Last week I was at the Mobile Congress#MWC16in Barcelona and looked at a bunch of new products presented by different companies. One of the topics of the trip was safety. mobile payments. The lovely girls from Kaspersky Lab gave me 20 minutes of their senior antivirus expert Sergei Lozhkin, with whom I talked about a current topic. The conversation was very lively and interesting; I did not even expect that the topic would be so broad.
Sergey Lozhkin, senior antivirus expert at Kaspersky Lab
Sergey joined Kaspersky Lab in 2012. He currently conducts research in the following areas: cyber espionage, static and dynamic malware analysis, research into Undernet networks (such as TOR), social engineering, secure data exchange, exploit and anonymous network analysis, and cybercrime investigation.
Sergei graduated from the Omsk Academy of the Ministry of Internal Affairs of Russia. Before joining Kaspersky Lab, he investigated cybercrimes at the Ministry of Internal Affairs of the Russian Federation, and also worked for various companies as a penetration test specialist and virus analyst.
EK: How does the security of contactless payments differ from contact ones when a person uses a card? How dangerous is it to use a contact card?
– Of course, the technologies are very different. While we've been using credit cards for decades, contactless payments have just emerged. Of course, they are a little different, when they were making contactless technologies they were already starting to think about it. However, let’s take paypass technology as an example - it is practically not protected in any way - if you have a terminal and attach a card to a German card, then the money will be withdrawn in any case.
EK: Perhaps there is protection from the bank?
- Yes, I have.
EK: But the touch technology itself is not protected in any way? For example, a Tinkoff bank card (they recently made an application with payment, they offer to enter a PIN code to activate payment, that is, before payment - that is, first PIN - then touch.
– There is no such opportunity on the map, but there are slightly different protective technologies. Firstly, it is physically impossible to withdraw more than a certain amount; there are mandatory transfer limits for contactless transactions. But if everything in the chip is encrypted very strongly, with special algorithms that can only be accessed through a PIN code, then this particular piece is not protected. And theoretically, a person can open a legal entity, for example, register a payment terminal for it, and then go with it on the subway and touch people.
EK: You can register, for example, in Hong Kong, and go to Moscow.
– Theoretically, this is possible, but there will be a problem with withdrawing funds.
But these technologies will develop very strongly, the same NFC, there will no longer be a card but a built-in mobile wallet. Accordingly, the big problem here is the following: convenience and safety, because no one wants to put in something else and then insert something else. So far this cannot be solved using technology. Perhaps in the future there will be solutions, one of which could be biometrics - you touch the phone and at that moment you put your finger.
EK: Biometrics is already penetrating phones. At the Mobile Congress, all the top new products already have built-in sensors that work quite well.
– Nevertheless, all sensors can be fooled by making an artificial fingerprint (there are videos on YouTube). Biometrics are different, the retina will be the most effective. This is quite simple to do: recognition increases greatly with cameras. Of course not yet, but in the future, when the cameras will be high definition, you point the phone, press it, that’s it! And no problems. This will be it perfect protection. But we still see the magnetic strip as it worked and still works.
Viruses have appeared for POS terminals. There is no way to protect yourself from this either. If you go to a POS terminal in a store, you can’t protect yourself in any way - you give your card, they roll it and your data is already gone.
EK: Is someone else taking data at the same time?
– The virus simply takes information from the terminal’s memory, everything you enter, data credit card. It is quite possible that with the spread of contactless payments, a channel will appear into which new viruses will enter.
EK: What does the investigation process look like when, for example, money goes missing from a bank, given that they are reluctant to disclose information?
– Banks, yes, do not want to disclose this information, these are reputational risks, financial ones, etc. BUT, nevertheless, they really want to investigate such an incident, they are interested in how it happened so that it does not happen again in the future, and they really want to punish the attackers who are behind it. What banks do: first, they contact law enforcement agencies. Secondly, banks turn to private companies because at Laboratory K we have a service called incident investigation. They actually come to us, an agreement is signed with them, and our specialists come to the bank and begin to study the information. Everyone knows our expertise and therefore we often cooperate with law enforcement agencies. MV carries out examinations, examines infected computers and then this data is transferred to the authorities. The process goes like this: as soon as we understand that this is a new virus, for example, a new Trojan that has captured this bank, we begin to study it. We have such a system Kaspersky Security Network, which allows us to search for similar samples from our client banks. And if we see someone else having problems, We can come to them and say, guys, there’s some kind of problem going on here (many banks are our clients). There is another mechanism, when law enforcement agencies understand that the situation is in many banks, they themselves contact the management and offer inspections. But mostly banks come on their own, they approach companies willingly, they don’t want publicity.
