Tip: Highlight text to annotate itX
>>David Rowan: The data seems to suggest that cybercrime is getting a more serious threat.
The U.K. cabinet office recently said just in the U.K. it's costing us 27 billion pounds
a year. But from where you're standing, how serious
is that threat? >>Mikko Hypponen: Well, it's been getting
more and more serious every single year I have been watching it. And over these 20 years
that I have been fighting online crime and online attackers, it seems that we just seem
to be unable to fix these things. And we actually seem to be unable to even
quantify them. Numbers like 27 billion sound impressive, but, I mean, it's actually very
hard to count on how much money we are losing because of cybercrime and cybersabotage or
cyber attacks of all kind. So the amount of money we lose has nothing
to do with the amount of money criminals are actually pocketing, and even that is massive.
>>David Rowan: So how vulnerable are we? >>Mikko Hypponen: Well, there are great examples
of where we are getting better. People keep asking me how come we can't fix these things?
How come we can't make an operating system or an application which couldn't be hacked.
We just can't. It's like could somebody build a perfect lock which couldn't be picked? No,
you can't. You take the ten best guys on the planet to pick locks and give them unlimited
budget and time and they will be able to figure out a way. Exactly the same thing applies
to our computers. >>David Rowan: Tell us, you spend your time
chasing them. Who are the bad guys? >>Mikko Hypponen: This is a crucial thing
to understand because people often get confused about the attackers and build defenses without
really understanding who we are fighting. And we have totally different groups out there
launching these attacks. We can group them into multiple different groups but the way
I like to group them is their motives and that brings us into three main groups. And
that would be criminals who do it to make money, to hacktivists who don't do their attacks
to make money, who do their attacks to send a message or a political motive. And then
we have governmental attacks, so attacks where governments or nation states are creating
malware and launching attacks. >>David Rowan: Let's pick them apart. The
criminals. We have the stereotype of the guy in his bedroom somewhere in eastern Europe
trying to target your bank account. Is that the reality or is it more organized?
>>Mikko Hypponen: Well, that's the way it used to be. We can actually play a series
of mug shots of online attackers who have been caught recently so we can see some faces
behind these crimes. And, indeed, it used to be fairly simple.
It used to be the teenager writing viruses in the bedroom for fun or for challenge. Then
we started seeing more money-making activity, which early on was fairly simple by using
infected computers to send Spam, but then we started to see more organized activity.
So banking Trojan gangs creating malware to steal money from online bank accounts while
people were doing online banking all the way to key loggers which will steal credit card
numbers when people type them in from their keyboards to ransom Trojans which take over
computers and want money for you to open the computer. So it is, actually, fairly organized
and we have seen gangs which have made millions of dollars, tens of millions of dollars in
profit out of these attacks. And we have to remember, this is tax free.
>>David Rowan: Tell us about a couple of your friends. So there is a nice chap lying down
with his gun. >>Mikko Hypponen: The guy with the gun is
Dmitry Golubov from Kiev, which is the capital of Ukraine. He was running a credit card theft
ring a couple of years ago. The last I heard of him, he has been out of jail where he was
sentenced for a while and he was running for parliament in Ukraine, which is an interesting
career move. >>David Rowan: He is going to boost the economy.
>>Mikko Hypponen: Sure. He certainly knows how to make money.
>>David Rowan: Do you feel at personal risk if you are trying to monitor these guys?
>>Mikko Hypponen: Well, I have never been threatened. I know of some people who work
in this industry who have been threatened so we do take some precautions but it isn't
like the real-world police work, really. >>David Rowan: Is you talked about the hacktivists.
Two or three years ago nobody here would have known about Anonymous. How important a threat
is this? >>Mikko Hypponen: It's one of the three groups
of attackers, and hacktivists really aren't after money. They want something more than
money. It could be as simple as retaliating against a perceived threat or perceived wrongness.
For instance, Sony was hacked 37 times last year mostly because they went into a court
case over somebody modifying their own PlayStation. And then Anonymous as the movement wanted
to retaliate that. But some of these guys we've seen when they gain access to systems
often get greedy. Like they see something valuable like a collection of credit card
numbers and then they just start stealing stuff instead of trying to send a message.
And then we simply move them from one group to another. They are no longer hacktivists.
Now they are criminals. >>David Rowan: So the third threat you said
was the nation state. So obviously China comes top of mind. How active are the Chinese?
>>Mikko Hypponen: Chinese activities we first started seeing them around 2005, and then
it was just espionage. And here, attribution is very complicated. People keep pointing
the finger towards China and Chinese government and the Chinese Army, the PLA. In practice,
this has been very hard to prove or link back all the way through. And, in fact, although
China gets the blame for many of the attacks we also should as assume that at least some
of the attacks and for instance some of the espionage stuff we see online isn't done by
the Chinese but it's done to look like the Chinese because it's an easy scapegoat. But
the fact is that we see cyber capabilities being displayed by basically any advanced
nation. And it's not just espionage. For example, German government has been using
Trojans in criminal investigations where they infect a suspect's computer with a Trojan,
with a back door, so the government can monitor what you're doing on your computer. And this,
it sounds horrible. In many ways it is, but it's actually a very clear path which has
led us to that. Ten years ago if somebody was suspect for
a crime, his phone would be tapped, his land line phone would be tapped. Today, his mobile
phone would be tapped. His Internet connection would be tapped. But it doesn't really tell
much. Even if the operator is monitoring all of your Internet traffic, because a big part
of your traffic is encrypted. So the only way, really, for authorities to see that traffic
is to have a back door on the computer. And that brings us into a situation where
even western nations are creating back doors and Trojans which they use against their own
citizens. >>David Rowan: Let's look specifically at
the Chinese, because I know Google has had some trouble. I know that the Nobel Peace
Prize has had some trouble. >>Mikko Hypponen: We've had several cases
where, for example, the Nobel case was after two years ago when Liu Xiaobo, one of the
Chinese dissidents, was awarded the Nobel Peace Prize and right after that, five days
later the Nobel Peace Prize Foundation Web site was hacked with an attack with was infecting
everybody who visited the Web site with a back door, and you really started to wonder,
like, what's going on here? Who would have the motive to launch an attack like this?
