Nota Bene

In this post there’ll be a lot more photos than there are words. First up – photos of the route to Chulyshman ->

We got there in a small convoy of sturdy vehicles, supplied by the Altai-Guide tourist agency (which we helped with an expedition to Chukotka a while back; the stickers on the vehicles are those left over from then).

Read on…

Lake Teletskoye fills you with rapturous joy. Its vastness, its fiord-like vistas, and of course Altai’s mysterious… vibes. Bit more info re these mysterious vibes, btw: They’re not only magically calming-soothing and encourage you to go full-on meditative “we’re-all-one, there’s-only-now”; for some reason they also… keep you from sleeping! I reckon it must be that the part of the brain that’s responsible for all the deep and philosophically pensive activity simply doesn’t permit the rest of brain any room to maneuver: it kinda just hogs all the resources, much like a very old computer antivirus ).

The lake was calm and even-surfaced when we were there, with occasional odd ripples catching the sun (to fairly blind you:). The views all around – aaaaah (if you’re eyesight’s not shot:).

Read on…

I think I’ve mentioned in passing recently – perhaps more than once – that I took my annual summer vacation this year in Altai. But it’s mid-September already – and still no Altai series of pics and tales? Eh? But don’t worry, it’s on its way – coming up soon. The thing is, there are soooo many photos this year, and so much video too that needs professional digital editing. Still, I am today able to at least give you my traditional taster, aka, starter course, aka aperitif, as a warm-up…

First, I can tell you – no, repeat to you, since I’ve been to Altai before, and even wrote a travelogue-book about the experience – that Altai is one of the most magically enrapturing places in the planet, IMHO. It’s crammed with: marvelous mountainous beauty, rivers with water of various bright colors, glacial lakes, and assorted other extraordinarily beautiful natural landscapes. But what’s perhaps most extraordinary of all is the fact that the place has a mysterious, powerful… energy, which you almost start to feel physically after several days there. I don’t know what it is; it must be some kind of magic force that’s emitted out of the Altai earth. What I do know is that it affects how you feel: better overall; experiences and sensations are brighter, richer, more intense; and your mood is always fairly cloud-nine! And the wildlife there is similarly other-worldly: ants are huge – the size of cockroaches; mushrooms grow to the size of watermelons; while the region’s mosquitos… – you might expect them to be similarly crazy and mutant-ninja, but no – they’re not interested in humans, leaving them practically completely alone! EH?!

So yeah: Altai: oh my, oh my. Natural, wild beauty redefined!

Read on…

A few days ago, a momentous, landmark event took place. It was in a seaside city – a ‘regular’ one, where it gets dark of a night (unlike others I can think of:) ->

The momentous event was – drum roll, cymbal…….. our first post-quarantine conference! In sunny ~Sochi!

And here’s my first post-quarantine event badge! ->

View this post on Instagram

Первый "пост-карантинный" бэджик! Причём с нашей конференции по промышленной кибербезопасности в Сочи. Считаю это – знак :) —8<— My first after-lockdown business badge. This one is from our recent conference on industrial cybersecurity in Sochi. I guess this is a sign :)

A post shared by Eugene Kaspersky ⚕️ (@e_kaspersky) on Sep 7, 2020 at 10:53am PDT

And I don’t mean a Zoomified online affair either. I mean the real thing: offline, in person, handshakes fist-bumps and all! It nearly didn’t happen: we discussed and debated it at K-HQ, and in the end we took a vote, and the vote said ‘yeh, let’s do it!’ And that meant: sticking to the yearly schedule and sticking to our usual format: (i) in a nice location (preferably a resort); (ii) in a nice hotel; and (iii) with lots of space available (or not far away) – including a good lawn or similar space needed to house an appendaged exhibition, and also to handle the immodest evenings’ shenanigans cultural program ).

And, as I like to say, ‘we said we’d do it; and we did it!’

First – a few proviso…

Technically, the conference took place in Adler, which is kind of next-door to Sochi (still an hour’s drive, mind (given the traffic)) (it’s actually one of Sochi’s districts), while the evenings’ entertainments took place in Sochi.

Second – a clarification: why Sochi (Adler)? Well, venues for large, multi-faceted conferences such as this one of ours aren’t chosen a week or a month beforehand. It’s more like several months. Longer for somewhere like Sochi, in peak season: everything needs to be booked with strict terms and conditions applied more than a year beforehand. Thus, around a year ago, we did book everything. That was before corona. Then everything was put on hold (as much of the world’s business was put on hold) for six months. Then there was the fact Russia’s borders are still somewhat closed… In short – given some easing of the lockdown restrictions on movement, we figured we should keep to the plan and have the conference in Sochi.

And the name of the conference? The Kaspersky Industrial Cybersecurity Conference 2020, which was our eighth annual industrial conference. Yes – that means we’ve been putting on shows like this since 2013 (though we started moving and shaking in cybersecurity for industry much earlier). And this year was the third time our industrial conference was held in Sochi. The previous one was last year’s, during my second visit to the Black Sea coast in 2019 (I’ll have to introduce a new ‘Sochi’ tag ).

Of course, due to corona, there were quite a few changes needed to the usual format. The main one being that this was our first ever hybrid – online-offline – conference. Offline, we had around 100 audience guests in the hall (of course all masked-up and socially distancing), while online we were joined by more than 400 audience members – something that’s already become the norm for us. While up on stage we had presentations and talks from 20+ experts – including representatives from respected big names like Siemens and Emerson, international organizations (UNIDO), and high-profile regulators (without whom, when it comes to all things industrial, you might as well not bother).

Interesting? All right – let’s have a look…

This is the micro-exhibition of our friends and partners showcasing solutions for saving complex industrial systems from cyber-evil:

A few examples of what was on show:

✅ Two data transfer gateways working on our immune operating system and tuned for various industrial and urban-and-household needs. In just three years these projects have gone from mere concepts to a dozen pilot projects, including among Russian industrial giants.

✅ Demonstrated for the first time were solutions already in operation created with use of data transferred via gateways – a localized Siemens solution, OEE, which is a monitor and online platform for measuring overall equipment effectiveness. // Which is of particular interest to various kinds of industrial companies that are forming orderly lines heading in the direction of the Industrial Revolution 4.0, where connection of manufacturing objects to the internet is simply mandatory for further increasing effectiveness of business.

✅ Aprotech (a joint venture between us and ITELMA Group) presented a prototype that measured… the level of alcoholic steam emitted from our guests! The readings can go from ‘has been as sober as a judge for at least a week’, to ‘downed several cocktails in the last few hours and now demands a sing-song’! Or something like that ). All rather fun, but the practical applications can be serious: drink-driving is a terrible thing, and accurate measurements are exactly what’s needed in policing/testing; while guaranteeing the security of the collection and analysis of all kinds of epidemiological data is also exactly what’s needed – more so, especially during an epidemic that’s affected the whole planet.

Btw, all stands – just like everything else at the conference – worked in hybrid format: some reps were there in person; others were beamed in via the internet.

But the start of the main event was fast-approaching – I needed to go have a look at the main hall; after all – I was kicking off the proceedings!…

As you can see, we were strictly following the sanitary-epidemiological recommendations. Audience all spread out, masks, and a bottle of sanitizer on each of those futuro-funky tables in addition to the bottle of water. After all, how absurd would it have been if a conference on cyber-viruses ignored the advice on precautions against a bio-virus?! // Admittedly, outside the conference itself (in the evenings) folks kinda relaxed their adherence to the rules a touch, but within reason.

In come the guests, with everyone a bit unsure of how the practicalities will go – it’s been a full half-year since anyone has been to a get-together like this!…

And we’re off!

First things first – a spot of self-praise regarding our successes (of which there were plenty).

Then, all sorts of useful, varied, necessary, and very promising stuff…

As usual, the thinking that went into the presentations was outside the box, the subject matter of the presentations original and intriguingly interesting.

And with presentations come… props. Including… a balalaika, of course ).

And with panel discussions in which I take part come… a digressional tale!

It went like this:

This summer, I found myself on vacation in Altai, Siberia, for a spot lot of rafting down the Katun River. Now, one of Katun’s many special features is a set of rapids called Shchoki, or Cheeks, which need cheeking out before you get up to the riverhead. To get to Cheeks, you need to get through a long stretch of dense jungle forest that runs along one of the Katun’s banks. But you can’t wade through the forest in shorts, t-shirt and flip-flops. Oh no. What you need is decent protection. Fortunately, the protection you wear to go for days on end faced with the river-rafting threat model is perfectly adequate for forest traversing too. That protection is: a neoprene (synthetic rubber) suit (to keep you warm), a lifejacket (obviously), and helmet (protection against the scorching summer sun – also a fellow paddler’s errant oar:). Now, all the others got a full-length neoprene suit – which covers everything from the wrists down to your ankles. I was given the only ‘cool and fancy’ suit – as a mark of respect ). This one was short-sleeved and short-trousered.

So far – so good. I was protected against practically all whitewater-rapids-rafting threats. But, as we were trudging through the forest, we hit upon a zillion very angry wasps, whose hive had apparently recently been put out of commission by a grizzly bear. Now, all the others – in their long-sleeved, long-legged neoprene suits – were nicely protected. Me, with bare arms and legs – well, I seemed to take the full brunt of the wasps’ wrath. In a word: ouch!

//1. ~Moral to the story: who could have foreseen such a potential threat in the traditional security model of a medium-difficulty river-rafting route?!! Takeaway: there’s no such thing as too much protection! Who knows what unusual, unexpected, unlikely threats could be round the corner?!

//2. Btw – coming soon is my Altai-2020 travelogue series. Stay tuned!…

All righty – back to the conference…

As per tradition, there was a lot of important and interesting stuff. Here’s an example:

We announced (and raised a glass to the fact) that we’ve received a patent for our machine learning technology for monitoring industrial installations and other complex equipment –
Kaspersky Machine Learning for Anomaly Detection (MLAD). Our system is able not only to analyze deviations from equipment processes considered ‘usual’ or deviations from their usual timing, but also to predict technological indicators.

For example, if the difference between forecasted and actual readings goes over certain thresholds, the system informs of a possible spanner in the works – say, relating to the quality of raw materials, of unauthorized personnel doing things they shouldn’t, in fact – whatever the client wants: to check for anomalies that crop up, be they intentional/accidental, malicious/benign. So, as you can see, we’re now able to help optimize production processes. And given that working-from-home is now so prevalent – it’s very timely too! And it will only become more so…

After the day’s work – it was time to relax. And time to support folks in an industry very hard hit by the pandemic – the industry of singing and dancing and performing…

Oh yes – how I’d missed loud sound systems blaring out live music. I’m sure Neschastni Sluchae (Accident!) missed it too!

In short – the event went down superbly!

Thank you everyone!

(The only (-)ve – the hour’s drive from to Adler to Sochi. Grrr.)

PS: And it just goes to show – offline events are now possible, if you’re real careful to make sure all the safety measures are in place. Yeh! We know this; so too does the hotel we stayed at and had the conference at ->

Super views ->

And a super sunset! ->

That’s all for today folks. Time to get back to Moscow. And what’s up next? We’ll just have to see…

All the pics from Sochi are here.

The other day – finally! – I was back on the road after a six-month hiatus. It wasn’t my usual globetrotting routine, but it was a trip away – on a plane. Up to Murmansk!

It was just a short trip (over a long weekend), whose main purpose was a spot of fishing in the Barents Sea. Actually (and just as I like it), there was another reason for the trip – a spot of business (discussing certain industrial cybersecurity projects). But enough about work already (more on the work topic in an upcoming post from Sochi); today – it’s all about the fishing!…

Read on…

Precisely a year ago, a group of like-minded adventurers and I took few weeks to leisurely tour Russia’s far-eastern Kuril Islands on a ship. Click on the link for plenty of pics and words about the expedition, but today I’m not writing about that, I’m writing about something else.

See, the group of like-minded adventurers I was with included a group of curious American documentary makers. Among them: the famous landscape photographer Chris Burkard, the legendary traveler-photographer-climber Renan Ozturk, the documentary filmmaker and conservationist Taylor Rees, their super-professional photography-and-film crew, plus ecologist-researchers.

And they all boarded our small ship for a lengthy investigation of the unique ecosystem of the Kuril archipelago, at the same time bringing attention to the remote region’s ecological problems.

And now, as a result of the eco-expedition a documentary has been released – From Kurils with Love. The ‘star’ of the short film is Vladimir Burkanov, Kurils conservationist and leading expert-biologist of the Kamchatka branch of the Pacific Institute of Geography of the Russian Academy of Sciences, who for more than 30 years has been studying the region’s sea mammals.

Read on…

Quite a lot of folks seem to think that the automobile of the 21^st century is a mechanical device. Sure, it has added electronics for this and that, some more than others, but still, at the end of the day – it’s a work of mechanical engineering: chassis, engine, wheels, steering wheel, pedals… The electronics – ‘computers’ even – merely help all the mechanical stuff out. They must do – after all, dashboards these days are a sea of digital displays, with hardly any analog dials to be seen at all.

Well, let me tell you straight: it ain’t so!

A car today is basically a specialized computer – a ‘cyber-brain’, controlling the mechanics-and-electrics we traditionally associate with the word ‘car’ – the engine, the brakes, the turn indicators, the windscreen wipers, the air conditioner, and in fact everything else.

In the past, for example, the handbrake was 100% mechanical. You’d wrench it up – with your ‘hand’ (imagine?!), and it would make a kind of grating noise as you did. Today you press a button. 0% mechanics. 100% computer controlled. And it’s like that with almost everything.

Now, most folks think that a driver-less car is a computer that drives the car. But if there’s a human behind the wheel of a new car today, then it’s the human doing the driving (not a computer), ‘of course, silly!’

Here I go again…: that ain’t so either!

With most modern cars today, the only difference between those that drive themselves and those that are driven by a human is that in the latter case the human controls the onboard computers. While in the former – the computers all over the car are controlled by another, main, central, very smart computer, developed by companies like Google, Yandex, Baidu and Cognitive Technologies. This computer is given the destination, it observes all that’s going on around it, and then decides how to navigate its way to the destination, at what speed, by which route, and so on based on mega-smart algorithms, updated by the nano-second.

A short history of the digitalization of motor vehicles

So when did this move from mechanics to digital start?

Some experts in the field reckon the computerization of the auto industry began in 1955 – when Chrysler started offering a transistor radio as an optional extra on one of its models. Others, perhaps thinking that a radio isn’t really an automotive feature, reckon it was the introduction of electronic ignition, ABS, or electronic engine-control systems that ushered in automobile-computerization (by Pontiac, Chrysler and GM in 1963, 1971 and 1979, respectively).

No matter when it started, what followed was for sure more of the same: more electronics; then things started becoming more digital – and the line between the two is blurry. But I consider the start of the digital revolution in automotive technologies as February 1986, when, at the Society of Automotive Engineers convention, the company Robert Bosch GmbH presented to the world its digital network protocol for communication among the electronic components of a car – CAN (controller area network). And you have to give those Bosch guys their due: still today this protocol is fully relevant – used in practically every vehicle the world over!

// Quick nerdy post-CAN-introduction digi-automoto backgrounder: 

The Bosch boys gave us various types of CAN buses (low-speed, high-speed, FD-CAN), while today there’s FlexRay (transmission), LIN (low-speed bus), optical MOST (multimedia), and finally, on-board Ethernet (today – 100mbps; in the future – up to 1gbps). When cars are designed these days various communications protocols are applied. There’s drive by wire (electrical systems instead of mechanical linkages), which has brought us: electronic gas pedals, electronic brake pedals (used by Toyota, Ford and GM in their hybrid and electro-mobiles since 1998), electronic handbrakes, electronic gearboxes, and electronic steering (first used by Infinity in its Q50 in 2014).

BMW buses and interfaces

Read on…

It’s been a long, long time since humanity has had a year like this one. I don’t think I’ve known a year with such a high concentration of black swans of various types and forms in it. And I don’t mean the kind with feathers. I’m talking about unexpected events with far-reaching consequences, as per the theory of Nassim Nicholas Taleb, published in his book The Black Swan: The Impact of the Highly Improbable in 2007. One of the main tenets of the theory is that, with hindsight, surprising events that have occurred seem so ‘obvious’ and predictable; however, before they occur – no one does indeed predict them.

Example: this ghastly virus that’s had the world in lockdown since March. It turns out there’s a whole extended family of such viruses – several dozen coronaviridae, and new ones are found regularly. Cats, dogs, birds, bats all get them. Humans get them; some cause common colds; others… So surely vaccines need to be developed against them as they have been for other deadly viruses like smallpox, polio, whatever. Sure, but that doesn’t always help a great deal. Look at flu – still no vaccine that inoculates folks after how many centuries? And anyway, to even start to develop a vaccine you need to know what you’re looking for, and that is more art than science, apparently.

So, why am I telling you this? What’s the connection to… it’s inevitably gonna be either cybersecurity or exotic travel, right?! Today – the former ).

Now, one of the most dangerous cyberthreats in existence are zero-days – rare, unknown (to cybersecurity folks et al.) vulnerabilities in software, which can do oh-my-grotesque large-scale awfulness and damage – but they often remain undiscovered up until the moment when (sometimes after) they’re exploited to inflict the awfulness.

However, cybersecurity experts have ways of dealing with unknown-cyber-quantities and predicting black swans. And in this post I want to talk about one such way: YARA.

Briefly, YARA helps malware research and detection by identifying files that meet certain conditions and providing a rule-based approach to creating descriptions of malware families based on textual or binary patterns. (Ooh, that sounds complicated. See the rest of this post for clarification.:) Thus, it’s used to search for similar malware by identifying patterns. The aim: to be able to say: ‘it looks like these malicious programs have been made by the same folks, with similar objectives’.

Ok, let’s take another metaphor: like a black swan, another water-based one; this time – the sea…

Let’s say a network you (as a cyber-sleuth) are studying (= examining for the presence of suspicious files/directories) is the ocean, which is full of thousands of different kinds of fish, and you’re an industrial fisherman out on the ocean in your ship casting off huge drift nets to catch the fish – but only certain breeds of fish (= malware created by particular hacker groups) are interesting to you. Now, the drift net is special: it has special ‘compartments’ into which fish only get into as per their particular breed (= malware characteristics). Then, at the end of the shift, what you have is a lot of caught fish all compartmentalized, and some of those fish will be relatively new, unseen before fish (new malware samples) about which you know practically nothing, but they’re in certain compartments labeled, say, ‘Looks like Breed X’ (hacker group X) and ‘Looks like Breed Y’ (hacker group Y).

We have a case that fits the fish/fishing metaphor perfectly. In 2015, our YARA guru and head of GReAT, Costin Raiu, went full-on cyber-Sherlock mode to find an exploit for Microsoft’s Silverlight software. You really need to read that article on the end of the ‘case’ link there but, if very briefly, what Costin did was carefully examine certain hacker-leaked email correspondence (of ‘Hacking Team’: hackers hacking hackers; go figure!) published in a detailed news article to put together out of practically nothing a YARA rule, which went on to help find the exploit and thus protect the world from all sorts of mega-trouble.

So, about these YARA rules…

We’ve been teaching the art of creating YARA rules for years. And since the cyberthreats YARA helps uncover are rather complex, we always ran the courses in person – offline – and only for a narrow group of top cyber-researchers. Of course, since March, offline training have been tricky due to lockdown; however, the need for education has hardly gone away, and indeed we’ve seen no dip in interest in our courses. This is only natural: the cyber-baddies continue to think up ever more sophisticated attacks – even more so under lockdown. Accordingly, keeping our special know-how about YARA to ourselves during lockdown looked just plain wrong. Therefore, we’ve (i) transferred the training format from offline to online, and (ii) made it accessible to anyone who wants to do it. For sure it’s paid, but the price for such a course at such a level (the very highest:) is very competitive and market-level.

Introducing! ->

Read on…

Business done successfully will always tend toward becoming bigger. C’est la vie.

It often goes like this: In a given field, the big and strong gobble up the small and… smart (exceptions prove the rule). But what also sometimes happens is the big and strong with breakthrough technologies in one field gobble up everyone in different field. Example: once upon a time there was the giant, all-powerful Kodak, but then the era of digital photography came along, and the film-based photography field was wiped out. And this is how scientific-technical revolutions come about, and they’re useful: they help humanity progress.

But there’s another scenario: the big and strong become… so incredibly big and strong that they start dictating rules to all the other players in their industry, they strangle the natural selection of innovative and successful companies, and even try to hamper the development of any allied companies or markets that represent potential danger for their business. And in this case, antimonopoly bodies have to intervene to put a stop to such abuse of power so as to protect progress.

This latter scenario is being played out right now on a (socially-distanced) stage in a suspenseful IT-show whose main characters are Amazon, Apple, Facebook and Google – operators of the world’s largest online platforms – three of which (all bar Facebook) also act as the world’s largest online marketplaces. The other main characters in the show are the U.S. authorities, which are trying to rein in these online platforms – meaning checking they’re not unfairly taking advantage of their powerful positions – including hindering their ability to be judge, jury and executioner in their marketplaces. They are trying to prevent unfair competition – including exertion of pressure on competitors to ease promotion of the marketplaces’ own products. I’ve already written about one such high profile show case like this: the one where Apple has been driving out independent developers of parental control applications from its App Store.

Let me give an analogy here:

A landlord starts to lease out his land to farmers on equal terms and conditions, which suit everyone just fine. But at the same time, the landlord keeps a close watch on the farmers to see which are doing best. The following year, he starts doing what those successful farmers do himself. He also changes the terms and conditions of the leases ‘to protect worms’: now all farmers under those leases aren’t allowed to use spades – they must use trowels, and they should stop using fertilizer. But this rule doesn’t apply to the landlord. It’s like, he’s not actually preventing the farmers from going about their farming business – and he’s declaring worthy intentions – but how on earth can the farmers with trowels compete with the landlord with his spades and the very latest fertilizer?

Sounds all very Middle Ages, right? But a similar thing is happening in 2020 – only not in farming but in the modern digital economy; however, finally, the powers-that-be appear to be waking up to the fact. Or so it seems…

In early 2019, U.S. Senator Elizabeth Warren gave a watershed interview to The Verge, in which she stated that she “would classify any company that runs a marketplace and makes more than $25 billion a year in revenue as a ‘platform utility’, and prohibit those companies from using those platforms from [sic] selling their own products.” Put simpler – incidentally when referring to Apple in particular – she stated: “Either they run the platform or they play in the store”.

And that was that: despite the fact these were Very Big Boys she was talking about, the starting gun was duly fired…

Read on…

Nearly 30 years ago, in 1993, the first incarnation of the cult computer game Doom appeared. And it was thanks to it that the few (imagine!) home computer owners back then found out that the best way of protecting yourself from monsters is to use a shotgun and a chainsaw ).

Now, I was never big into gaming (there simply wasn’t enough time – far too busy:); however, occasionally, after a long day’s slog, colleagues and I would spend an hour or so as first-person shooters, hooked up together on our local network. I even recall Duke Nukem corporate championships – results tables in which would be discussed at lunch in the canteen, and even bets being made/taken as to who would win! Thus, gaming – it was never far away.

Meanwhile, our antivirus appeared – complete with pig squeal (turn on English subs – bottom-right of video) to give fright to even the most fearsome of cyber-monsters. The first three releases went just fine. Then came the fourth. It came with a great many new technologies against complex cyberthreats, but we hadn’t thought through the architecture well enough – and we didn’t test it sufficiently either. The main issue was the way it hogged resources, slowing down computers. And software generally back then – and gaming in particular – was becoming more and more resource-intensive by the day; the last thing anyone needed was antivirus bogarting processor and RAM too.

So we had to act fast. Which we did. And then just two years later we launched our legendary sixth version, which surpassed everyone on speed (also reliability and flexibility). And for the last 15 years our solutions have been among the very best on performance.

Alas, leopards are thought to never lose their spots. A short-term issue affecting computer performance turned into a myth – and it’s still believed by some today. Competitors were of course happy to see this myth grow… to mythical proportions; we weren’t.

But, what has any of this K memory-laning got to do with Doom? Well…

Read on…