KFP’s hood and see how it protects your money.
Each client of a bank has a model of behavior: a mathematical graph that contains the devices (computers, smartphones, tablets) and accounts of the user, bank services used (e.g., internet banking), and also rules for interaction among all the just mentioned. The model is built on the basis of collected anonymized data about specific activity of the client on the internet and using mobile bank. Crucially, the system isn’t interested in concrete transactions, sums involved, invoice details, names and so on – banking secrecy remains banking secrecy. Threats are calculated based solely on technical metadata and analysis of anonymized actions.
Such an approach allows to automatically detect many different kinds of cyber-fraud.
Example 1: Citizen X uses his internet banking application on his home computer. To authenticate his identity he uses the USB token given him by the bank. But since for protection he’s installed a next-generation antivirus based on a ‘cutting-edge AI system’, one day a malicious Trojan gets through. That Trojan – assisted by the token being forgotten about and left in the USB port – starts to transfer money on the quiet from Citizen X’s account. But it’s not ‘on the quiet’ for the banking anti-fraud system, which detects the anomalous behavior quickly, blocks the operation and informs the bank’s security department.
KFP control panel
June 3, 2018
Hi folks!
Next up, Montserrat, aka, the Emerald Isle of the Caribbean.
Brief main info: This is another British Overseas Territory. Population: ~5000. Again, the locals don’t live too high on the hog; however, the island has a pleasant climate and outward appearance, which makes it a hit with foreigners who live very high on the hog and who like to visit, as can be seen from all the very nice houses and villas (from a helicopter).
June 2, 2018
June 1, 2018
Hi folks!
As promised, herewith, the next islands of the Lesser Antilles. Next up: Saint Vincent and the Grenadines.
This is another sovereign state, made up of Saint Vincent and – surprise, surprise – the Grenadines. The former is relatively large, covering some 300+km²; the latter is made up of dozens of small and tiny islands, all of which are extraordinarily beautiful – one of them being Mustique.
May 31, 2018
You really should not believe all you read on the internet. But surely we all know that, right?
But, then, at the same time, there are some resources on the net that can be trusted. For example, there’s Wikipedia, which I often refer to in my blogposts. However, even it needs to be read with the occasional pinch of salt added to taste – as I have mentioned occasionally here on this blog.
The issue is basically differences between the information given on different language versions of one and the same Wikipedia subject.
Example: On Wikipedia’s English-language page on Stuxnet – the first known cyberweapon ever to be deployed (the infamous worm which in 2010 physically damaged the Iranian atomic program), it used to state (it’s since been corrected) that Stuxnet was discovered by KL. But it wasn’t. It was first discovered by the Belorussian company VirusBlokAda, and later first ‘cut open and dissected’ by America’s Symantec. Back then we were a little slow and missed the first train. The expert at VirusBlokAda who did first find it, Sergey Ulasen, did soon after come and work for us, but that doesn’t mean we found Stuxnet! Still – there it was, on the English Wikipedia page on Stuxnet. While the Russian-language Stuxnet page told the story correctly.
Such discrepancies I see sometimes on Wikipedia between the Russian and English pages as I like to check both (often out of curiosity to find such discrepancies!). However, who’s to say there aren’t the same – or completely different – discrepancies among some or all the different language versions of any given Wikipedia subject? I haven’t checked, nor can be expected to, as I don’t know dozens of languages. But… just sayin’ and all. It just makes you wonder. In fact, it made me wonder if anyone has a studied this issue in depth. But I digress…
Aaaaaannnnyyyyway, it turns out there’s a discrepancy between certain info on the Russian and English Wiki pages for the Caribbean island of Mustique. In Russian it states that ~ ‘the only means of transportation on the island is the golf cart’. But that just ain’t true. The island has regular cars that travel on regular roads. Meanwhile, over at the English-language page, there’s no mention of golf carts!
Of course, maybe things have changed since when the page was written. But if they have, well… the pages need updating!
