Tag Archives: it industry

The year that was 2020 – and the money side of things.

Hi folks!

It’s been a little over a year since this darn biological contagion swept the world and hit businesses hard – especially small and medium-sized businesses. Almost immediately it was clear some companies weren’t going to fare well. But I also wondered how the cybercriminals would behave. And what would happen to our company during this potentially long period of quarantine?

On the whole of course it was obvious that cybercrime wouldn’t suffer that much. The bad guys carried on ‘working from home’ as usual. Nothing much changed for them, apart from potential victims spending more time online due to quarantine measures and lockdowns. And, of course, the internet didn’t lose any bandwidth because of this biological virus.

But what about our business, which takes the fight to those very same cybercriminals?

A year ago, I expressed my belief that our company would be affected by two vectors: one negative and one positive. On the one hand, some of our customers would face difficulties, and some, alas, would go bankrupt. We’ll obviously lose those revenues. But on the other hand, there would be companies that started investing more resources in cybersecurity because their employees were working remotely and the cybercriminal world would most likely become more active. How we’d manage these two vectors would directly determine our own results.

So, ladies and gentlemen, boys and girls, I’m pleased to tell you that we’ve just announced our financial results for the past year. ‘Why in April?’ you may ask. Because we wanted to do a financial audit first.

And so…*drum roll*…

It’s time to tally the numbers and sum up the results of the past year. We even held a press conference to mark the occasion, informing journalists of our financial achievements.

Despite the now notorious bio-virus pandemic, the global economic crisis, and all kinds of geopolitical instability and uncertainties, our results weren’t only not bad, but were actually very good! After a year of covid, we not only survived but also grew! And that was despite an almost complete relocation of our K-folks from the office to remote working with all the associated costs and restructuring, mass provision of our products to the needy, and all sorts of other various unforeseen things.

All righty. I’ll start off with the biggie: the company’s global revenue for 2020 reached $704 million – an increase of 2.8% on 2019.

Read on…

Antimonopoly justice: wheels finally turning, or another flash in the pan?

Business done successfully will always tend toward becoming bigger. C’est la vie.

It often goes like this: In a given field, the big and strong gobble up the small and… smart (exceptions prove the rule). But what also sometimes happens is the big and strong with breakthrough technologies in one field gobble up everyone in different field. Example: once upon a time there was the giant, all-powerful Kodak, but then the era of digital photography came along, and the film-based photography field was wiped out. And this is how scientific-technical revolutions come about, and they’re useful: they help humanity progress.

But there’s another scenario: the big and strong become… so incredibly big and strong that they start dictating rules to all the other players in their industry, they strangle the natural selection of innovative and successful companies, and even try to hamper the development of any allied companies or markets that represent potential danger for their business. And in this case, antimonopoly bodies have to intervene to put a stop to such abuse of power so as to protect progress.

Domination in a market isn’t unlawful under antimonopoly rules. However, companies that dominate have a special responsibility not to abuse their power by limiting competition.

This latter scenario is being played out right now on a (socially-distanced) stage in a suspenseful IT-show whose main characters are Amazon, Apple, Facebook and Google – operators of the world’s largest online platforms – three of which (all bar Facebook) also act as the world’s largest online marketplaces. The other main characters in the show are the U.S. authorities, which are trying to rein in these online platforms – meaning checking they’re not unfairly taking advantage of their powerful positions – including hindering their ability to be judge, jury and executioner in their marketplaces. They are trying to prevent unfair competition – including exertion of pressure on competitors to ease promotion of the marketplaces’ own products. I’ve already written about one such high profile show case like this: the one where Apple has been driving out independent developers of parental control applications from its App Store.