EK: Are there any real cases where people who came up with a system for withdrawing money were detained? This is a rather complicated process - you need to initiate a case, find the victims, conduct an investigation, prove the involvement of the perpetrators...
- Yes, sure! People were detained. The simplest thing is to initiate a case; banks are willing to write statements. The most difficult thing is to find cybercriminals, they are very well encrypted, use servers in different countries. Law enforcement agencies in other countries do not always immediately provide access to servers; coordination of legal issues takes a lot of time. You need to get physical access to the server. And the authorities send him only after all approvals. Often everything happens within the framework of interpol, then the process speeds up. But nevertheless, the criminal has enough time to understand that it is time to leave, then he turns everything up and disappears forever!
But mostly there are arrests of “droppers”, those who came to withdraw cash from ATMs when the entire bank is infected and criminals have seized all the ATMs! Then the authorities begin to spin them so that they tell who is behind them. But in 95% of cases they (“drops”) themselves don’t really know anything.
Nevertheless, there were arrests of criminals, they happen every year
EK: How to protect yourself then?
A: If we talk about banks, then cybercriminals usually infect small banks, where security is very bad. Their main problem is low information literacy. To avoid this, it is necessary to pay attention to comprehensive security solutions. These are policies, audits, constant tracking of updates, security solutions, traffic analysis, personnel training, integrated security software. This is the protection of the computers themselves, the protection file system, these are different types of firewalls, these are mandatory control and protection of traffic.
In 2015, there were more than 24 million cyber attacks on websites and Information Systems authorities of Russia, said President Vladimir Putin, speaking on February 26 at the FSB board. The level of protection of state resources needs to be increased, the president believes. The number of cyber attacks is growing every year, says presidential press secretary Dmitry Peskov: these include attempts to disrupt work, intercept control and remove information. But the budget to fight them will not increase, he promises.
Forewarned is forearmed
The state security incident response center Gov-CERT has been operating in Russia since 2012, says an employee of this center. As government information systems continually grow, so does the number of incidents. But the number of attacks repelled thanks to Gov-CERT is also growing proportionally.
Most likely, cyber attacks mean attempts to guess passwords and unauthorized access to IT systems, virus infections, exploitation of known vulnerabilities, and emails with malicious attachments, says Ilya Sachkov, CEO of Group-IB (computer crime investigation). In his opinion, attackers can attack government IT systems for cyber espionage, as well as for propaganda or hooligan purposes. State resources are usually attacked for political purposes in order to obtain and disclose information or make the resource inaccessible, agrees Rustem Khairetdinov, deputy general director of InfoWatch (protection against information leaks).
According to Solar JSOC (Incident Response Center information security), in 2015 the total number of cyber attacks in Russia increased by 45%, attacks on government systems grew slightly faster than the commercial sector, says Igor Lyapunov, CEO of Solar Security (which develops information security systems). According to his observations, the number of cyber attacks on government systems is close to the 24 million that the president spoke about. Sachkov, Khairetdinov and Kaspersky Lab antivirus expert Sergey Lozhkin agree that the number of cyber attacks on the public sector is growing. He adds that Kaspersky Lab also notes the increasing sophistication of the methods used by cybercriminals. Technically, these attacks are no different from attacks on the commercial sector, Lozhkin says.
In the fourth quarter of 2015, 41.2% of all attacks (not only on government, but also on commercial systems) occurred on web applications, 28.3% were attempts to compromise accounts, follows from Solar JSOC materials.
In the government segment, as well as in the commercial sector, the number of successful DDoS attacks is decreasing, notes Sachkov, but predicts that by the Duma elections in September 2016, their number will increase again: these will be attacks on the media, blogs, and websites of competitors. Khairetdinov does not agree that the number of DDoS attacks is decreasing: according to the company Qrator Labs (which deals with protection against such attacks), in 2015 their number doubled.
