Kaspersky: Vital cyber-security is where the jobs are

Kids looking for a career — and adults seeking a new way to make a living — need look no further than information technology security. That’s the message from Eugene Kaspersky, one of the deans of the cyber-security business. “The dangers are much greater than they ever were, the solutions are much more complicated, and there aren’t enough people in the field. Unfortunately there are plenty of jobs, and the demand is only going to increase,” Kaspersky told an audience of hundreds in Tel Aviv Monday.

Kaspersky is the head of the cyber-security firm that bears his name. Among his accomplishments was the disclosure of the existence of the Stuxnet malware in 2012. The virus attacked Iranian nuclear facilities by hitting the PLC (programmable logic control) automation systems that control them. More than one analyst has attributed the creation and deployment of Stuxnet to Israeli engineers. Israel, of course, denies any involvement.

Stuxnet was unique and exceptional just two years ago, but nowadays it’s just another run-of-the-mill attack program. Over the past several years, there’s been an explosion in the development of malware to attack infrastructure, SCADA systems (the automated low-level computer systems that control machinery, transportation systems, gas stations, utility systems, and much more), security installations, and other vital targets.

The development of that armada of infrastructure-attacking malware is due to one of the most worrying developments in hacking over the past few years — the emergence of organized crime as a force in the cyber-criminal world. “In the old days, cyber-criminals were geeks who tried to break into servers but weren’t professional criminals — and were surprised and a little frightened when the police showed up,” Kaspersky said, addressing a major international cyber-security event sponsored by Tel Aviv University’s Cyber Research Center (ICRC). “The new breed of criminal is interested not in hacking for fun or in hacktivism to make a political point, or even in stealing credit card information. They — or their employers — are hard-core criminals interested in hard-core crime.”

Among the scenarios that have already taken place: criminal hackers successfully hijacking ATMs to suck out money from them. “They don’t bother with credit card or bank card data to get cash, but instead attack the ATMs themselves, opening up the money spouts to extract as much cash as they can get away with.” Another scenario described by Kaspersky involves breaking the codes to security systems at seaports, in order to enable illicit cargo to pass security inspections. In one recent case, Kaspersky said, “hackers changed the security protocol at Antwerp port, with crates containing cocaine declared automatically as inspected.” One scenario that hasn’t happened yet, but could at any moment: prisoners or their confederates hacking into prison computer systems to open the doors of the jails, releasing inmates wholesale. “There’s no reason they couldn’t do it if they tried,” Kaspersky said.

Even more threatening is the fact that once espionage malware like Stuxnet gets out into cyber-space, it’s just a matter of time before hackers working on behalf of organized crime get hold of it — making their gangs even more powerful, able to run roughshod over the most secure systems. “Espionage malware, in which governments try to steal secrets from each other, is nothing new and nothing to be surprised at, but if criminals get hold of this stuff, things will definitely get even more out of control than they are now,” he warned.

In his presentation, Kaspersky detailed various methods that could be used to solve — or, more likely, alleviate — the growing menace. But without qualified people to run the machines, nothing is going to get done. “Since we are speaking at an educational institution, I want to emphasize the importance of education in prevention, but especially to develop professionals who can help develop the defenses we need to survive as a society,” Kaspersky said. “I have been doing this for 25 years, and I lie awake at night worrying about what is, and even worse, what could be.”