And as I said, the Chinese government keeps denying any link back to them.
Let's actually play a video. We have a video which was shown on Chinese governmental CCTV7
last year which was a governmental propaganda video called "Cyber Storm is Rising," and
that's a 20 minute documentary produced by the Chinese government. Talks about cyber
attacks and cyber war and how the Chinese PLA Army is protecting the citizens against
western aggression, but there is an interesting detail in the video at around minute 12. So
if you can look at what's happening and if you freeze for a moment at this application
we see on screen right here. Because throughout this video they show a lot of different code
on screen and people at the keyboard and lots of fast cuts. But for two seconds, they are
shooting a screen which has this Windows application there and somebody is operating the application.
And if you translate that it says copyright People's Liberation Army, and then it says
select target and we can see somebody using the mouse and selecting a target from the
list, and then there's two buttons and he clicks the button which says attack. And the
IP address which we see up there is actually an IP address in the United States of America.
>>David Rowan: Smart. >>Mikko Hypponen: So this would seem like
a smoking gun, maybe. [ Laughter ]
>>David Rowan: Go get them, guys. So probably the most high profile example
of what we assume is one state hitting another state is the Stuxnet virus that took out part
of the Iranian nuclear program. So who was behind Stuxnet?
>>Mikko Hypponen: Oh, it was the United States. >>David Rowan: How do you know that?
>>Mikko Hypponen: actually, I don't know, and that's the key point. I do believe it
was the United States, most likely with the Israelis. In fact, I do believe Stuxnet was
the end result of George W. Bush signing a cyber attack program against Iranian nuclear
program in 2008. But the key part here is I can't prove it.
So cyber arms or cyber attacks, cyber sabotage like this gives you deniability, and that's
exactly why we are right now seeing governmetns around the world starting to stockpile cyber
arms like these because they work, they are fairly cheap, and they give you deniability.
So for all we can see, we are right now in the middle of some kind of cyber arms race
which is starting right now. >>David Rowan: And the Iranians are also getting
their revenge by finding ways to access people's Gmail accounts in rather clever ways.
>>Mikko Hypponen: Indeed, what we are saying totalitarian states like Iran or Syria or
Libya, governments trying to monitor their own citizens for revolutionary people or for
dissidents. And we saw actually a sad case with Iranian government trying to monitor
their own people. And just like they couldn't just monitor the traffic because the revolutionary
people were effectively using foreign services which were outside of Iran. They were using
encrypted services, like, for example, Gmail. Most of the of the email connectivity between
Iranian dissidents were over Gmail because Gmail is always SSL encrypted, which means
mogul government can't read what you're doing. Even if you tap the Internet connection, it's
encrypted. So as an end result, we saw a case where Iranians
hacked into a foreign certificate authority in the Netherlands to generate 27 rogue SSL
certificates with which they could then set up local fake copies of Gmail.com, Hotmail.com,
Live.com, Skype.com, Facebook.com, and the local people who were using these services
actually ended up on a server which was used to track them and trap them. And we believe
it's actually likely people died in Iran because of this.
>>David Rowan: So we're moving very quickly to the mobile Internet. People were educated
to put antivirus in their PCs, but we don't put antiviruses in our mobile phones, our
tablets. How vulnerable are we? >>Mikko Hypponen: Well, I guess the mobile
side best shows us that we are capable of learning. For example, if you look at the
iPhone, next month it's five years old and we have had zero attacks, zero Trojans, zero
viruses against the iPhone because it's a very locked down system.
Of course, these mobile systems, the more open you have them, the more vulnerabilities
you will have. On Android phones by Google, we have seen attacks, a few thousand of them,
which sounds like a big number, but then when you compare it to the amount of attacks you
see on traditional Windows computers, we see millions of attacks there. But the truth is
we are seeing the attackers move to where the customers are or where the victims are.
And obviously we are all moving to the mobile world, so the criminals are moving there as
well. >>David Rowan: It's just been announced that
Chrome has overtaken Internet Explorer, according to StatCounter, to be the most used Web browser.
Can we trust Chrome? Is it secure? >>Mikko Hypponen: Chrome is actual excellent
in security sense and I am not saying that just because we are at the Google event.
Looking at real world statistics from people who surf the Web and happen to visit the Web
site which has an exploit kit waiting, users surfing with IE or fire Fox in practice have
a much higher risk of getting infected than users with Chrome. And I do believe that's
one of the reasons why Chrome bypassed IE in popularity globally just yesterday, after
IE had been the number one browser in the world for 14 years, Chrome became number one
yesterday. >>David Rowan: This is editorial. This is
not sponsored. [ Laughter ]
>>David Rowan: Thank you, Mikko Hypponen. >>Mikko Hypponen: Thank you.
[ Applause ]