Let me give an analogy here:

A landlord starts to lease out his land to farmers on equal terms and conditions, which suit everyone just fine. But at the same time, the landlord keeps a close watch on the farmers to see which are doing best. The following year, he starts doing what those successful farmers do himself. He also changes the terms and conditions of the leases ‘to protect worms’: now all farmers under those leases aren’t allowed to use spades – they must use trowels, and they should stop using fertilizer. But this rule doesn’t apply to the landlord. It’s like, he’s not actually preventing the farmers from going about their farming business – and he’s declaring worthy intentions – but how on earth can the farmers with trowels compete with the landlord with his spades and the very latest fertilizer?

Sounds all very Middle Ages, right? But a similar thing is happening in 2020 – only not in farming but in the modern digital economy; however, finally, the powers-that-be appear to be waking up to the fact. Or so it seems…

In early 2019, U.S. Senator Elizabeth Warren gave a watershed interview to The Verge, in which she stated that she “would classify any company that runs a marketplace and makes more than $25 billion a year in revenue as a ‘platform utility’, and prohibit those companies from using those platforms from [sic] selling their own products.” Put simpler – incidentally when referring to Apple in particular – she stated: “Either they run the platform or they play in the store”.

And that was that: despite the fact these were Very Big Boys she was talking about, the starting gun was duly fired…

Read on…

Topping the Top-3: transparently, for all to see.

You might think that we were lucky – in the right place at the right time – to have started out well as an enterprise and later becoming the world’s leading cybersecurity vendor. You’d be wrong! Now let me tell you a story…

Actually, back in the day, right at the beginning of our antivirus work, I we set myself ourselves a goal. An incredibly ambitious goal.

I remember it well. My long-time friend, Alexey De Mont De Rique, and I were at the tram stop waiting for the number six tram not far from Sokol metro station in Moscow some time in 1992 – back when we’d work 12-14 hours a day (‘Daddy’s working!’ my kids called me). I suggested to Alexey that ‘we need to set ourselves a goal’. His reply came something like: ‘Ok. What goal precisely, do you really think we need to set one, and how persistent should we be in attaining it?’ Something like that, anyway. My response: ‘Our goal should be to make the best antivirus in the world!’ Alexey chuckled. But he didn’t dismiss it. Instead, we simply set out on our journey toward reaching the goal – working hard harder, and always with our goal at the back of our minds. And it worked!…

How, exactly?

With the mentioned harder work, with inventiveness, and with somehow managing to survive and prosper through those very tough times in Russia [early 90s Russia: the collapse of the Soviet Union and its command economy, the struggles to switch ‘instantly’ to a market economy, inflation, joblessness, lawlessness…]. We toiled away non-stop. I detected new viruses; Alexey coded the user interface; and the antivirus database editor, Vadim Bogdanov (Assembler Jedi), used the Force to put together the various computer tools for what I was doing. Yes – in the early 90s there were just three of us! Then four, then five, then…

Now, remember how I started this blogpost by telling you our success wasn’t a matter of being in the right place at the right time? Well, there was some luck involved: in 1994 the world’s first ‘Antivirus Olympic Games’ took place – independent testing of security software at the University of Hamburg. Sure, we were lucky that this independent testing took place. But it wasn’t luck that we won!

Oh yes. We got the gold (a trend that has stuck with us to this day – as I’ll detail in this post). So from almost the very get-to, we got the very highest results in Hamburg. But it was catching. We kept on getting golds in other independent tests that were established around that time. Hurray!

Read on…

Enter your email address to subscribe to this blog
(Required)

i-Antitrust: time to give you your choice back, folks!

Fighting injustice. It’s just what we do – and keep doing. And that includes fighting major, large-scale injustice…

For example, in 2017, we managed to reach an agreement with Microsoft that encouraged it to stop giving unfair advantages to its own antivirus product. Sure, Microsoft is a modern-day Goliath. But we’re a modern-day David! And we need to be. For someone has to stand up to the giants now and again when they start throwing their weight around unfairly. Not doing so would mean users wind up with less choice.