To combat cyber attacks, it is necessary, first of all, to build attack monitoring systems and exchange information on cyber threats, Lyapunov believes. It is no longer enough to install standard means protection (such as antivirus) and wait for the result, Khairetdinov is sure. In his opinion, it is necessary to eliminate vulnerabilities of standard software, since information about them appears quickly. Khairetdinov also notes the insufficient qualifications of the security services of government institutions. He advises purchasing security kits from different vendors. Lozhkin from Kaspersky Lab also advises training staff, updating resources and creating a comprehensive protection system.
Kaspersky Lab antivirus expert Sergey Lozhkin told The Village how hackers can stop elevators in offices, play a porn video on a billboard or block the operation of video cameras
- Olesya Shmagun January 17, 2014
- 3863
- 2
Police in the Moscow region are still unable to restore the operation of video cameras infected with the virus to record violations. According to Gazeta.Ru, despite official statements by the traffic police press service, about 20 cameras out of 140 are still not working: let us recall that on January 11, unknown hackers disabled almost the entire video recording system in the Moscow region. The Village spoke with a Kaspersky Lab antivirus expert about how the city's computer systems work and how they can be hacked.
Sergey Lozhkin
Antivirus expert at Kaspersky Lab
Now everything is controlled using an electronic code - from smart homes and offices, where computers control the entire infrastructure, air conditioning systems and automatic dimming of windows depending on the light level, and ending with the transport structures of cities - traffic, water supply facilities and so on.
But any computer, no matter where it is located - in your bedroom or in a traffic control center -
There is one problem: it may be infected with malware. After all, the difference between a home computer and a computer that controls cameras is only in the set of programs. If simple user this is an Internet browser, office programs or games, then the network administrator who controls the cameras has special interfaces for control, configuration, and recording.
Otherwise it is the same computer with operating system, and if he is poorly protected, then he can just as easily become a victim of a virus as home laptop, but, unfortunately, the consequences can be much more severe.
When developing computerized urban infrastructure management systems, the creators first of all think about making the system stable, operational under any load, 24 hours a day in any weather. And, unfortunately, they often do not pay enough attention to network security. Such systems may be managed by outdated operating systems with unupdated software versions, and often there is no antivirus at all.
We constantly tell our users - update software, use latest versions browser, this will help you protect yourself from infection. The same approach is required for industrial systems. Cybercriminals are well aware of the dangers of outdated software and are constantly looking for vulnerabilities in it. The malware they develop can exploit these vulnerabilities for hacking and infiltration. Malware can spread on the Internet through social networks, messaging programs, they record themselves on flash cards and even penetrate into Cell phones. Therefore, now even resources isolated from the Internet may be under threat.
The active activity of hackers leads to the fact that we are witnessing more and more frequent hacking of industrial systems. We remember the story of the broadcast of pornography on an advertising video screen on Tverskaya. Such cases occur especially often in the USA, since many facilities are managed there computer systems. For example, a story received great publicity when power supply management systems were hacked and an entire area of the city was left without power. There is also a known case where a smart office was hacked: hackers blocked the operation of elevators, and people could not get out of them for several hours.
Terrorists may also try to carry out cyberattacks. If they hire cybercriminals to attack a critical government infrastructure or transportation system, the consequences could be catastrophic. But so far, fortunately, we have not encountered such cases on a global scale. In addition, truly important government facilities are protected much better than the video recording systems of traffic police cameras.
About the realism of what happens on the screen
Leading antivirus expert at Kaspersky Lab
“All previous films about “hackers,” in the opinion of a specialist, looked rather ridiculous and fun. Incomprehensible symbols running across the screen, three-dimensional spectacular schemes and various “hacking special effects” - all this looks interesting to the average person, but to a security specialist - one who knows how this actually happens - it only causes a condescending smile. But in the series “Mr.Robot” everything is shown surprisingly believably, software, methods, commands - almost everything is as in real life with the exception of some flaws, and, perhaps, there is still an element of excessive simplicity with which the main character manages to penetrate the network. Surprisingly, there were almost no overtly naive scenes, only the hacking and obtaining information happened too quickly - in reality it all took much longer. Well, probably too weak information security in such a serious corporation. It’s not that easy to harass or hack a company of this size.”
Chief antivirus expert at Kaspersky Lab
“From the point of view of information security experts, so far the film has placed too much emphasis on DDoS attacks, although in practice this type of activity is mainly carried out by unprofessional cybercriminals. Real specialists who hack corporate networks do not favor DDoS.”
Photo: USA Network
About the incomprehensible terminology in the series
For target audience this series, terms such as Tor, DDoS attack, etc. are certainly familiar. Still, those who are interested in this series are quite advanced users.
At the same time, we should not forget that for a wide audience the terms are still not so important. Imagine any film where they talk about the work of doctors, even the same “Dr. House”. How many viewers, even after the series, know what lupus or intubation is? This does not affect popularity and watchability.”
Photo: USA Network
On the role of social networks in the work of hackers
Collecting data about a person on social networks can be very effective for carrying out subsequent attacks, for example, using elements social engineering. It is possible to draw up a sociological, and perhaps even a psychological, portrait of a person, his friends, hobbies, etc. and, based on this information, send an email with a malicious attachment that will not arouse his suspicions and which he will actually launch.
Suffice it to recall the information from Edward Snowden’s materials, which describes how the American security system created by the intelligence services is based on data from social networks. In fact, for the state today this is the most important source of information about any person.
Photo: USA Network
About the hacker subculture
Now, there are probably no signs of a hacker subculture as such. A real hacker can have any appearance, be an adherent of any styles, musical trends, etc. Modern hackers are mainly interested exclusively in money, so you will no longer find a romantic aura, boxes of pizza and dimly lit rooms with several computers somewhere in the basement. The only thing that perhaps still unites lone hackers is anti-globalism.
Photo: USA Network
About the danger of hacker groups in real life
It all depends on who is carrying out the attack. If this is a simple hooligan, a teenager, a fraudster, then he is unlikely to be able to hack into a seriously protected network. “Anonymous” and other hacktivists, as we call them, are not that scary or professional in terms of their skills. Such groups mainly take advantage of their large numbers, but there are only a few really cool specialists with unique knowledge among them. It’s another matter if cyber mercenary units or state intelligence services are behind the attack, then such attacks can be successful in most cases.
Many critical systems on the Internet are indeed weakly protected or based on poor security principles. The implementation of cyber attacks that can paralyze the work of financial markets or elements of transport infrastructure is quite possible - moreover, various incidents (so far without serious consequences) have already occurred. The worst case scenario is that we return to the age of steam engines and horses.
About why “Mr. Robot” is perhaps the main series of this summer. Apparently, we are not the only ones who think so. Leading specialists Kaspersky Lab, Sergey Lozhkin, Alexander Gostev and Sergey Golovanov talk about why Mister Robot is so interesting and why you shouldn’t worry about hundreds of schoolchildren becoming hackers after watching this series.
About the realism of what is happening
on the screen
Sergey Lozhkin, leading antivirus expert at Kaspersky Lab:
All previous films about “hackers”, in my opinion, looked rather ridiculous and fun. Incomprehensible symbols running across the screen, three-dimensional spectacular schemes and various “hacking special effects” - all this looks interesting to the average person, but to a security specialist - one who knows how this actually happens - it only causes a condescending smile. But in the series "Mr. Robot" everything is shown surprisingly believably, the software, methods, commands - almost everything is like in real life with the exception of some flaws, and, perhaps, there is still an element of excessive simplicity with which the main character manages to penetrate into networks.
Surprisingly, there were almost no overtly naive scenes, only the hacking and obtaining information happened too quickly - in reality it all took much longer.
Well, and probably too weak information protection in such a serious corporation. It’s not that easy to smuggle or hack a company of this size.
Alexander Gostev, chief antivirus expert at Kaspersky Lab:
From the point of view of information security experts, so far the film has placed too much emphasis on DDoS attacks, although in practice this type of activity is mainly carried out by unprofessional cybercriminals. Real specialists who hack corporate networks do not favor DDoS.
Sergey Golovanov, leading antivirus expert at Kaspersky Lab:
There really aren't any of those typical Hollywood tricks, like projecting formulas onto the hero's face as he enters a code and hacks something. Everything is like in real life. Elliott does bring in existing commands. Even in the first episode, when he carries out a DDoS attack, everything is shown correctly. It really works like this: a rootkit is discovered on the server (a rootkit is a set of malicious applications that hide their presence on the computer and allow the hacker to do their business unnoticed), it needs to be found and destroyed.
In real life, attackers rarely leave messages in the code of the Trojan itself. But I even remember one Trojan containing Shakespeare quotes.
A very realistic situation is shown when the main character, instead of destroying a rootkit, creates chmod (a program for changing access rights to files and directories) and says that he is the only one who can read it. In addition, in addition to the Trojan, it is left with a readme.txt file. In real life, attackers rarely leave messages in the code of the Trojan itself. But I even remember one Trojan containing Shakespeare quotes.
About unclear terminology
Sergey Lozhkin: For the target audience of this series, terms such as Tor, DDoS attack and the like are certainly familiar. Still, those who are interested in this series are quite advanced users.
Alexander Gostev: At the same time, we should not forget that for a wide audience the terms are still not so important. Imagine any film where they talk about the work of doctors, even the same “Dr. House”. How many viewers, even after the series, know what lupus or intubation is? This does not affect popularity and watchability.”
Why people are interested in this
Sergey Golovanov: When I found out that a new series about hackers had been released, I was not at all interested. Honestly, for me, Game of Thrones is the only series worth watching. But one day I accidentally came across “Mr. Robot” and decided to watch it anyway. I didn’t expect to see something extraordinary, but I have to admit, I was surprised, first of all, by the realism.
The creators used several win-win techniques: schizophrenia, as in “Fight Club,” autistic hackers and the outside world, as in “The Girl with the Dragon Tattoo,” and the main character who opposes the entire society and “men in black,” which is reminiscent of “The Matrix.” "
Immediately after the pilot screening, a second season was announced, which indicates great interest in this topic. Why? Perhaps because he talks about what surrounds us every day. As for hacking methods, everything is shown absolutely reliably. The main character successfully uses social engineering, hacks electronic mailboxes and social media profiles of a psychoanalyst, his classmate and her boyfriend. The latter even uses the password "123456Seven", and when Elliot discovers this, he perceives him as a complete fool. Sometimes the series can be used as a textbook on what not to do.
On the role of social networks in the work of hackers
Sergey Lozhkin: Collecting data about a person on social networks can be very effective for carrying out subsequent attacks, for example, using elements of social engineering. It is possible to draw up a sociological, and perhaps even a psychological, portrait of a person, his friends, hobbies, etc. and, based on this information, send an email with a malicious attachment that will not arouse his suspicions and which he will actually launch.
Alexander Gostev: Suffice it to recall the information from Edward Snowden’s materials, which describes how much the American security system created by the intelligence services is based on data from social networks. In fact, for the state today this is the most important source of information about any person.
About the hacker subculture
Sergey Lozhkin: Now, there are probably no signs of a hacker subculture as such. A real hacker can have any appearance, be an adherent of any styles, musical trends, etc. Modern hackers are mainly interested exclusively in money, so you will no longer find a romantic aura, boxes of pizza and dimly lit rooms with several computers somewhere in the basement. The only thing that perhaps still unites lone hackers is anti-globalism.
About the danger of hacker groups in real life
Sergey Lozhkin: It all depends on who is carrying out the attack. If this is a simple hooligan, a teenager, a fraudster, then he is unlikely to be able to hack into a seriously protected network. “Anonymous” and other hacktivists, as we call them, are not that scary or professional in terms of their skills. Such groups mainly take advantage of their large numbers, but there are only a few really cool specialists with unique knowledge among them. It’s another matter if cyber mercenary units or state intelligence services are behind the attack, then such attacks can be successful in most cases.
Alexander Gostev: Many critical systems on the Internet are indeed weakly protected or based on poor security principles. The implementation of cyber attacks that can paralyze the work of financial markets or elements of transport infrastructure is quite possible - moreover, various incidents (so far without serious consequences) have already occurred. The worst case scenario is that we return to the age of steam engines and horses.
Sergey Golovanov: Regarding the fears that after this popular series a whole crowd of inspired teenagers will go hacking large companies, I will say that corporations are able to protect themselves from amateurs. Of course, there are a few gifted geniuses like Elliot, but they are so disconnected from the rest of the world that it is unlikely that a show on TV can influence their worldview. But schoolchildren can start installing Linux, learn to work in terminals, and study social engineering methods. All this can be for the better: a generation of information defenders grows up on such series.
Read us at
Telegram