Tag Archives: it industry

Five Years Trudging Through the Evolving Geopolitical Minefield.

[Originally published at Forbes]

“The hardest thing of all is to find a black cat in a dark room, especially if there’s no cat.”
– Ancient wisdom, commonly attributed to Confucius

For nearly five years, Kaspersky Lab has been in the line of fire from a handful of sources, which falsely report that we have covert and unethical ties to government organizations, possibly pose a threat to U.S. national security and/or our U.S. business is failing. That’s half a decade of news investigations, assumptions, hearsay, rumors, manipulations of publically available data, anonymous sources, conspiracy theories and fabrications. After five years – how much proof and concrete facts have they come up with? None. Nada. Zero. Zilch!

When politics use the news to shape facts, no one wins

And unfortunately, yesterday, a U.S. government agency sent out a directive for federal agencies telling them to stop using our products. I guess the good news is that U.S. government sales have not been a significant part of the company’s activity in North America. So, while unfortunate, we’ll continue to keep our focus on protecting our real customer base, enterprises and consumers.

Why are all these events occurring, you ask?

As I’ve stated numerous times, there is no evidence to confirm these false media reports, because Kaspersky Lab does not have inappropriate ties to any government.

In a way, I’m thankful for such an elaborate, long-term audit that’s found nothing amiss, but if anything is helping to verify my company’s commitment to transparency. As our customers and partners know firsthand, transparency and trust are the foundations of our 20-year-old business, and these guiding principles will never change, regardless of geopolitical tensions or inaccurate media representations.

Geopolitical debates don’t need truth; blame can be assigned by default without any evidence

During recent months, the heat has been cranked up several notches, as Kaspersky Lab became a talking point during U.S. Congressional hearings in which government officials express their concerns about KL’s products. But similar to sensational media reports, there’s a lack of facts or proof to validate any potential concerns, given that we haven’t done anything wrong.

In fact, I’ve repeatedly offered to meet with government officials, testify before the U.S. Congress, provide the company’s source code for an official audit and discuss any other means to help address any questions the U.S. government has about Kaspersky Lab – whatever it takes, I will do it. And I look forward to working with any agency or government officials that are interested.

And while we continue to suffer from these meritless accusations, the U.S. government continues to take actions against our products. These moves have even led to reports of a former national security expert agreeing that Kaspersky is being treated unfairly. In addition, serious concerns have been raised by some of the actions among cybersecurity experts, journalists and analysts as it violates an established transparency and due process for government contractors, breaks the presumption of innocence principle and sets up a very disturbing precedent that fuels national cyber protectionism.

So what exactly is going on? Well, it looks to me like the reason for being shunned (despite our many offers to assist) can only be one thing: geopolitical turbulence.

Whenever there are tensions at the government level, the business is always the one to suffer. But what is there to do when the selected target (my company) happens to provide the best cybersecurity products and cyberthreat research in the world? There is only option left: concentrate on the origin of the given company.

A recent article in the Washington Post sheds some light on the possible prime cause of the situation, which was being considered during the former president’s administration:

Despite a lack of evidence as to the reasons why we’re being targeted, one thing does seem to be crystal clear: we are caught in the middle of a geopolitical fight. And there will never be any evidence to prove these false accusations against us since we’re innocent; but instead you’ll just continue to see a lot of unfounded allegations, conspiracies and theories – which are alarmingly and unfortunately contagious.

As I’ve said before, it’s not popular to be Russian right now in some countries, but we cannot change our roots, and frankly, having these roots do not make us guilty.

Perhaps what’s most unsettling of all is that other cybersecurity companies from other countries may soon be in the same position as us. Geopolitical debates don’t need truth; blame can be assigned by default without any evidence.

Let’s take a look at the even bigger picture — these reckless actions can negatively impact global cybersecurity by limiting competition, slowing down technology innovations and ruining the industry and law enforcement agency cooperation required to catch the bad guys.

For several years, the landscape has become even more treacherous for companies caught in the minefield of geopolitics, and as a result, different businesses have become unwitting pawns in the game of high-level geopolitical chess. Australia bans China, the U.S. bans Russia, Russia bans the U.S., China bans everyone…sometimes I can’t believe my eyes when I read what’s going on in the 21st century. Why are countries ceasing to cooperate in the fight against the common cybercriminal enemy?

