NOTES, COMMENT AND BUZZ FROM EUGENE KASPERSKY – OFFICIAL BLOG
October 26, 2017
Hi folks!
Ok. After yesterday’s brief female topic, today, logically… yes – you’ve read the title of this post.
No, this isn’t locker room talk. Nor is it about football, or fishing, or fast cars… Not even about beer or (computer) gaming. Nope, it’s about a particularly curiously shaped Danxia rock formation. Yes – it’s about 阳元石, or Male Rock!
Oh my Guangdong! So this will be another 18+ rated blogpost!
October 23, 2017
The Danxia Range of rocky outcrops in Goangdong, China, is so insanely beautiful that it for sure deserves inclusion in my Top–100 Must-See Places in the World. Massive lumps of red rock with vertical sides some several hundred meters high, scattered over a territory stretching some 10×15 kilometers.
Our first glimpse of Danxia came early morning, when none of the redness is visible; actually, there was redness, but only of the sensational skies as the sun came up. Then the redness gets bizarrely transferred to the rocks, which we set off to get closer to…
If ever you fancy getting here yourself, be warned: checking out all the beautifulness here entails a lot of walking – and that includes a lot of ups and downs on steep steps. In a day you could be looking at some 15 to 20 kilometers. Then you need to take into account the extreme climatic conditions too. Not only can it be 28-35 degrees Centigrade, it also gets horrendously humid. But what else do you expect in the tropics?! Just make sure to wear breathable sporty kit for your trekking; regular cotton shorts and t-shirts just get soaked through (even breathable kit gets soaked too, but it’s much more bearable somehow).
October 22, 2017
Hi folks!
Herewith, I continue may tales from the Chinese side…
As per the template, this won’t be a simple photographic mini-series with explanations of the pics, but also a how-to guide for folks who might want to visit the place one day themselves, which, as is often the case, I heartily recommend.
Today I start with the Danxia landforms. Now, Danxia in Chinese means ‘red hills’; that is, any hills that happen to be red or reddish-colored. And in China there are dozens of different sets of red hills all over the southeast, southwest and northwest of the country. However, there is a specific Danxia Shan – Mount Danxia (confused?!). I wonder what came first – the egg or the chicken Danxia – the mount, or Danxia – the general term for red rock formations in China? The internet returns contradicting results. And locals don’t seem to know themselves. In short: one of China’s many mysteries.
Btw, Danxia is pronounced ‘Dansya’. Danxia isn’t an English term; it’s Chinese in the Latin alphabet – pinyin. There!
So, where do I begin my narrative? There are so many options – so much to show. Ok, let’s keep it simple and logical – let’s start with the break of dawn…
October 19, 2017
Hi folks!
I doubt you’ll have missed the unrelenting negative news coverage about KL of late. The most recent accusation is that alleged Russian hackers and the hidden hand of the Kremlin have somehow used our products to spy on American users and pilfer their secrets.
Read on
October 12, 2017
Howdy folks!
Now, you know I’ve a soft spot for cliffs…
…So you can imagine my rapture upon arriving at these here beauties – the Danxia rocks in China. But, ohhh was it hot – 35 degrees Centigrade and tropically humid. Harder to take than a sizzling sun in the desert!
This somewhat… odd shaped formation is called… Male Rock )).
The formation above is called… Teapot! The fable goes something like this: there were two sisters who brewed up some too-weak tea for some companions, then something happened to them. That’s all I recall. Anyway, the moral to the legend is, kids – never be mean when adding the loose-leaf tea to the teapot for guests…
This is just the appetizer folks. As per custom – a lot more to come…
October 12, 2017
Hi folks!
The other week we had our annual conference on industrial security – our fifth: our first jubilee. Hurray!
This year it was a truly international event, with many of the speakers giving their presentations in English (since they knew no Russian:). In all there were ~300 participants from 170 companies! Thanks to all sponsors and partners, especially:
And thanks to everyone else too whose names you can find at the above link.