Then last year saw us having to don the boxing gloves again for another dispute – again on an antitrust issue, but this time with another Goliath: Apple. Fast forward nearly a year – and I have two bits of news for you on this…

But first – quick rewind: some background.

 

Early on – halcyon daze…

Back in 2008, on the back of its extraordinary successes with its iPhones, Apple opened its App Store. And to fill out its ‘shelves’, it invited independent developers to use it as a platform to sell their for-iOS software. Those independent developers jumped right in, bringing with them thousands of apps (fast-forward 12 years and there are now literally millions). Users all over the planet were happy with all that choice, both Apple and the independent developers made tidy profits, all was well, there was peace and harmony, and it looked like everyone would live happily ever after.

But… business is business. At the end of the day Apple exists – like all commercial companies – to make a profit first and foremost. So it started branching out a bit. It created other iThings, all sorts of services, and a lot more besides. Yet still Apple yearned for more. Which was when it turned its gaze toward the markets of iOS applications made by independent developers in its own App Store.

Fast-forward to 2020.

I have a lot of respect for Apple. The company created a successful business model that’s much envied and much imitated. I neither envy nor imitate it, and I don’t agree fully with much of its policy (first and foremost – regarding cybersecurity), but that doesn’t mean I respect it any less (even though I personally don’t use any Apple products). We’ve been cooperating with Apple many years, in various areas, and until recently this was a partnership of equals.

Like tens of thousands of other independent developers, we create useful iOS apps – apps that increase the overall attractiveness of the platform. Together with Apple we had some profitable mobile business going on, but it was the users who benefitted most (as they were supplied with ever-more useful apps). Everyone had it good. Then, at the end of 2018, Apple announced its crusade against independent developers with the release of its Screen Time.

Competition is good, because competition works for the good of the user. In this case, more apps, better apps, more varied apps – more choice (and a developer not falling asleep at the top of the App Store listings)! But for competition to exist there needs to be a level playing field, i.e., fair rules. For everyone. Yet that level playing field – and competition with it – has been destroyed by Apple. Let me tell you how.

iStory that’s hard to believe.

Screen Time entered a mature market in which dozens of independent developers already operated. The App Store offered a great many apps providing parental controls, time management and other related tasks. And it’s here where the craziness begins.

Apple unexpectedly monopolized a wide range of critical functions, by simply turning them off for other developers!

So, like, how, for example, is a parental control app supposed to get by without configurable profiles, the ability to filter URL addresses, application control, and full fledged geolocation? That’s right: it can’t! But it can if it’s an Apple parental control app – for none of this critical functionality was limited in any of its own apps! It’s one rule for Apple’s apps, another for all the rest.

Now, of course, this audaciously odd-ball move was made under a smokescreen of ‘concerns’ about security and privacy; however (also ‘of course’) – these concerns were seen right through real quick to reveal their bogusness.

Next, Apple started banning developers from the App Store, delaying approval of new software builds, and rolling out new unacceptable requirements and conditions. Some apps were shut down, while others had their functionality restricted – rendering them useless. But some independent developers decided to fight back. Including us. Developers came together to form an association with the aim of working with Apple to try and secure fair rules for all, while some filed complaints with regional antitrust authorities and began a public campaign in the press and on social media.

Then, in June 2019, Apple looked like it had hit the brakes and even gone into reverse. However, actually, it was purely a tactical maneuver to feign an expression of goodwill, and which in no way helped solve the problem of equal rights for all – including Apple itself.

Then it released iOS 13… – with yet further restrictions to hit the ecosystem even harder!

Let me give you an example of how the ‘innovations’ of iOS reflected on our parental control app Kaspersky Safe Kids.

First, Apple loads and activates Screen Time automatically on devices upon installation of the new version of the iOS – even if the user already has onboard a similar application. Don’t know about you, folks, but that, to me, doesn’t have much of a ring of ‘free competition’ to it. Looks more like just the opposite: with a ring of intrusion, aka thrusting, aka foisting, aka gatecrashing the party, i.e. – uninvited.

