Tag Archives: Russia

Kaspersky and Symantec Kicked Out of China – For a Reason

The great cyber triangle of US-Russia-China seems to be shaping up in a definitive way. For a while China was technologically and skill-wise behind the US and Russia, the two early leaders in cyberspace, but it’s catching up, and fast.

It was announced last week that Kaspersky Lab and Symantec have been taken off the list of approved vendors in China’s government cybersecurity software market.  Reuters recently reported one example: http://www.reuters.com/article/2014/08/03/us-china-software-ban-idUSKBN0G30QH20140803

Traditionally very polite, the Chinese did not cyberwhine, did not make any fuss, did not lay any blame, but simply took the pair off the list. Some Western and Russian analysts were very quick to assume and announce  that this was a trade protectionist move to favor China’s national cybersecurity companies. That’s definitely wrong. If that were true, China would bar foreign companies from the country altogether – their private market is huge and very profitable. But they didn’t; they specifically only addressed their government cyberspace security. Apparently Chinese cyber experts found some extracurricular activities in products from both companies, which is not terribly surprising. Furthermore, they probably realized that detecting all the malware in modern software is practically impossible, and correctly decided to keep the foreign security well-wishers away, at least from their government.

The Chinese perception of individual privacy is different from the Western, and they don’t seem to be very concerned about the privacy of the regular common users, at least currently. However, they will probably watch Kaspersky’s and Symantec’s products sold to the Chinese private sector very carefully from now on. If they detect any sizeable collection of data from customers’ computers they will probably bar Kaspersky, Symantec, or both from doing business in China altogether.

The great cyber triangle is definitely becoming more and more equilateral. Interestingly, for the first time that I can recall, China is taking the lead in a trend that is logical and most likely to continue.

Kaspersky’s Intelligent Move

The latest move by Kaspersky Lab is definitely intelligent, perhaps a little too intelligent.

Computer security vendors are beginning to offer integrated cross-platform security for Windows, Mac and Android devices, with Kaspersky Lab leading the pack with its Internet Security—Multi Device 2015. At first glance it looks like déjà vu, as good or as bad malware protection as any other on the market. However, Kaspersky’s has a new feature — it protects all the devices you own, up to five of them. Convenient.

Initial reviews are good: http://www.pcworld.com/article/2459156/kaspersky-internet-security-2015-multi-device-review-new-interface-same-excellent-protection.html

From a business standpoint this makes perfect sense – uncluttering  the security arrangements of your devices and bringing security to one simple point. This should upend the competition that is selling long lines of unrelated programs.

However, there‘s another angle here. The simple truth is that a security system for your computer takes over your computer, whether you like it or not. So when you have a bunch of different security products, each one of them controls only the device for which it is intended.

One of the most reliable means of accessing all data in a computer is via its security system. But, with some technical exceptions, the ultimate targets of most security or intelligence organizations are people, not their computers per se. This means that if someone wants all your data on all your devices, and chooses to do so via your security system, he has to have control of all your security systems. Not too difficult, but certainly cumbersome in a large-scale outfit. Inconvenient.

Here comes a great innovation: one-stop shopping for  all your data – an integrated security system for all your devices. All your data can be obtained via a single security system. Convenient.

It’s not a big secret that Kaspersky Lab has cozy relations with the Russian Government and thus is a valuable resource for the latter. There was a lot of debate related to Kaspersky Lab and their relations to the Russian Government, someone even suggested once that they have a lot of customers and just one client.

I’d prefer to leave that to the reader’s judgment, but simply caution that in any case integrating all your devices via one security system makes you an easier cyber prey, and may be unwise, Kaspersky or not.

 

Why do Russia and China not cyberwhine?

Usually in my posts I try to provide answers. This time I can only manage a question, but it’s an interesting one.

We constantly hear complaints, if not outright whines, about the US being attacked in cyberspace, either by China or Russia. We’ve gotten used to these attacks, and our response is becoming more and more like “what else is news?”

But there’s an interesting angle here: in the more-or-less symmetrical US-Russia-China great cyber triangle we rarely if ever hear about Chinese or Russians being hacked. Is it that they are not being attacked? Not at all. For example, recently Russia detected a five-fold increase in powerful DDoS attacks over the last year, the longest one lasting ninety days. That one was by any standard a major cyber security event. Was it a big media deal in Russia? Not really– it was barely mentioned.

Initially I thought this difference was mainly a cultural thing. In Russia boys grow up in a culture where if you’re beaten up, you don’t cry “Mommy, he hit me!”, and for sure you don’t complain to teachers or the police. Just heal your bruises and learn to defend yourself. I believe that in China the culture in this respect is somewhat similar. The reaction to cyber attacks on the US is just the opposite. Instead of developing a really effective technology of cyber defense and immediate counterattack, we whine loudly time after time and waste our credibility with vague threats, when everyone knows there will be no real response.

However, cultural difference is probably not the reason for Russia’s and China’s  mute response. As an example of the opposite response, we can recall frequent border disputes between Russia and China in 1960s (over the areas where nobody was present for many miles except a few occasional border guards). During those clashes there were extensive media coverage on both sides, with many diplomatic notes saying something like “This is the 104th serious warning.”

So, the question remains: compared to our constant whining, what is the reason for the very muted Russian and Chinese responses to cyber attacks?

“Russian Hackers” brand

The media constantly speculate about what “Russian hackers” are doing against Western targets. Publications such as The New York Times are increasingly concerned about “Russian hackers” in the energy and financial sectors in particular:

http://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html?nlid=58721173&src=recpb

http://bits.blogs.nytimes.com/2014/07/07/russian-arrested-in-guam-on-array-of-u-s-hacking-charges/

The term “Russian hackers” needs some clarification. Cyber operations in Russia are conducted by numerous entities with vastly different objectives, resources,  and constraints.

At least one distinct Russian military entity is tasked with infiltrating the critical infrastructure of potential adversaries, planting electronic/cyber bombs that can be activated when ordered, with a devastating result that would only be surpassed by a massive nuclear strike. This activity has been successfully carried out against the US for decades, and several generations of this malware are now sitting all over our critical infrastructure. Top American experts have deemed it practically impossible to detect and eliminate this malware. Welcome to the real world.

Totally different tasks are assigned to other Russian government entities. Acquiring technical/technological intelligence has been a traditional Russian favorite, and has become significantly more aggressive with the opportunities presented by cyberspace. This kind of  intelligence can save a lot of research money, effort and time while providing solutions with minimal delays. In the energy sector this is particularly significant for gaining competitive advantage  in world energy markets. The results are easy to coordinate since most of the Russian energy companies are government-controlled, which gives a great advantage to companies like Gasprom.

The financial sector offers a different kind of target. It attracts the concentrated attention of a wide variety of Russian hacking entities. This sector is simultaneously a part of our critical infrastructure, a vital resource for successful financial investment strategies for the vast amounts of various types of Russian money in the West (and East), and also a practically unlimited source of money to steal with little chance of being caught. Consequently, this industry is under attack from  all sorts of hackers: government, corporate, and private entrepreneurial.

This brief breakdown shows why so-called “Russian hackers” should be differentiated, and as a phenomenon it is certainly not unique to Russia. The players involved differ vastly in size, resources, sophistication and risk tolerance. Taking these differences into account enable us to better understand the nature, origin, and objective of Russian cyber attacks.