Tackling cybercriminals is possible only if we – the good guys – can overcome national boundaries, just as the cybercriminals do. Only joint efforts by law enforcement agencies of different countries can lead to success, and during recent years, thanks to such cooperation many cyber-villains have been put behind bars. That’s why we legally cooperate with cyber-police of different countries, and also international organizations like INTERPOL and Europol. Without cooperation, there won’t be any coordinated actions against cybercrime; consequently, there’s impunity for the cybercriminals and cyberattacks continue to thrive. People, businesses and economies all suffer.

I see how the fragile foundations of international cooperation in cybersecurity are splitting at the seams. Relationships between some countries are being pushed back 15 years. It’s not clear when the seemingly interminable geopolitical storm will pass, or how long it will take to reestablish good working relationships.

Who will win from the Balkanization of the security industry? Yes, that was a rhetorical question.

In any situation, it’s possible to find the positive. Thanks to this long-winded geopolitical storm, we’ve become more transparent than any other cybersecurity company in the industry. We’ve rallied around our company cause like never before, and our employees continue to stand with their heads held high knowing we will prevail in the end.

Despite the challenges, we continue to protect our users around the globe from any cyberthreat there is, regardless of its origin or intention. Now let me get back to work – there’s always much to do when saving the world from cyberthreats.

Politics is a dirty sport, sad to see it shape #cybersecurity. @e_kaspersky comments on recent DHS directiveTweet

Separating The Facts From The Assumptions.

[originally published at Forbes]

I was both astonished and, more so, frustrated by the recent op-ed by U.S. Senator Jeanne Shaheen in the NYT. It is not only damaging the reputation and livelihood of the 300-plus Kaspersky Lab employees in the United States, but also detracting from valid concerns about the ability of different nations to engage in cyberespionage and to direct digitally enabled attacks against critical infrastructure.

But I won’t argue almost every point in the piece here; you can see our post in which we explain how the ‘facts’ in it are anything but accurate.

I want to tell you another story here. A story of our interconnected world  – where geopolitical fears are not driving trade wars or aggressive protectionism. In this world, we have the opportunity to choose not just American, Russian, Chinese or Japanese – we can choose the best. Or the worst. Or proudly choose domestic. But we have the right to choose. And that is a cornerstone of modern democratic society – freedom of choice. And it’s a cornerstone of U.S. economic dominance. Customers all around the world can choose the best operating systems, the best smartphones, and the best software. And almost always, it’s an American product. And people choose it not because of its origin or because the government told them to, but because they want to. Look at the top-10 largest companies based on market value. Eight are American, two Chinese. Do you think they’d be doing so well if governments around the world banned them?

Are we now banning companies based on its origin? Is it really the path we go on now? Imagine just how easy it is for any other country to exclude, for example, Microsoft, Oracle, SAP, Hitachi from governmental contracts based on allegations and speculations, without evidence saying “They’re a potential threat…; we’re very concerned about them [foreign software developers] and the security of our country!”

Also, information security is a different challenge all together. To be the most effective, the cybersecurity community needs to work side-by-side with industries and governments to actively fight cybercriminals and cyberterrorists. Given that these attackers don’t respect geopolitical borders, working together, versus isolation, is the key to making significant steps in the fight against cyberattacks. Unfortunately, misinformation and inaccurate perceptions are driving forward a dangerous agenda that may impact global cybersecurity, as origin may start dictating what technology is used instead of being able to choose the best solutions and experts available.

Internet balkanization is already here. More and more countries developing protectionist legislation making it harder and harder for global companies to cooperate and share data. Trust between countries, companies and customers is corrupted. CEOs of well-known companies warn against such policies. “The biggest barriers I think that we see are not around engineering. It is around regulation. It is around protectionism. It is around trust, or lack thereof. It’s around policies and procedures,” says Xerox Chairman and CEO Ursula Burns. Apple CEO Tim Cook also praised globalization as generally “great for the world” and cautioned against isolationism.

No less important is the fact that the main beneficiaries of internet balkanization are cybercriminals. “US citizens lost over two billion personal records…over 100 million Americans had their medical records stolen,” according to Steve Langan, chief executive at Hiscox Insurance. Moreover, we are ready to support U.S. law enforcement agencies in the fight against cybercrime, in particular with the fight against Russian cybercrime. We have many cybersecurity experts based in Russia who are often the first to detect and protect from the threats coming from the cradle of cybercrime. They did it two years ago with Carbanak, one of the biggest cyber gangs in history. They did it earlier this year when we announced our research on Lazarus, the North Korean hacking group attacking many victims around the world, including Sony Pictures. We want to help, but unfortunately the current geopolitical turbulence and recent allegations do not help us in protecting America.