Second, new features on iOS 13 now permit a child to easily delete Safe Kids (i.e., a complete cancelling out of the very meaning of ‘parental control’), and also view websites via Safari (it has become impossible to hide it) instead of via the built-in safe browser that permits filtration of undesirable content. No, really folks!

Third, changes to the policy of accessing the geolocation of a device have taken away parents’ ability to track their child’s location! (No. I am not making this up. And all in the name of security – remember?!)

But wait – here’s what really takes the proverbial biscuit. Are you sitting down?…

All features that have become forbidden to independent developers remain completely ok and wholesome and accessible to… – ta-daa – Apple!

iAudaciousness on this scale simply couldn’t go unnoticed.

Encouragingly, the issue hasn’t gone unnoticed. It’s been resonating at the very highest legislative levels around the world. In the U.S. Senate it was suggested to forbid Apple and other large companies from placing their own apps in their own marketplaces, since they, by default, will create preferences for their own products.

In Russia antitrust proceedings have been initiated. In the EU they’re still at the pre-investigation phase. Indeed, slowly but surely the negative consequences of this lowering of competition are coming to the surface. Even from the user side – Screen Time is taking a lot of flak for its functionality shortcomings (even with its functional superiority given that its competitors have all had their functionality curtailed!). Some independent developers see the only way of getting round the issue to be to urge users to move over to Android if they want to keep their kids safe.

And now for that news I said I’d be telling you…

I’m not sure yet if it’s good news or not, but at least some movement must be a good thing – and we’ve been trying to fight for equal opportunities for everyone. This spring, the Federal Antimonopoly Service of Russia will deliver its verdict on our claim regarding the abuse by Apple of its dominant position and the creation of unlawful competitive advantages for Screen Time. Almost all arguments and evidence in the proceedings have already been given and submitted. For us it’s been a very long, complex process (details – here), which has taken up much time, effort and money energy. But we’ve explained our position well, and I have Hope that the decision will be in our favor. Fingers crossed…

When Jobs was in charge – there was nothing like this.

Do you know what this crusade of Apple’s against independent developers gets me thinking about? A fight of the iOS ecosystem against the App Store ecosystem! The former gradually absorbs the juiciest, most profitable markets of the latter. And it looks all the more unsavory given that it is thanks to the App Store that the iOS platform has risen to now make up the basis of the business of the company. Without it, Apple would have had just another failed project – the kind of which there have been many in the history of the IT business.

It all reminds me a little of the infamous letter of Steve Jobs that announced the ‘holy war‘ against Google; in particular one sentence within it: ‘Tie all our products together, so we further lock customers into our ecosystem’.

Probably only Mr. Jobs himself knows exactly what he meant by that. But though he was originally against third-party apps for the iPhone (he later changed his mind), I’ve no doubt whatsoever that among his greatest expectations were those he vested in independent developers: to have their inspiration and resources help create for Apple the best ecosystem. And one thing’s for sure, Jobs wouldn’t have allowed Apple to transform itself into a self-important dictator and turn on the very developers that helped it and subject them to out-and-out discrimination.

I’ve already said this above, but I’ll say it again: I respect Apple. And I have a feeling that there are no issues in our relations we can’t resolve. Apple could opt for a sensible compromise and reconsider the unfair rules of the game. This would make its platform even stronger by permitting independent developers to supply to it full-fledged apps so as to serve the needs of its millions of users optimally.

Finally, please support us in this struggle to secure your right to choose exactly what you want, not what one large corporation decides is best for you. And stay tuned. I’ll be back with news re the FAS’s verdict once it arrives…

Introducing – the new us.

I’ve heard it said that “Life needs shaking up more often than not, so it doesn’t turn sour.”

