itb-au logo
Story image

Exclusive: The white hat hackers making sure your internet stays safe

Recently IT Brief had the opportunity to sit down with Vitaly Kamluk, the Director of Kaspersky’s GReAT team. We discussed the current state of cyber security as well as the future of the internet.

To start off with can you tell me a bit more about GReAT & what it is you do? 

Well, GReAT is a team that Eugene decided to create when he anticipated that big changes were coming, this was 2008, a time before APT attacks were a thing. No one knew about targeted attacks but Eugene felt that something was coming from the nation states we probably detected it but we just didn't know where it lies and what it really does.

So he had this idea to start a team called GReAT focusing on the most sophisticated threats and that was quite interesting to me because I like harder tasks, that’s how I got involved with the team. 

Our goal is to secure the internet, help solve global problems and apprehend sophisticated threats which are hard to analyse and require close attention.

Let's talk a bit about targeted attacks, what sets them apart from regular Cyber attacks? Why are they so dangerous? 

Well they're harder to to discover and that's on purpose, when we dealt with cyber criminals before 2010 we were used to the idea that criminals and attackers will try to spread malware as wide as possible, so every infection they could monetise and convert into money, however, with targeted attacks that isn’t the case. 

With targeted attacks, criminals didn’t hit too many targets instead launched precise attacks on purpose because they want to stay below the radar.

The initial objective was also different for them when you infect many computers you can monetise, so the purpose was money, however, the targeted attacks started in order to get intelligence information.

It originated from nation states and a lot of attacks still come from these states, they don't steal to gain financial profit, they do it to gain information and a strategic advantage over victims like geopolitical intelligence or military plans.

So when it comes to discovering these threats how do you go about it?

Well, we’re looking for anomalies, something that stands out, something that helps you pick up the first trace. Once the first trace is discovered we try to pull the strings that are attached, there are technologies that help you do this, and then of course mistakes made by the attackers,  sometimes their algorithms can be can be wrong and this is what we can leverage.

Basically, we are looking for ways to exploit their mistakes which helps us to discover more and more files related to the incident. In the end, we share all this knowledge with either the general public, our subscribers or customers that want to consume this type of information. Sometimes we find that sharing the information with the general public gives criminals time to fix their mistakes or disappear. 

When we talk about the future of the internet what are some of the most concerning trends you see? 

Well, we’ll probably become blind to certain offensive threats. So something that was coined as a cyber war, in my opinion, has an invisible nature. Cyber espionage is just one part of it. It's just reconnaissance its part of any military action, you do the reconnaissance and then you strike. However, in the cyber domain, you don’t strike in an attributable manner, yet you can cause havoc and that’s what's so concerning to me. 

Without neutral vendors that can report threats like these they would become a massive concern I think. Just think about it, if a business is aligned with a local government it isn’t in their best interest to report a global cyber attack launched by that government. 

How would you approach addressing these concerns?

Well, we keep doing what we do right now. It’s all about transparency, we aim to show that we have nothing to hide, we are open for any inspection, we also made it clear that as researchers we wouldn't be willing to work for a company that helps any offensive operations. Even if those offensive actions are being launched by a local government we remain neutral. 

We still help law enforcement, of course, we still have ongoing respect for them. We also continue our conversations and work with governments around the world but we also understand they have their own agendas. We know they have their own plans and objectives, we respect them, but if they're caught by us in the middle of an operation it means they weren’t professional enough. 

An example of this was when we published the names of some of the Russian hackers that meddled in the US elections. 

We play by the rules and don’t actively hunt secrets but if we catch you then we have an obligation to let the victims know. 

Story image
Artificial intelligence felt in everything we do - report
Artificial intelligence and machine learning have moved from the backrooms of computer science into the mainstreamMore
Story image
Four reasons why application delivery is critical to DevOps
Selecting an application delivery solution that maximises automation and integrates into an existing DevOps environment is critical, writes Radware senior security solutions architect for APAC Yaniv Hoffman.More
Link image
What you should consider when choosing a cloud communications solution
Businesses must choose a communications solution with DNA rooted in the benefits of a true cloud offering, which includes microservices and a wide distribution of active data centres.More
Story image
The technology trends shaping automation in 2021
Companies have more automation options now than ever before. But understanding these options, how they relate and knowing how best to connect and orchestrate them across the entire organisation is essential to getting automation right.More
Story image
Men more likely than woman to join a tech start up - study
"With the pandemic creating a new wave of entrepreneurism and the launch of exciting startups, now is the time for these companies to be ambitious and attract tech talent to their organisations."More
Story image
Video: 10 Minute IT Jams - Who is Logmore?
Logmore is a Finnish company specialising in shipment condition monitoring using an in-house cloud service and QR code tags. With its specialisation in temperature monitoring for food and pharmaceuticals, the company is keeping busy with COVID-19 vaccine shipments.More