Are we returning to the days of McCarthyism? When did it become OK to declare a company is guilty without one shred of public evidence? In addition, while the U.S. has talented cybersecurity experts, smart people, who are dedicated to fighting cybercriminals, are born and educated all around the world. If the most sophisticated cyber threats are coming from countries outside of the U.S., don’t you think using cyberthreat data and technologies from experts located in those countries might be the most effective at protecting your valuable data, especially given that they are fighting against those local threat actors every day?

It is time to separate geopolitics from cybersecurity. We need to work together globally. Kaspersky Lab has good relationships and regularly helps law enforcement agencies all over the world fight cybercrime, and we hope the U.S. will also consider learning more about us, and who we truly are, versus the rhetoric and false assumptions. We’re ready to demonstrate that we have nothing to hide, and that we only want to help defeat cybercriminals and prevent cyberattacks.

With that said, I previously offered to meet with Senators, Representatives, Committees, and federal agencies, publicly or privately, to answer any questions regarding my company or me. The offer still stands.

How Bloomberg Just Edited an Agricultural Newspaper.

History tends to repeats itself, its lessons not having been learned.

Sometimes the new does start to resemble the dystopian visions of the future of old, which our parents, grandparents and great-grandparents had nightmares about and/or read about in the caustic satirical works of the day. O tempora, o mores: nightmares, satire and dystopia – sure, they’re becoming reality, but guess where in particular – in journalism.

More than 85 percent of the company’s revenue comes from outside of Russia, so why would we ever put all of that at risk?

Since childhood there’s been a story I’ve never been able to forget – and wouldn’t want to. It’s Mark Twain’s short tale called How I Edited an Agricultural Paper (Once). Remember it? If you’ve read it’s a  silly question – it’s impossible to forget. Not read it? Spend five minutes doing so now. Why? Well… it’ll save me having to explain something of importance and… you’ll never forget it! Though written nearly 150 years ago, it will open your eyes to the levels of competency, the motivations and the methods applied by a handful of modern-day headline-chasing journalists. And after that prestigious intro to today’s topic, we’ll go through Bloomberg’s latest fictional tale and dissect some of its false accusations, much as we did with its earlier volley of banya journalism.

Inaccuracy One.

To get a turnip It is better to send a boy up and let him shake the tree.

Just as a fish rots from the head down, so too here – the rot set in with the article’s heading:

Here, folks, we have: lies, with a sprinkling of manipulated information based on misconstrued facts to serve an agenda. Yes, seriously!

Read on: When geopilitics kill common sense…

A Tricky Choice out of Few Alternatives.

Ok. Let’s solve – not the trickiest – but still not the most trivial of tasks.

This year for Christmas I’d like a new laptop – a better, tougher one. I’ve only had the one I’ve got now a little over a year, but with my business schedule and the computer’s constant use and abuse, it’s on its last legs already. It looks tatty, and the keyboard feels like it’s going to fall apart. So, yes: I need an upgrade…

dsc02564

But what device should I get? Crikey. Where to start? Ah yes – at the beginning: with my requirements…

My user requirements aren’t too convoluted, but then again – they’re not mere email/ messenger/ Instagram/ Pokemon, either. Here they are:

  • Office, email, browser, different editors and messengers;
  • It needs to be able to withstand an intensive workload;
  • I’d like a bigger screen than the norm (13″+);
  • A full-size keyboard would be good too.

Straight away that rules out smartphones and tablets, and it looks like a mid-size laptop is the way to go.

But which operating system? Well, the list of options isn’t that long these days: Windows, Mac, Linux.

Every system is good – in its own way…

Read on: It turns out there is no choice…

That’s It. I’ve Had Enough!

Hi Folks!

Meet David, the magnificent masterpiece sculpted by Michelangelo at the start of the 16th century. A photo of his face with that curious furrowed brow featured on our very first anti-cyber-vermin security product at the beginning of the 1990s. Some thought the pic was of me! I still don’t see why; I mean, have you EVER seen my face clean-shaven… and as white as a sheet? )

 5868830789_df6e1b84a2_o

The choice of David for the retail box was far from random: we found we were kindred spirits – both very much underdogs. KL was a small young company from nowhere throwing down the gauntlet to global cyber-malice in an established international security market; David was the small young guy throwing down the gauntlet to the giant Goliath.

Throughout the years the boxes have changed, but one thing that hasn’t is our… Davidness.

Fate threw plenty of obstacles in our path that could have easily seen us off, but we persevered, hurdled those obstacles – often alone – and became stronger.