Well, no chance we could ever let things go sour here at KL — not in the industry we’re in, which is constantly and rapidly changing. Still, sometimes it is useful to stop, take a look at yourself as if through someone else’s eyes, think about what’s around the corner, and make a few changes to the look and feel of the company accordingly. And so it is with this lyrical introduction that I want to formally announce our rebranding and explain why we’ve done it.

We were born in the 90s. Back when we founded the company in 1997, we had just one simple goal: to make the best antivirus in the world. There was no talk of positioning, image, or brand philosophy. But that was then; this is now. It’s been 22 years, and everything’s changed.

We now employ more than 4,000 people and protect hundreds of millions of individuals and businesses around the world. The very concept of antivirus, our original cornerstone, has become obsolete. The world has become so dependent on cyber-everything that no sphere of modern life has been left untouched by it. And we’re ready to protect all of it, from home users on the internet to large corporations, governments, industry, and infrastructure. One thing has remained the same, however, since the beginning: we produce the very best security solutions on the market.

With so much having changed, it was high time we thought about how we looked to folks on the outside — to see if that, too, might need some shaking up. After all, our logo was designed back in 1997, when the company was just taking its first steps. In that logo we used the Greek alphabet with lots of fine detail, but 22 years on, much of that has lost its relevance.

So, after lots of work behind the scenes, today we’re formally updating our logo! The new logo employs geometric, mathematically precise letter forms representing the values that define us: for example, the highest standards of engineering. Another noticeable innovation is that we’ve removed the word Lab. That change has been on the cards for years; we’re often referred to simply as My Surname around the world anyway — and always have been, for the sake of convenience, simplicity, brevity, or plain lack of need for the Lab. Well now we’re just Kaspersky officially too: shorter, simpler, clearer, more utilitarian, easier, more memorable (I could go on at length here).

But if you dig a little deeper, you’ll see we’re not just changing our logo. The whole company’s changing.

In recent years, our approach to business, to our products, and to ourselves — not to mention, our vision of the future — has changed. All these years we’ve been saving the world, fighting cyber-sin in its many incarnations, but, as I mentioned above, we’ve been changing too as we grew (I should have been a poet). Now, we feel know it’s within our power not only to save the world, but also to build a more protected, safer world from the ground up. I firmly believe that the concept of cybersecurity will soon become obsolete, and cyber-immunity will take its place.

Information systems should be designed and built secure; they should not require add-ons in the form of (never quite fully secure) security solutions. That is the future we’re working on: a real, tangible future in which life will be simpler, more convenient, and more interesting — not some flowery, imagined future straight out of science fiction. And this world is taking shape little by little, day by day. I’m sure that in this safer world we’re helping create, technologies will no longer be a source of constant threat, but instead provide tons of new possibilities, opportunities, and discoveries.

So there you have it, the new … K!?! (What? No more KL, as I like to abbreviate us to? Oh well, progress always requires some sacrifice!)

Hey startups, want to become a global company?

About five years ago we launched an interesting project – our own Business Incubator . Why? Because there are a lot of great ideas out in the wild that need nurturing to grow and develop into something great. And we have the resources to help them do this! So we’ve been scouting for cool innovative ideas and giving startups ‘wings’ to fly.

One of the most successful examples of projects from our Business Incubator is Polys, launched in 2017. It’s an online platform for electronic voting based on blockchain. I’ve already mentioned it in this blog. But briefly: it’s safe, anonymous, unhackable, and what I think is more important – very easy to use and suitable for any kind of voting. I personally believe that the future of voting is indeed online and blockchain. Polys has already been officially used by Russian political parties, student bodies, and regional government organizations. And I’m sure that these are just the first steps of this KL nestling.

We’ve another up-and-coming Incubator project on board – Verisium. This is an IoT platform for customer engagement and product authentication. Especially needed in the fashion industry, it helps fight the counterfeiting of luxury products, and gives brands the ability to track product lifecycles and gain marketing insights into how products ‘live’ and perform. Verisium has already launched a number of joint projects with Russian designer brands – involving clothes with NFC chips on blockchain.

source

However, though it’s doing really well, the Incubator wasn’t enough for us. So we decided to scale-up the way we work with startups and innovative companies, while focusing on something we know rather well… cybersecurity!