October 10, 2017
In recent years there’s been all sorts written about us in the U.S. press, and the article last Thursday in the Wall Street Journal at first seemed to be just more of the same: the latest in a long line of conspiratorial smear-articles. Here’s why it seemed so: according to anonymous sources, a few years ago Russian government-backed hackers, allegedly, with the help of a hack into the product of Your Humble Servant, stole from the home computer of an NSA employee secret documentation. Btw: our formal response to this story is here.
However, if you strip the article of the content regarding alleged Kremlin-backed hackers, there emerges an outline to a very different – believable – possible scenario, one in which, as the article itself points out, we are ‘aggressive in [our] methods of fighting malware’.
Ok, let’s go over the article again…
In 2015 a certain NSA employee – a developer working on the U.S. cyber-espionage program – decided to work from home for a bit and so copied some secret documentation onto his (her?) home computer, probably via a USB stick. Now, on that home computer he’d – quite rightly and understandably – installed the best antivirus in the world, and – also quite rightly – had our cloud-based KSN activated. Thus the scene was set, and he continued his daily travails on state-backed malware in the comfort of his own home.
Let’s go over that just once more…
So, a spy-software developer was working at home on same spy-software, having all the instrumentation and documentation he needed for such a task, and protecting himself from the world’s computer maliciousness with our cloud-connected product.
Now, what could have happened next? This is what:
Malware could have been detected as suspicious by the AV and sent to the cloud for analysis. For this is the standard process for processing any newly-found malware – and by ‘standard’ I mean standard across the industry; all our competitors use a similar logic in this or that form. And experience shows it’s a very effective method for fighting cyberthreats (that’s why everyone uses it).
So what happens with the data that gets sent to the cloud? In ~99.99% of cases, analysis of the suspicious objects is done by our machine learning technologies, and if they’re malware, they’re added to our malware detection database (and also to our archive), and the rest goes in the bin. The other ~0.1% of data is sent for manual processing by our virus analysts, who analyze it and make their verdicts as to whether it’s malware or not.
Ok – I hope that part’s all clear.
Next: What about the possibility of hack into our products by Russian-government-backed hackers?
Theoretically such a hack is possible (program code is written by humans, and humans will make mistakes), but I put the probability of an actual hack at zero. Here’s one example as to why:
In the same year as what the WSJ describes occurred, we discovered on our own network an attack by an unknown seemingly state-sponsored actor – Duqu2. Consequently we conducted a painstakingly detailed audit of our source code, updates and other technologies, and found… – no signs whatsoever of any third-party breach of any of it. So as you can see, we take any reports about possible vulnerabilities in our products very seriously. And this new report about possible vulnerabilities is no exception, which is why we’ll be conducting another deep audit very soon.
The takeaway:
If the story about our product’s uncovering of government-grade malware on an NSA employee’s home computer is real, then that, ladies and gents, is something to be proud of. Proactively detecting previously unknown highly-sophisticated malware is a real achievement. And it’s the best proof there is of the excellence of our technologies, plus confirmation of our mission: to protect against any cyberthreat no matter where it may come from or its objective.
So, like I say… here’s to aggressive detection of malware. Cheers!
October 6, 2017
Hi folks!
Herewith, my final post on Iguazu! All good things come to an end…
On our last day at Iguazu the sun came out to play – for the first time while we were there. This is quite normal, of course, but what was less normal was how the clear skies (no rain) that began the previous night led to the water levels falling by more than two meters! Haven’t seen that often. Have a look for yourself:
October 5, 2017
Another sensationalist media story was released today stating among other things that Kaspersky Lab helps a certain intelligence agency in getting their hands on sensitive data from another intelligence agency through the home computer of a contractor. Another accusation in the article is that we are very ‘aggressive’ in our methods of hunting for new malware.
The first statement sounds like the script of a C movie, and again – disclosed by anonymous sources (what a surprise). I can hardly comment on it besides the official statement.
However, I couldn’t agree more with the second claim about being aggressive in our hunt for malware. We absolutely and aggressively detect and clean malware infections no matter the source, and have been proudly doing so for 20 years. This is the reason why we consistently get top ratings in independent, third-party malware detection tests. We make no apologies for being aggressive in the battle against malware and cybercriminals – you shouldn’t accept any less. Period.