May 30, 2018
North Pole with Ocean’s Arctic’s 11, Panama. But that was just for starters. Next up… a place, perhaps, you’ve never heard of – or maybe didn’t realize was a sovereign state:
May 29, 2018
Since the construction of the Panama Canal was deemed: “One of the largest and most difficult engineering projects ever undertaken” (– Wikipedia), I decided it just had to be included in my Top-100 Must-See Places in the World. It was one of those Top-100s I hadn’t visited, but my recent few days in Panama gave me a +1 to my actually-visited Top-100s, and, boy, am I glad: it’s a unique feat of human thought, design and construction, and still the monopolist for marine-bisecting the Americas. And it’s so in-demand that they don’t sell ‘tickets’ for a ship to get through the canal as per some kinda price list; no, they auction them instead – with prices paid sometimes reaching hundreds of thousands of dollars!
It’s also got plenty of fascinating tales to tell regarding its construction. The first attempt to build it – in the 19th century by the French – was eventually called off as money ran out after it overran its completion targets, but not before thousands of workers died during the doomed construction project from yellow fever, malaria and other tropical diseases. The death rate was at one time higher than 200 per month! Oh my ghoulish. (And if my memory serves me well, I do believe it was here that it was first realized that such diseases were in fact spread by mosquitoes.) After work was abandoned (after 22,000 had died) corruption scandals – regarded to be the largest of the 19th century! – ensued. Then the Americans took things over. Later, the Panamanians wanted to seize it over for themselves, and on and on a checkered history of revolutions and other political upheavals.
But let me get away from the politics and back to the hydro-technical engineering…
You can sit and watch the canal’s locks opening and closing, the raising or lowering of the tankers, and their slow movement along the canal forever. Mind-blowing and hypnotic. But if you want more on the history of the place there’s a nice museum too (plus a restaurant with the perfect birds-eye view of the canal’s comings and goings).
May 26, 2018
May 25, 2018
Why do folks go to the North or South Pole?
One reason is… actually – no specific reason at all; just to go because… why not? To stand at the top or bottom of the world is just kinda cool.
Another reason: just the extremeness of it all. Some folks prefer a total lack of extremity: comfort, sun, beach, nice home/hotel, all the mod cons. Others are bored by comfort, but they like extreme contrasts between extremity and comfort ).
Another: some folks just follow their instinctual urge to ski and then walk to a pole over several days – only it won’t be ‘several days’, as a polar day can last five months!
Another: surely, some kinda crazy polar magnetism that attracts certain folks!
In the past, there was another reason: to get to a Pole first.
Regarding the South Pole, around 1910-11, two expeditions – Amundsen‘s and Scott‘s – made it to the South Pole, the former pipping the latter to the post pole! The Norwegians made it back too. The Brits, tragically, did not; a sad, yet heroic, tale. Macabrely, to this day, the Terra Nova Expeditioners still lie there, in their tents, long since gobbled up by the Antarctic ice (specifically – and even more gruesomely – under more than 20 meters of snow, and shifted by the glacier ~50 kilometers over 100+ years).
But regarding the North Pole, hmmm… I couldn’t recall who made it there first, so I had to look it up. Well, there are many claims to reaching it first, but the first undisputed one is that of a Soviet expedition in April 1948, i.e., 36 years after the South Pole! Btw, other expeditions soon after followed the Soviets’ lead, while the South Pole waited a full 44 years until it was to be visited by another expedition.
So, it turns out getting to the North Pole is harder than getting to the South Pole. Interesting. The Antarctic climate is much fiercer than the Arctic one, but crossing the firmly compacted snow underfoot in Antarctica is a lot simpler than crossing the loose, fluffy snow of the Arctic. Then there are the fissures in the Arctic ice you have to somehow navigate. There’s also the shorter window in the Arctic for getting to it – before the ice starts melting. In Antarctica there’s no danger of ice melting and merging with the ocean below it – there’s a whole terra-firma continent underfootice ).