At the end of May (so, in a matter of days) we’re launching a new program that will run globally – the Kaspersky Open Innovations Program. We’re doing it to build an ecosystem that allows for transparent conversation and fruitful collaboration between businesses and innovative cybersecurity companies around the globe.

To start-off, we’re launching a global startup challenge. We’ll be looking for startups that already have products, or MVPs, or even prototypes; we’ll be looking for those who already have something to sell, or already have had some sales and now need more. Since we’ll be neither investing in these companies, nor acquiring them, we’ll keep the focus on finding solutions that can truly benefit from being embedded with our technologies or integrated with them to maximize protection capabilities.

Another goal will be to take the results of our collaboration with startups – and their many new innovative products, solutions, services, etc. – to companies of different sizes around the world.

So, if we’re not investing and not acquiring, what are we actually offering? As a global company, we’ll help startups scale up globally by supporting their further product and business development. But probably most importantly, we’ll be providing an opportunity for startups to build a partnership with us and a chance to sit at the same table with the big guys and global companies.

Join now and take your business worldwide!

source

Auto-future – today.

Having recently been in Maranello to see the unveiling of the new Ferrari F1 racing car, I want to return to the automotive theme for this post. Because coming up there’s a new chapter in the ~250-year history of the automobile. It’s a biggie in itself, but there’s a security aspect of this new chapter that’s even bigger. But I’m getting ahead of myself. Time to engage reverse, and go over this biggie first…

Of late, the headlines have been pretty interesting regarding the modern automobile– plus what one will look like in a few years to come. Examples: California will legalize the testing of self-driving cars on public roads, Swedish gravel trucks will load up, drive for miles and unload with no driver at the wheel, and KAMAZ has come up with a driver-less electric mini-bus. Google, Yandex, Baidu, and who knows how many other companies from different spheres and countries are developing driverless projects. Of course, some of the headlines go against the grain, but these are mere exceptions it seems.

And just recently I was at the food processing plant of Barilla (our client, btw) in Italy, and saw more automation than you can shake a spatula at: the automated conveyor delivers up tons of spaghetti; robots take it, package it, and place it into boxes; and driverless electric cars take it to and load it into trucks – which aren’t yet automated but soon will be…

So, self-controlled/self-driving vehicles – they’re here already, in some places. Tomorrow, they’ll be everywhere. And without a trace of sarcasm, let me tell you that this is just awesome. Why? Because a transportation system based on self-driving vehicles that operate strictly to a set of rules, has a little chance of degradation of productivity. Therefore, cars won’t only travel within the prescribed speed limits, they’ll do so faster, safely, comfortably, and of course – automatically. At first there’ll be special roads only for driverless vehicles, later – whole cities, then countries will be driverless. Can you imagine the prospects for the upgrade market for old driver-driven cars?

That out the way, now comes the interesting bit – the reason for so many words in this here blogpost. Let’s go!…

Read on…

New transparency – in Madrid!

Hola, amigos!

Toward the end of last year we opened our first Transparency Center and a Data Center in Zurich, Switzerland, dedicated to processing data for our customers in Europe. Though that’s just short of five months ago, it’s become clear that this large-scale project reflects perfectly the current concerns regarding the cybersecurity industry in today’s geopolitical climate.

Both the business community and government agencies are reeeaaaal keen on one thing at the moment: crystal clear transparency. And no wonder! In times when any company can be accused at the highest official level of whatever digressions can be thought up – with zero evidence (are you following the Huawei saga?) – both business and state regulators all over the world are left with no other option than to conduct their own analysis and seek out the actual facts (and also use something that is alarming lacking of late: common sense).

It was for this reason that our first Transparency Center has turned out to be both very timely and very useful: it’s visited regularly by our partners and European officials. And I’m very pleased that we’ve become pioneers in the cybersecurity industry with our global openness initiative.

And on the back of the early successes of our Zurich centers, to continue the meet the needs of the market we’re opening another Transparency Center – in Madrid. Hola, amigos! Besides, by the end of the year we’ll open yet another – in Asia.

The function of the new centers will be the same: accessing both our source code and updates. And in Spain colleagues will be on hand to tell visitors about the finer details of our technologies, products and services – in the showroom there.

So, soon, expect to see the pics from the grand opening – right here on this blog. Stay tuned!

Kaspersky Lab’s Data Center in Zurich

And just in, some more news on the theme of ‘demolishing myths’…

We’re publishing some research findings of a respected independent expert on Russian legal matters – Prof. Dr. Kaj Hobér of Uppsala University, Sweden. The professor has been studying the intricacies of the Russian legal system now for more than 30 years. He started this back when Russia was still in the Soviet Union, having lived for several years in Moscow. And he’s been an arbiter in over 400 arbitration cases. In short, a very impressive CV and a very impressive individual, whose utmost professionalism it’d be hard to doubt.

His research concerns three Russian laws relating to the processing and storage of data. Now, some ‘experts’ and journalists often make reference to these laws when they write about KL. But doing so is just soooo off the mark! This independent analysis proves how we (KL) aren’t bound by any of the three laws – for one simple reason: we aren’t an internet service provider or mobile phone company! For it’s only internet providers and mobile operators that are bound by the three laws. We aren’t. And that’s that! So, let’s take, say, the Yarovaya law: it’s not our headache at all, as it doesn’t affect us at all!

So please, dear experts and journalists and bloggers, please base your judgements on facts, logic, and now independent irrefutable expert analysis – not on the country a company may hail from or on the sensationalist false allegations serving the current geopolitical agenda.

 

The anatomy of modern fake news: Latvian version.

“… it is established that the information in the published article – the subject matter of these proceedings – is unsubstantiated. Therefore, the court recognizes the lawsuit to be reasonable, and hereby rules to oblige the respondent to apologize in written form to the plaintiff, and publish, at his own expense, … the full text of the apology.”

That’s an extract from the recent Riga court decision on our lawsuit against the Latvian politician Krišjānis Feldmans, which lawsuit sought the protection of our business reputation. And I do hope it will make others think twice about blindly copy-pasting the lies of a handful of U.S. media based on politically-motivated anonymous official-agency sources in the interests of the current geopolitical agenda. But I’m getting ahead of myself. Let me go back to the beginning of this tale…

Source

Read on…

Cyber-news from the dark side: Japanese legal hacking; iKeychain hack; 2FA -> $0; an Iranian cyber-whodunit; and a USB-eating leopard seal.

Privyet boys and girls!

Herewith, the next in my periodic/occasional cyber-news cyber-shocker-bulletins: a few stories of the cyber-interesting, the cyber-this-news-just-in, and the cyber-absurd…

State-sanctioned hacking!

The Japanese government is believed to be planning to hack 200 million IoT devices of its citizens. And that’s not science fiction folks; it looks like it’s for real. Indeed, it’s how the Japanese are preparing for the Olympics to be held in Tokyo in 2020 – and it’s all legal of course, since it’s the government who’s behind it. So their citizens’ gadgets will be hacked using the cybercriminals favorite method: using default passwords and password dictionaries. If a device is found to have a weak password, bureaucrats will enter the device into a list of unsecure gadgets, which list will then be handed over to internet service providers, which will be expected to inform subscribers and have them make their devices secure by changing the password. It’s all being done as a resilience test in the run-up to the Olympics, to work out if IoT devices in the country are sufficiently protected, and to try and prevent their use in attacks on the Olympics’ infrastructure. The methods to be used for this ‘test’ can easily be disputed, but the fact that the authorities are doing something concrete so well in advance is certainly a good thing. For let’s not forget that the Olympics have been targeted before – and not all that far away from Japan.

iOops!

An 18-year-old hacker, Linus Henze, has published a video highlighting a startling weakness in MacOS – specifically its Keychain program, which stores and secures a user’s many passwords. The teenager used a zero-day to develop his own app that can scan the full contents of the keychain.

Curiously, intriguingly, Mr. Henze isn’t planning on sharing his research and his app with the tech giant, since Apple still doesn’t run a bug-bounty program. So that leaves the company with two options: negotiate with the expert (which would be an unprecedented move for Apple), or consider trying to remedy the issue themselves – which they may or may not be able to do, of course.

Meanwhile, you, dear readers, need not fear for the safety of your passwords! Since there do exist (who’d know?!) fully secure, cross-platform password managers out there. And researchers – there do exist software companies that run bug-bounty programs ).

Even two-factor authentication can be hacked now.

Bank accounts being emptied by cyber-thiefs is on the up. One example recently involved accounts held at the UK’s Metro Bank. And the method used for the robberies involved intercepting text messages sent to account-holders’ phones for two-factor authentication. Now, 2FA is a good thing: it’s an extra layer of security and all that, so why not? It’s just that SMSs are by far not the most secure way to transfer data. For example, vulnerabilities can be exploited in the SS7 protocol, which is used by telecoms operators the world over to coordinate how they route texts and calls. If cyber-baddies manage to access the mobile network of an operator, they’re able to re-route messages and calls without the user being any the wiser. First they’d need to know your login and password for online banking, but that isn’t beyond the abilities of modern-day cyber-villains with their crafty keyboard spies, phishing tactics, or banking Trojans.

Once inside the online bank, the criminals send a request for a money transfer and intercept the message with the one-time code from the bank. The code is entered, and the bank transfers the funds, since both the password and the code were correctly entered. And the criminals are laughing all the way to the bank, as it were ).

So what can you do to stop such a scenario happening to you? Here are a couple of tips:

  • Never tell anyone your login or passwords – even to a bank employee, but you’ll probably know that one: banks helpfully remind us whenever they can.
  • Protect your devices from malware with a reliable antivirus app. There is one I happen to know of… but no – you choose the one you want ).

Cyber-spying on foreign diplomats in Iran – but whodunit?

Our researchers just recently discovered multiple attempts at infection of foreign diplomatic missions in Iran with some rather primitive cyber-espionage malware. The backdoor is presumed to be associated with the hacking group know as Chafer, which happens to ‘speak’ Farsi, and which is thought to have been responsible for cyber-surveillance on individuals in the Middle East in the past. This time, they cybercriminals used an improved version of the Remexi backdoor, designed to remotely control (as administrator) a victim’s computer.

Remexi software was first detected in 2015 when it was used for illegal surveillance of individuals and organizations across the whole region. The Windows-targeting surveillance-ware can exfiltrate keystrokes, screenshots, and browser-related data like cookies and history.

Much ‘home made’ malware is used in the region – often in combination with public domain utilities. But who’s behind these particular attacks? Finding out is made all the more difficult by the very fact that the malware is homespun; it literally could be anybody: Iranians, or non-Iranians pulling a false-flag operation. Alas, false flags are on the up and up and look set to remain so.

“Well, actually… a seal ate my USB stick, sir.”

In New Zealand, one day out walking a vet observed a clearly unwell leopard seal on a beach. As any concerned vet would, he proceeded to… scoop up a lump of the poorly seal’s poop and took it off for analysis. He was expecting to find therein some ghastly little parasites or viruses or what have you, but instead found… a USB stick. After much disinfection (I hope), the vet stuck the thumb drive into his computer (don’t try any of this at home kids, but this was a special case). And guess what? Thereon were stored lots of photos of the beautiful New Zealand scenery! Now the vet and Co. are seeking the owners of the USB – using this here video. Recognize it, anybody?