We recently got the opportunity to interview Eugene Kaspersky, the man behind Kaspersky Anti Virus. Here's what he had to say about the evolution of malware, the future of cybersecurity, the problems with the internet, and more.
You've been in the anti-virus business for a long time. What are your thoughts on the evolution of malware?
Malware has evolved in three stages. The first stage was more about smart young programmers writing viruses for fun, or to learn about replicating programs. These viruses were more benign, and they were not written with a motive to make money. This has now changed. Viruses and malware is currently written by professionally organized groups with the intention of making money. The current situation of the internet helps malware creators make money with very little risk, and they aren't out to just have fun anymore. Also, malware writers are increasingly targeting newer devices like smartphones, which have a low security barrier. I feel that cyber-terrorism will increase as well, with countries infrastructure being targeted more and more in the days to come.
What do you think about the links between cyber-crime groups and organized crime? Are they joining forces?
I don't think this is true. The cyber-criminals don't have strong links with organized crime groups. They may have some links, but I don't think it's fair to say that all cyber criminals are part of the real Mafia, or other organized crime groups. The mentality of a cyber-criminal is very different from a real-world crook, and it's not true that all cyber-criminals would commit physical crimes, or think like people who are used to more violent lifestyles.
What can we do to fix some of the problems with malware on the Internet?
The Internet was never designed with security in mind. If I was God, and wanted to fix the Internet, I would start by ensuring that every user has a sort of internet passport: basically, a means of verifying identity, just like in the real world, with driver's licenses and passports and so on. The second problem is one of jurisdiction. The Internet has no borders, and neither do the criminals who operate on the Internet. However, law enforcement agencies have jurisdictional limits, and are unable to conduct investigations across the globe. I feel we need an international agency to combat this problem, something like an Interpol for the Internet.
Won't your suggestion of Internet Passports remove the anonymity from online browsing, thus causing problems for people who may be operating in countries that are not friendly to their views, and so on?
There is no such thing as anonymity on the Internet, for the average user. It is relatively easy to identify the casual surfer from his IP address and the ISP's logs. Criminals, on the other hand, are professionals who know how to hide their tracks. A passport would be beneficial to law-abiding users, and would make it that much more difficult for cyber-criminals to hide.