While protecting our customers, we do – as any other cybersecurity vendors – check the health of a computer. It works like an X-ray: the security solution can see almost everything in order to identify problems, but it cannot attribute what it sees to a particular user. Let me elaborate a bit more on what we do and what we don’t when protecting our users from cyberattacks:
What we do
Every day, we develop new heuristics and advanced detection mechanisms that flag suspected malware and send it to machine-learning-powered back-end for automatic analysis. These heuristics are designed in a way so that they focus only on a particular type of data – one that has characteristics potentially dangerous to computer health. And the data’s risk is the only feature the heuristics care about.
We focus on high-profile cyberthreats that have the potential to impact many users. Such threats are usually very sophisticated and may consist of multiple components – not necessary malicious at first glance. Please read our recent ShadowPad story as an example.
We hunt for and analyze all kinds of threats. We ignore none. We also invest a lot of resources into systems that protect our users from malware, make their computers more secure, and allow them to enjoy their user experience as opposed to worrying about it.
In the wake of this latest article I want to emphasize the following: if our technologies detect anything suspicious and this object is identified as malware, in a matter of minutes all our customers – no matter who or where they are – receive protection from the threat. In the most serious cases – such as global malware outbreaks like WannaCry or sophisticated cyber-espionage platforms like Equation – our researchers analyze the threat deeply and publish the research with indicators of compromise openly, so not only our customers, but all other users and our colleagues in the cybersecurity industry can learn how to protect against the new threat. Customers’ security is our mission, and we’re committed to protect against all kinds of cyberthreats regardless their origin or purpose. This approach is the foundation of our business and is what our users pay for.
This is the one and only way of how we deal with cyberthreats. The new allegations look to me like this: someone just took this process of how we deal with a threat, added some fictional details, and here we go – the new C-movie script is ready.
What we don’t do
With big power comes big responsibility. We never betray the trust that our users place in our hands. If we were ever to do so just once, it would immediately be spotted by the industry and it would be the end of our business – and rightly so.
To understand why something like this would be impossible for Kaspersky Lab or any other reputable security company, one needs to understand how the cybersecurity industry works. In our industry there are mainly two types of folks: first, those who do offensive things: breaking software, creating espionage tools, exploits, and – to the extreme – helping governments with their spy efforts. And second, folks who fight for users, take their side, protect them from attacks, create software that defends computers, and cause all manner of headaches for spy agencies.
This is a fundamental separation, which expresses itself in many ways – from what is considered ethical by one category or the other, to reputation and separating right from wrong.
For 20 years, KL has been fighting for users. It’s pioneered many technologies, including machine learning and cloud security, created one of the world’s best security products, and strived to ONLY hire people who abide to the highest ethical standards.
Any of our experts would consider it unethical to abuse user trust in order to facilitate spying by any government. Even if, let’s say, one or two such people would somehow infiltrate the company, there are dozens of internal technological and organizational strategies to mitigate the risk. There are also 3000+ people working at Kaspersky Lab and some of them would notice something like that. It’s impossible to hide it from everybody.
Now to the complicated part
Even though we have an internal security team and run bug bounty programs, we can’t give a 100% guarantee that there are no security issues in our products; name another security software vendor that can! Software is made by people and people make mistakes – no getting round that.
Now, if we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us? We patch the most severe bugs in a matter of hours; so why not make the world a bit more secure by reporting the vulnerability to us? I can’t imagine an ethical justification for not doing so.
In the end, I can’t shake off a disturbing thought: no matter how great security technologies and measures are, the security of millions can be easily compromised by the oldest threat actor there is – a $5 USB stick and a misguided employee.
Dissecting the recent WSJ cybersecurity story: truth, lies and disturbing details by @e_kaspersky himselfTweet
October 5, 2017
Hi folks!
What is 52?
EK52 = the Munich-Dubai flight on Emirates
52=4*13=2*2*13
B-52 – the name of a shot-cocktail I love (not keen on the band; not keen on the bomber either)
Also:
Today’s my birthday! Oh my word, how time flies!…
It was nature that first wished me a happy birthday this year. For this is what it had in store for me when I opened the curtains:
