Dutch hacker, big cyber-politics, and the anatomy of ‘real’ fake news.

Almost 21 years ago, I embarked on a mission to make the world a safer, better place. Today, we’re proud to protect with our cybersecurity solutions the digital lives of over 400 million consumers and 270,000 organizations around the world. Like many other companies whose aim is enhancing people’s lives, we also know that the higher you go, the stronger the winds can be. For us these winds include false media reporting. And in today’s environment of ‘media-ocracy’ and fake news, the situation is getting worse.

For nearly four years now, certain U.S. media outlets have been printing outlandishly preposterous false stories about cyber-conspiracies concocted between secret service folks and Yours Truly against the ‘free world’.

Evidence suggests that a Dutch politician is behind a fake story about Kaspersky Lab in the biggest Dutch daily newspaper

These tales from the paranoid side about us all fit the same template. Accordingly, their basic structure and rhetoric are always identical:

  • Unnamed U.S. intelligence officials share certain ‘shocking details’ about [insert as applicable] with a select few representatives of a given media outlet;
  • Anonymous sources are mostly used; any ‘sources’ cited are incompetent/unqualified to be sources;
  • Zero evidence of any wrongdoing on our part is presented (logical: there is no wrongdoing);
  • Distortion of reality based on the Pareto principle (80% truth + 20% fiction = monstrous lie);
  • These media stories are then used as a basis for taking political decisions (proof).

Incidentally, you may be wondering why, if all the stories about us are indeed false, we’ve never taken legal action in the U.S. The short answer to that is that U.S. legislation makes establishing the truth of a media story very difficult. Meanwhile, we get a ‘media-ocracy’ – with ‘news’ that isn’t news at all, just a vehicle for instilling in readers’ minds images of an ‘enemy’, so as to influence the underlying opinions of the people reading those media. But it doesn’t stop there. This non-news is used to justify high-level political moves against the next-in-line-to-be-out-of-favor company. Yes, of late it’s not just KL being pinpointed; this is growing bigger and bigger every month, affecting other companies too.

Worryingly, this media-ocracy is very influential – and highly contagious; so much so that it can now be felt all around the world, not just in America. And that now includes even the Netherlands.

Media-ocracy: vehicle for instilling in readers’ minds images of an ‘enemy’ and using false allegations for taking political decisions. Alas, it’s highly contagious.

On February 3 of this year, the largest Dutch national daily newspaper, De Telegraaf, published a ‘sensational’ article about a hacker who, allegedly, had claimed to have hacked into the network of our Dutch office (from just outside the building) and managed to obtain a number of IP addresses – all as part of a supposed investigation to help uncover a leak in the Dutch parliament – a leak organized to help ‘the Russians’. Inevitable questions like why specifically we were hacked, why those particular IP addresses were obtained, etc. are left unanswered, but for us the key thing to be addressed was the claim that someone had breached our own highly secure corporate network.

So yes, we took the claims very seriously. We’re a cybersecurity company, remember?! So naturally we carried out an internal investigation. And guess what it showed. No hack occurred. But that’s only the start of this sorry tale.

Read on: It gets even more ridiculous…

Hamburg and ships please.

I wrote in my last post that I was headed home after Sheffield. But I’d forgotten about our scheduled stay en route in Hamburg – possibly the most beautiful city in Germany. I think that’s a sign the trip had been a bit too hectic: forgetting completely about an upcoming port-of-call is most unlike me.

So here we are – in Hamburg!

The possibilities for the tourist in Hamburg are vast. It was tricky deciding but, after the day’s business, my travel companion and I plumped for an Elbe river and seaport (one of the largest in Europe, and Germany’s main port) boat excursion.

Off we go! And the first thing we see: Tolkien!

Read on…

Up north for a (s)pot of snooker.

I often get asked what’s my favorite sport (along with, of late, which matches I’m planning on watching during the upcoming World Cup).

And my usual answer normally seems to disappoint a little: I don’t really have one, as I don’t like sitting in one spot in a stadium or on the sofa in front of the TV watching sport. I prefer to be doing the sport – rather, active activities – myself. Scaling volcanoes, going off on long expeditions in far-flung corners of the world, or just trekking along the banks of a river down a mountainous valley – that’s my bag.

And besides, I don’t watch TV – at all (dreadful habit:).

(Oops – me telling fibs again; I do watch TV in tiny doses: I watch kiddies’ stuff together with my own kiddies; I sometimes glance at the zombie-panel in the gym between sets; on the treadmill in the gym I switch to the nature/wildlife channels; and I’m not averse to peeking at a screen in business lounges in airports. But that really is it:)

Wait. I also watch Formula 1 races on screens, but that’s not quite ‘TV’. It’s normally in the Ferrari paddock, and there’s technical race info on the screens too. But I don’t watch a Grand Prix of a Sunday afternoon on regular TV.

So, yeah – you get it: I generally don’t watch telly. But there is one exception I make (besides all the other quasi-exceptions mentioned above). There is one thing on the TV that can force me to sit in one place for a long time. And it is a sport. And it is… snooker!

Not pool, not billiards… snooker, with its more refined rules and more tactical gameplay. And, by a strange (!) coincidence, we happen to sponsor one of the stages of the World Snooker Championship – Riga Masters.

And since I was in the UK, and my travel/business schedule permitted it, I got myself up to Sheffield, to watch the semi-final of the World Snooker Championship 2018!

Read on…

Enter your email address to subscribe to this blog
(Required)

Thames Path – pt. 5.

Having just completed a vacation-till-you-drop tour of the Caribbean and Bahamas – up early every morning, late to bed every night, daily flights between the islands, sore index finger from all the snapping – it was time for a complete change: of continent. But the island theme, arguably, continued, for we were headed to London, capital of the UK – another island nation.

I find myself in the British capital frequently – our European HQ is here, so there’s always plenty of business needs seeing to. And seeing as though I’m here often, and have been known to enjoy a lengthy, brisk stroll if I can fit one into my working schedule, I decided a few years back to walk different sections of the Thames Path at different times, whenever I can. You can’t do the whole Path in one go as it’s just too long – nearly 300km! Well, I’d done four sections to date, with the last one taking me as far as Richmond Lock. Now, it was time for the fifth installment…

So, setting off from above-mentioned lock, the first things we come to are two bridges:

Conveniently, practically all bridges along the route have paths or tunnels going under them beside the river, meaning you don’t have to climb up from the Thames to get past them.

Read on…

Bahamama Mia!

Get ready folks – this post is full of extremely bright colors. I recommend wearing sunglasses (and a Panama hat) so you don’t get blinded (and sunburned:). For this post is dedicated to the 365 Bahaman islands – cays – of Exuma, one of the most beautiful places in the world…

As often occurs on these here blogpages when I encounter off-the-scale natural beauty, there’ll be few words today and, you guessed it, lots of pics…

Read on:

Features you’d normally never hear about (ver. 2018): KFP – Keeps your Funds Preserved!

When it comes to choosing an item of clothing – the only thing that’s important for me is functionality. Nice packaging, a designer brand, status level and other stuff don’t matter to me one bit. Same with cars really: if one gets you from A to B in good time, safely, and in reasonable comfort (so, maybe with a/c.) that’s all that really matters.

The same ‘ignore the unimportant stuff’ principle should be applied when it comes to one’s choice of cybersecurity product too. One really should – though many don’t – make sure one doesn’t fall for the ‘other stuff’ (= marketing waffle) that has no relation to actual protection. For it turns out that in thorough independent testing, new glamorous ‘next-generation antivirus’ products are shown to contain under their hoods fake artificial intelligence, adopted AV detection, and ‘protection’ full of holes. Put another way: they’re placebos, nothing more. So, in order not to become a victim of shiny marketing based on unsound security, you need to lift the hood yourself to have a look at how things work.

Of course, not everyone has the time and patience and technical knowledge to be able to plough through technical documentation of a cybersecurity product and understand it. But even if someone did, there’s still a chance the developer is mostly spinning a yarn throughout all that techy jargon.

With us, on the other hand, it’s just the opposite: we’re proud of our technologies, openly publish their technical details (without the yarns) and consider that anyone can understand them if explained appropriately. Ultimately we’re the most transparent cybersecurity company around – even to the extent that we’re ready to share our source code for inspection.

But to add to the clarity and accessibility of some of our tech, seven years ago, I started a series of regular posts on this here blog with the technology tag, in which all the main points of our more complex tech features are explained in simple language (complex tech features ‘you’d normally never hear about’, much less – read about in the regular, for-geeks-only technical notes). These are the largely invisible – under-the-hood – features, but they’re the ones that happen to be the real nuts-and-bolts of our cyberprotection.

Ok. Intro over. Today’s post is about how banks recognize a hack into your bank account.

Let’s say that one day you get a message from your bank that goes along the lines of: ‘Suspicious activity has been detected on your account…’. The first thing you do is go over the last few days trying to recall everywhere you’ve been, where you withdrew cash and how much, what you bought in shops/cafes, etc. and/or online, and so on.

In my case, it may look like this: (i) withdrew Norwegian kroner from an ATM in Longyearbyen, Svalbard, Norway; (ii) bought a steak and a beer salad and a mineral water in Oslo Airport, Norway; (iii) bought the missus a present in Schiphol Airport in Amsterdam, Holland – plus another salad and mineral water for lucky me; (iv) somewhere in the vicinity of the Azores bought some airplane internet access time; (v) withdrew some balboas in Tocumen Airport in Panama; and (vi) paid for dinner for a large party in a village not far from Panama City. And that was all in just one day!

Now, of course, to a bank, that string of transactions with a credit card – registered in none of the countries mentioned – sure could look suspicious. Quite who starts the day in the northernmost town in the world, buys an expensive duty free item a while later in a European capital, and ends up in Panama in the evening and forks out for a banquet, but has never taken such an unusual route before ever?

Sure. But let’s face it, banks can’t keep track of their millions of clients. How many employees would they need to do so? No, instead, the bank has a smart automated system (like Kaspersky Fraud Prevention (KFP)) that recognizes fraud automatically and with a high degree of accuracy. Ok, let’s have a look under KFP’s hood and see how it protects your money.

Each client of a bank has a model of behavior: a mathematical graph that contains the devices (computers, smartphones, tablets) and accounts of the user, bank services used (e.g., internet banking), and also rules for interaction among all the just mentioned. The model is built on the basis of collected anonymized data about specific activity of the client on the internet and using mobile bank. Crucially, the system isn’t interested in concrete transactions, sums involved, invoice details, names and so on – banking secrecy remains banking secrecy. Threats are calculated based solely on technical metadata and analysis of anonymized actions.

Such an approach allows to automatically detect many different kinds of cyber-fraud.

Example 1: Citizen X uses his internet banking application on his home computer. To authenticate his identity he uses the USB token given him by the bank. But since for protection he’s installed a next-generation antivirus based on a ‘cutting-edge AI system’, one day a malicious Trojan gets through. That Trojan – assisted by the token being forgotten about and left in the USB port – starts to transfer money on the quiet from Citizen X’s account. But it’s not ‘on the quiet’ for the banking anti-fraud system, which detects the anomalous behavior quickly, blocks the operation and informs the bank’s security department.

KFP control panel

Read on…

Montserrat: half-paradise, half-ghost-isle.

Hi folks!

Next up, Montserrat, aka, the Emerald Isle of the Caribbean.

Brief main info: This is another British Overseas Territory. Population: ~5000. Again, the locals don’t live too high on the hog; however, the island has a pleasant climate and outward appearance, which makes it a hit with foreigners who live very high on the hog and who like to visit, as can be seen from all the very nice houses and villas (from a helicopter).

Read on…

Lesser Antilles No. 2: Saint Vincent and the Grenadines.

Hi folks!

As promised, herewith, the next islands of the Lesser Antilles. Next up: Saint Vincent and the Grenadines.

This is another sovereign state, made up of Saint Vincent and – surprise, surprise – the Grenadines. The former is relatively large, covering some 300+km²; the latter is made up of dozens of small and tiny islands, all of which are extraordinarily beautiful – one of them being Mustique.

Read on…

The mystique of Mustique.

You really should not believe all you read on the internet. But surely we all know that, right?

But, then, at the same time, there are some resources on the net that can be trusted. For example, there’s Wikipedia, which I often refer to in my blogposts. However, even it needs to be read with the occasional pinch of salt added to taste – as I have mentioned occasionally here on this blog.

The issue is basically differences between the information given on different language versions of one and the same Wikipedia subject.

Example: On Wikipedia’s English-language page on Stuxnet – the first known cyberweapon ever to be deployed (the infamous worm which in 2010 physically damaged the Iranian atomic program), it used to state (it’s since been corrected) that Stuxnet was discovered by KL. But it wasn’t. It was first discovered by the Belorussian company VirusBlokAda, and later first ‘cut open and dissected’ by America’s Symantec. Back then we were a little slow and missed the first train. The expert at VirusBlokAda who did first find it, Sergey Ulasen, did soon after come and work for us, but that doesn’t mean we found Stuxnet! Still – there it was, on the English Wikipedia page on Stuxnet. While the Russian-language Stuxnet page told the story correctly.

Such discrepancies I see sometimes on Wikipedia between the Russian and English pages as I like to check both (often out of curiosity to find such discrepancies!). However, who’s to say there aren’t the same – or completely different – discrepancies among some or all the different language versions of any given Wikipedia subject? I haven’t checked, nor can be expected to, as I don’t know dozens of languages. But… just sayin’ and all. It just makes you wonder. In fact, it made me wonder if anyone has a studied this issue in depth. But I digress…

Aaaaaannnnyyyyway, it turns out there’s a discrepancy between certain info on the Russian and English Wiki pages for the Caribbean island of Mustique. In Russian it states that ~ ‘the only means of transportation on the island is the golf cart’. But that just ain’t true. The island has regular cars that travel on regular roads. Meanwhile, over at the English-language page, there’s no mention of golf carts!

Of course, maybe things have changed since when the page was written. But if they have, well… the pages need updating!

Read on…