Kaspersky wants digital passports
Advanced security threats require advanced solutions,
In the '90s we had cyber hooligans and cyber vandals who wrote viruses just for the fun of it. In the first decade of the 21st century, cyber criminals aimed at enriching themselves. Today, with the discovery of the new Stuxnet worm, the world is facing the threat of cyber terrorism.
Eugene Kaspersky warns of the beginning of a new world of cyber terrorism.
The world has changed and the borderless nature of cyber terrorism means the current concepts of jurisdiction and laws within national borders only hinder those who try to help and end up aiding the criminals. This has to change.
Eugene Kaspersky, founder and CEO of Kaspersky Labs, explained that because the modern world depends on the Internet, there are no longer any borders, so regulation and policing must be done via some sort of digital Interpol.
The new Stuxnet worm is the first piece of malware that was designed with what his team termed "immense resources", both in terms of skill and money, quite probably by a national government. It is also the first time such a virus has been designed not to steal money or information, but to damage industrial SCADA networks _ those that run robots in factories or even power plants and nuclear power plants around the globe.
This, Kaspersky said was cyber terrorism, and the world's governments and police forces are simply not ready to deal with it.
Interpol is designed to deal with traditional crime. It wants to become the focus for coordinating Internet policing but it simply does not have the resources. The European convention on cyber crime failed, as did a similar initiative by the Malaysian government.
"Governments are beginning to understand the problem is very serious. The bad news is that governments are still behaving within their national borders. You have to think internationally. The Internet doesn't have borders," he said.
So whose role will it be? Kaspersky will be giving a speech at the UN International Telecommunications Union (ITU) in Mexico later this year and he hopes action will arise from the meeting.
Kaspersky Labs started with a team of four engineers back in 1997. Back then there were only cyber hooligans and almost no anti-virus industry. Just paying the bills at the end of the month was a challenge.
Today, Kaspersky has offices around the globe with a small group of engineers who are passionate about malware and anti-malware.
In its home market of Russia, Kaspersky has a 50 percent market share of both the personal and corporate anti-virus markets.
"We have cool technology and very cool products," he said.
Earlier, Kaspersky said that today he is a traveller and an envoy with a message. This message is that the current architecture of digital systems, of networks and operating systems, is not secure and must be renewed and changed soon.
Kaspersky's vision is of an Internet with digital passports to identify people doing certain tasks. Now everyone _ casual browsers can still go about their business anonymously, but anyone posting to or hosting a site will have to have a digital passport to sign their actions. Digital passports are the only way towards achieving the vision of digital government many countries aspire to.
Security and privacy will never come together. In the airport, there is no privacy, but there is security. In some cities, there is more privacy but less security. The goal is to strike a balance.
One way out might be a division of the Internet. On the one hand, the current Internet as we know it will remain open, but banks, corporations and even governments, and anyone doing business with them, might demand the use of a secure network, with digital fingerprints collected everywhere.
A new, forensically secure network is needed, as even with today's trusted hosts, there is the problem that a trusted server will be compromised.
Kaspersky said that the argument of privacy versus security is not as big an issue in the real world as idealists would like to make it out to be.
Anonymity is mostly used by bad guys and most good guys say they have nothing to hide. However, the issue of anonymity and privacy has been turned on its head, especially in Japan, where criminals log screenshots of people's private browsing to blackmail them. It is the criminals who survive by remaining anonymous, while the victim loses because his privacy is compromised.
Kaspersky, the person, started off as a software engineer, then went into support, sales and PR.
"I was an average software engineer, but I managed to find geniuses to do my job better," he explained.
So, does he miss coding? While he no longer codes for his company, Kaspersky still writes programs for fun. Last winter, he was at an Antarctic station and had to write a program to keep the Internet connection to the Iridium satellites alive by pinging a certain IP address at regular intervals so data could be sent back.
Rather than doing it in a high level language like C or C++ or a shell, Kaspersky created a little program to do that in Assembler, the closest programmers get to machine code these days, just for the challenge of it.
Asked how he viewed Intel's acquisition of anti-virus competitor McAfee and of Intel's vision of security on a chip, Kaspersky laughed and thanked Intel for removing one major competitor from the market.
"It is not new. I first saw Intel AV in 1992 and it was discontinued. The first AV on a chip was in 1991. It's not news. It's not a magic bullet. It's just an extra part of the solution," he said.
The biggest problem he said was one of image. Intel Anti-virus sounds like Coca-Cola chocolate or Russian tea or Chinese vodka _ or, he stressed, Microsoft Security. Kaspersky was adamant that Microsoft's takeover of a certain Romanian security company did not fail because of anti-trust concerns, but rather because of a mismatch between its image and the security industry.
Kaspersky's four pillars
Earlier, Magnus Kalkuhl, Director of Kaspersky's Global Research and Analysis Team (Great) in Europe, said Kaspersky may be known for fighting viruses, but it is only one of four pillars they hold true to.
These are user education; fighting malware with technology; research; and finally cooperating with the industry, with other researchers in the industry and with banks and police to make the Internet a safer place.
A lot can be achieved with user education. Just ensuring the latest patches are present through user education could have prevented the Aurora worm, for instance.
In the realm of education, Kaspersky supports university students in projects and challenges relating to security.
Going forward, Kalkuhl says that this year might mark the beginning of exponential growth in smart phone malware.
Since the first smart phone virus, Cabir, emerged in 2004, things have not changed much, but today he is seeing interesting new malware for both Android and iPhones.
This will only become more important once these operating systems are embedded in smart household appliances and cars.