Sergey Lozhkin: “Russian-speaking hackers appeared in the 90s when the economy was in a very bad state”
The antivirus expert at Kaspersky Laboratory about secret cyberwars, zero-day vulnerabilities and IT Robin Hoods
Are great and horrible Russian hackers a myth or reality? What provoked the appearance of the first cybercriminals in Russia? Can foreign groups of hackers claim themselves to be Russian for political reasons? Head antivirus expert at Kaspersky Laboratory Sergey Lozhkin answers these and other questions.
“The number of attacks is quite big”
A bill on the sovereign Internet in Russia has recently been adopted, and, as you perfectly know, this document became a reply to the US cybersecurity strategy, which is about the punishment that Russia should receive for hacking. I decided to start the conversation with this topic and ask you to talk about our guys, the “horrible Russian hackers”. Is this anyway a myth or reality?
It’s really a good question and a good topic for discussion. You called them “guys” with love, while I, first of all, would call them malefactors, and nationality has nothing to do here. Undoubtedly, any hacker has a nationality, and each of them is born in a certain country, and the cyberspace doesn’t have borders. The expert community for security divides them into Russian-speaking, English-speaking, Arabic-speaking and so on but never claim it’s, for instance, “Russian hackers”.
It’s nearly impossible to identify the nationality, it’s possible to detect when analysing the code that the malefactors speak the Russian language and communicate on Russian-speaking underground forums.
It has long been accepted in the world that Russian-speaking hackers are very strong and attack almost everyone. This has foundation. A big number of malware and attacks are really created by Russian-speaking hackers. There is plenty of Russian-speaking forums in the dark web for cybercriminals where different methods of attacks and circumvention of antivirus systems are discussed, and where malware is sold and purchased. Actually, the number of attacks made by such groups is quite big.
“It has long been accepted in the world that Russian-speaking hackers are very strong and attack almost everyone. This has foundation. A big number of spyware and attacks are really created by Russian-speaking hackers.” Photo: Oleg Tikhonov
How can this be explained? Is it associated with our strong maths school?
Russian-speaking hackers appeared in the 90s, the time when the economy was in a very bad state. Consequently, lots of really bright minds who still had good Soviet maths education paid attention to the “dark” side. It was when malware appeared aimed at theft and financial enrichment, not a demonstration of their own skills.
All this went on, and many hackers now, as strange as it might sound, justify themselves saying they don’t attack the poor or citizens of Russia/CIS countries, like they attack Europeans, Americans considering themselves Robin Hoods. In my opinion, it’s a very stupid justification.
You said that some signs can suggest if Russian-speaking or English-speaking hackers worked. Is it possible to make it look like some group for mercenary reasons?
Of course, and this is a common thing now. In Kaspersky Laboratory, we very carefully deal with attribution and don’t rush to say: “This attack was made by Russian-speaking hackers, and this one was by English-speaking”. The case is that it has been much harder to identify them in the last couple of years, as many groups working for governments of some countries deliberately try to leave certain artefacts in the code, imitate in order to make analysts believe the attack was made by a group from another country. Now everything has mixed very much, everyone is trying to frame each other pursuing certain goals, this is why attribution has become a very complicated issue.
“Speaking about import substitution in general, the supporting measure when foreign software isn’t prohibited but Russian developments are given a priority when choosing is quite sensible. The most important thing is that the chosen solutions can provide security at a due level.” Photo: Oleg Tikhonov
“People realised that cybercriminals really existed”
Has humankind got another site for military actions, i.e. the Internet?
This is called a cyberwar. Such wars have already been happening for several years, moreover, everything is done very secretly, therefore not everyone sees their real scale. There is a huge number of ways of conducting them, including different methods of cyberespionage, virus infection and the use of zero-day vulnerabilities.
Hence the security provision issue. A variety of corresponding laws were adopted in Russia, we set a course for import substitution in software and so on. Do you think these measures are effective in the situation when real cyberwars take place?
At Kaspersky Laboratory, we deal with only the practical aspect of cybersecurity. Speaking about import substitution in general, the supporting measure when foreign software isn’t prohibited but Russian developments are given a priority when choosing is quite sensible. The most important thing is that the chosen solutions can provide security at a due level. In my opinion, it’s also important that state structures have practitioner specialists as members of staff who protect the information environment who will introduce methods and technologies from hardware to protection software. We should understand that isolation isn’t panacea. If we isolate a segment of the Net, this doesn’t guarantee there won’t be an infection. For this reason, first of all, practical actions are needed, including to improve the level of cyberliteracy of employees in IT subdivisions, new developments and new methods.
However, the fact that the law On Security of Critical Information Infrastructure came into force in 2018 is crucial.
“The information environment of a modern-day person might have nothing to do with IT, but, still, it keeps him in suspense. Though we should distinguish the younger generation that uses gadgets a lot and the older generation who have less necessary knowledge.” Photo: Oleg Tikhonov
We’re talking about states and wars but somehow forget about ordinary users’ information security and threats to them from some smart homes and so on.
Fortunately, we haven’t so far reached the moment when the use of smart home could pose a threat to someone’s life – there haven’t been such cases in practice yet. But we should start thinking about the security of these systems today. Unfortunately, the user himself can’t do much in fact, as the whole load regarding security of such systems falls only on the developer. For instance, a smart car. Modern car is a variety of absolutely autonomous computers making a huge number of decisions. By the way, serious and quite interesting research was done several years ago: specialists tried to remotely take control of a car, and they did it. Generally speaking, developers used to, first of all, think of how to make a car as reliable and comfortable as possible. It gladdens that producers have invested in cybersecurity of such smart devices from cars to smart homes and the industrial Internet of Things in the last years. I think this trend will develop further in geometric progression.
Do you think that our society has a culture of cyberprotection? Or is it time to change the mentality?
The mentality should also change, but compared to the situation five years ago when everything really bad, the improvements are obvious. People realised that cybercriminals really existed: every day we see the news that someone was hacked, robbed, information was destroyed somewhere, some data leaked and so on. The information environment of a modern-day person might have nothing to do with IT, but, still, it keeps him in suspense. Though we should distinguish the younger generation that uses gadgets a lot and the older generation that has the necessary knowledge to a lesser extent – this part of the population, of course, should be taught.