To everyone’s amazement we gave users the best protection in the world and became one of the leaders in the global market. We took it on ourselves to fight patent trolls practically alone, and are still successfully fighting them. (Most others prefer to feed them instead.) And despite the rise in parasites and BS-products, we continue to increase investment in true cybersecurity technologies (including true machine learning) for the protection of users from the cyberthreat avant-garde.

Thus, with just a ‘sling and stones’ we slowly but surely keep on killing Goliath ‘saving the world’: regardless of the geopolitical situation, and from any sort of cyberattacks – regardless of their origin or purpose.

And now, fate has brought us a new challenge. And not only us: this is also a challenge for all computer users and the entire ecosystem of independent developers for Windows.

Read on: David vs. Goliath, ver. 2016…

The Internet of Harmful Things.

In the early 2000s I’d get up on stage and prophesize about the cyber-landscape of the future, much as I still do today. Back then I warned that, one day, your fridge will send spam to your microwave, and together they’d DDoS the coffeemaker. No, really.

The audience would raise eyebrows, chuckle, clap, and sometimes follow up with an article on such ‘mad professor’-type utterances. But overall my ‘Cassandra-ism’ was taken as little more than a joke, since the more pressing cyberthreats of the times were deemed worth worrying about more. So much for the ‘mad professor’…

…Just open today’s papers.

Any house these days – no matter how old – can have plenty of ‘smart’ devices in it. Some have just a few (phones, TVs…), others have loads – including IP-cameras, refrigerators, microwave ovens, coffee makers, thermostats, irons, washing machines, tumble dryers, fitness bracelets, and more. Some houses are even being designed these days with smart devices already included in the specs. And all these smart devices connect to the house’s Wi-Fi to help make up the gigantic, autonomous – and very vulnerable – Internet of Things, whose size already outweighs the Traditional Internet which we’ve known so well since the early 90s.

Connecting everything and the kitchen sink to the Internet is done for a reason, of course. Being able to control all your electronic household kit remotely via your smartphone can be convenient (to some folks:). It’s also rather trendy. However, just how this Internet of Things has developed has meant my Cassandra-ism has become a reality.

SourceSource

Read on: The phantom ransomware menace…

Laziness, Cybersecurity, and Machine Learning.

It’s just the way it is: the human being is a lazy creature. If it’s possible not to do something, we don’t do it. However, paradoxically this is a good thing, because laziness is… the engine of progress! What? How so? Well, if a job’s considered too hard or long-winded or complex for humans to do, certain lazy (but conscientious) humans (Homo Laziens?: ) give the job to a machine! In cybersecurity we call it optimization.

Analysis of millions of malicious files and websites every day, developing ‘inoculations’ against future threats, forever improving proactive protection, and solving dozens of other critical tasks – all of that is simply impossible without the use of automation. And machine learning is one of the main concepts used in automation.

Machine learning has been applied in cybersecurity for more than a decade – only without marketing fanfare.

Automation has existed in cybersecurity right from the beginning (of cybersecurity itself). I remember, for example, how back in the early 2000s I wrote the code for a robot to analyze incoming malware samples: the robot put the detected files into the corresponding folder of our growing malware collection based on its (the robot’s) verdict regarding its (the file’s!) characteristics. It was hard to imagine – even back then – that I used to do all that manually!

These days however, simply giving robots precise instructions for tasks you want them to do isn’t enough. Instead, instructions for tasks need to be given imprecisely. Yes, really!

For example, ‘Find the human faces on this photograph’. For this you don’t describe how human faces are picked out and how human faces differ from those of dogs. Instead what you do is show the robot several photographs and add: ‘These things here are humans, this is a human face, and these here are dogs; now work the rest out yourself’! And that, in a nutshell, is the ‘freedom of creativity’ that calls itself machine learning.

SourceImage source

Read on: ML + CS = Love…

The Artificial ‘Artificial Intelligence’ Bubble and the Future of Cybersecurity.

I think the recent article in the New York Times about the boom in ‘artificial intelligence’ in Silicon Valley made many people think hard about the future of cybersecurity – both the near and distant future.

I reckon questions like these will have been pondered on:

  • Where’s the maniacal preoccupation with ‘AI’, which now only exists in the fantasies of futurologists going to lead to?
  • How many more billions will investors put into ventures which, at best, will ‘invent’ what was invented decades ago, at worst – will turn out to be nothing more than inflated marketing… dummies?
  • What are the real opportunities for the development of machine learning cybersecurity technologies?
  • And what will be the role of humans experts in this brave new world?

