Recently IT Brief had the opportunity to sit down with Vitaly Kamluk, the Director of Kaspersky’s GReAT team. We discussed the current state of cyber security as well as the future of the internet.
To start off with can you tell me a bit more about GReAT & what it is you do?
Well, GReAT is a team that Eugene decided to create when he anticipated that big changes were coming, this was 2008, a time before APT attacks were a thing. No one knew about targeted attacks but Eugene felt that something was coming from the nation states we probably detected it but we just didn't know where it lies and what it really does.
So he had this idea to start a team called GReAT focusing on the most sophisticated threats and that was quite interesting to me because I like harder tasks, that’s how I got involved with the team.
Our goal is to secure the internet, help solve global problems and apprehend sophisticated threats which are hard to analyse and require close attention.
Let's talk a bit about targeted attacks, what sets them apart from regular Cyber attacks? Why are they so dangerous?
Well they're harder to to discover and that's on purpose, when we dealt with cyber criminals before 2010 we were used to the idea that criminals and attackers will try to spread malware as wide as possible, so every infection they could monetise and convert into money, however, with targeted attacks that isn’t the case.
With targeted attacks, criminals didn’t hit too many targets instead launched precise attacks on purpose because they want to stay below the radar.
The initial objective was also different for them when you infect many computers you can monetise, so the purpose was money, however, the targeted attacks started in order to get intelligence information.
It originated from nation states and a lot of attacks still come from these states, they don't steal to gain financial profit, they do it to gain information and a strategic advantage over victims like geopolitical intelligence or military plans.
So when it comes to discovering these threats how do you go about it?
Well, we’re looking for anomalies, something that stands out, something that helps you pick up the first trace. Once the first trace is discovered we try to pull the strings that are attached, there are technologies that help you do this, and then of course mistakes made by the attackers, sometimes their algorithms can be can be wrong and this is what we can leverage.
Basically, we are looking for ways to exploit their mistakes which helps us to discover more and more files related to the incident. In the end, we share all this knowledge with either the general public, our subscribers or customers that want to consume this type of information. Sometimes we find that sharing the information with the general public gives criminals time to fix their mistakes or disappear.
When we talk about the future of the internet what are some of the most concerning trends you see?
Well, we’ll probably become blind to certain offensive threats. So something that was coined as a cyber war, in my opinion, has an invisible nature. Cyber espionage is just one part of it. It's just reconnaissance its part of any military action, you do the reconnaissance and then you strike. However, in the cyber domain, you don’t strike in an attributable manner, yet you can cause havoc and that’s what's so concerning to me.
Without neutral vendors that can report threats like these they would become a massive concern I think. Just think about it, if a business is aligned with a local government it isn’t in their best interest to report a global cyber attack launched by that government.
How would you approach addressing these concerns?
Well, we keep doing what we do right now. It’s all about transparency, we aim to show that we have nothing to hide, we are open for any inspection, we also made it clear that as researchers we wouldn't be willing to work for a company that helps any offensive operations. Even if those offensive actions are being launched by a local government we remain neutral.
We still help law enforcement, of course, we still have ongoing respect for them. We also continue our conversations and work with governments around the world but we also understand they have their own agendas. We know they have their own plans and objectives, we respect them, but if they're caught by us in the middle of an operation it means they weren’t professional enough.
An example of this was when we published the names of some of the Russian hackers that meddled in the US elections.
We play by the rules and don’t actively hunt secrets but if we catch you then we have an obligation to let the victims know.