Sometimes when I hang around with A.I. enthusiasts here in the valley, I feel like an atheist at a convention of evangelicals.

Jerry Kaplan, computer scientist, author, futurist and serial entrepreneur (inc. co-founder of Symantec)

What’s going on now in the field of ‘AI’ resembles a soap bubble. And we all know what happens to soap bubbles eventually if they keep getting blown up by the circus clowns (no pun intended!): they burst.

Now, of course, without bold steps and risky investments a fantastical future will never become a reality. But the problem today is that along with this wave of widespread enthusiasm for ‘AI’ (remember, AI today doesn’t exist; thus the inverted commas), startup-shell-companies have started to appear.

A few start-ups? What’s the big deal, you might ask.

The big deal is that these shell-startups are attracting not millions but billions of dollars in investment – by riding the new wave of euphoria surrounding ‘AI’ machine learning. Thing is, machine learning has been around for decades: it was first defined in 1959, got going in the 70s, flourished in the 90s, and is still flourishing! Fast forward to today and this ‘new’ technology is re-termed ‘artificial intelligence’; it adopts an aura of cutting-edge science; it gets to have the glossiest brochures; it gets to have the most glamorously sophisticated marketing campaigns. And all of that is aimed at the ever-present human weakness for belief in miracles – and in conspiracy theories about so-called ‘traditional’ technologies. And sadly, the cybersecurity field hasn’t escaped this new ‘AI’ bubble…

artificial-intelligence

Read on: Too much AI will kill you…

Uh-oh Cyber-News: The Future’s Arrived, and Malware Back from the Dead.

As always for this ‘column‘, I’ll be giving you a round-up of some of the most eek recent items of cybersecurity news, which might not have made the headlines but which are no less eek for that. And as usual, it’s all mostly bad news. There are still a few reasons to be optimistic though – but only a few. Eek!

Uh-oh Cyber-News Item No. 1: The Future’s Arrived.

news-1A screenshot from Blade Runner

Many authors like to fantasize about how things will be in the future. Often, science fiction writers come up with deep philosophical reflections upon man and his place in the Universe. There’s Russia’s Strugatsky brothers, there’s Philip K. Dick, and there’s Arthur C. Clarke (plus his ‘translator’ to the silver screen Stanley Kubrick), for example. And very often such deep philosophical reflection is rather bleak and scary.

Other times, the reflection is a little less deep and philosophical, but no less likely to one day lead to reality – in fact, oftentimes more so. This is where I make appearances!…

So. Back in the first decade of this century, during my presentations your humble servant liked to tell fun ‘scare’ stories about what could happen in the future. Example: a coffeemaker launches a DDoS attack on the fridge, while the microwave works out the factory PINs of the juicer so it can then show text-adverts on its digital display.

Fast forward less than a decade and such ‘sci-fi’ is coming true…

Read on: Computer worms rising from the dead…

Artificial Intelligence: Artificial Truth – Here and Now.

Artificial intelligence… Two words which together conjure up so much wonder and awe in the imagination of programmers, sci-fi fans and perhaps just about anyone with an interest in the fate of the world!

Thanks to man’s best friend the dog R2-D2, the evil Skynet, the fantastical 2001: A Space Odyssey, post-apocalyptical androids dreaming of electric sheep, and maybe also Gary Numan, everyone is pretty well familiar with the concept of artificial intelligence (AI). Yep, books, the big screen, comics, er… mashed potato advertisements – AI is in all of them in a big way. It also features heavily in the marketing materials of recently-appearing and exceptionally-ambitious cybersecurity companies. In fact, there’s probably only one place today where you can’t find it. Thing is, that single place happens to cover practically everything that makes up this world and all the life in it: the not-so-insignificant sphere called ‘real everyday life‘.

SourceSource

It’s common knowledge that since the days of Alan Turing and Norbert Wiener (that is, around the mid-20th century) computers have come on in leaps and bounds. They learned how (rather, they were taught how) to play chess – and better than humans. They fly planes, now also cars on the roads. They write newspaper articles, catch malware and do tons of other useful – and often not so useful – things. They pass the Turing test to prove possession of intelligent behavior equivalent to a human. However, a chatterbot simulating a 13-year-old capable of nothing else – that is just an algorithm plus a collection of libraries. It is not artificial intelligence. Not convinced? Then I advise you simply look up the definition of AI, then that of an algorithm, and then look at the differences between the two. It’s not rocket computer science.

We are currently witnessing yet another wave of interest in AI across the world. Which number this wave is I’ve lost track of…

Read on: People that don’t know what they’re talking about…