Mikko Hypponen: Fighting viruses, defending the net

I love the Internet. It’s true. Think about everything it has brought us. Think about all the services we use, all the connectivity, all the entertainment, all the business, all the commerce. And it’s happening during our lifetimes. I’m pretty sure that one day we’ll be writing history books hundreds of years from now. This time our contemporary will be remembered as the generation that got online, the generation that constructed something really and truly world. But yes, it’s also true-life that the Internet has difficulties, very serious problems, problems with security and problems with privacy.I’ve spend my busines fighting these problems. So let me show you something. This here is Brain. This is a floppy disk — five and a quarter-inch floppy disk infected by Brain.A. It’s the first virus we ever spotcheck for PC computers. And we actually know where Brain came from. We know because it says so inside the code. Let’s have a look. All right. That’s the boot sector of an fouled diskette, and if we take a closer look inside, we’ll see that right there, it says, “Welcome to the dungeon.” And then it continues, saying, 1986, Basit and Amjad.And Basit and Amjad are given name, Pakistani first names. In fact, there’s a telephone number and an address in Pakistan.( Laughter) Now, 1986. Now it’s 2011. That’s 25 several years ago. The PC virus difficulty is 25 years old now. So half a year ago, I decided to go to Pakistan myself. So let’s see, here’s got a couple of photos I made while I was in Pakistan. This is from the city of Lahore, which is around 300 kilometers south from Abbottabad, where Bin Laden was caught. Here’s a normal street opinion. And here’s the street or road leading to this building, which is 730 Nizam block at Allama Iqbal Town. And I knocked on the door.( Laughter) You want to guess who opened the door? Basit and Amjad; they are still there.( Laughter)( Applause) So now standing up is Basit. Sitting down is his brother Amjad. These are the guys who wrote the first PC virus.Now of course, we had a very interesting discussion. I ask questions why. I asked them how they feel about what they started. And I got some sort of satisfaction from learning that both Basit and Amjad had had their computers fouled dozens of hours by totally unrelated other viruses over these years. So there is some sort of justice in the world after all. Now, the viruses that we used to see in the 1980 s and 1990 s apparently are not a problem any more.So let me just show you a couple of examples of what they used to look like. What I’m running here is a system that enables me to run age-old programs on a modern computer. So let me just mount some drives. Got to go. What we have here is a list of old viruses. So let me guide some viruses on my computer. For example, let’s go with the Centipede virus first. And you can see at the top of the screen, there’s a centipede moving across your computer when you get infected by this one.You know that you’re infected because it actually shown in. Here’s another one. This is the virus announced Crash, invented in Russia in 1992. Let me establish you one which in fact realizes some racket.( Siren noise) And the last example, guess what the Walker virus does? Yes, there’s a person moving across your screen formerly you get infected. So it used to be fairly easy to know that you’re infected by a virus, when the viruses were to be established by hobbyists and boys. Today, they are no longer being to be established by hobbyists and teens. Today, viruses are a world trouble. What we have here in the background is an example of our arrangements that we run in our laboratories, where we track virus infections worldwide.So we can actually see in real experience that we’ve just blocked viruses in Sweden and Taiwan and Russia and elsewhere. In fact, if I only connect back to our laboratory structures through the Web, we can see in real occasion just some kind of idea of how many viruses, how many brand-new examples of malware we find every single day. Here’s the most recent virus we’ve witnes, in a enter announced Server.exe. And we obtained it right over here three seconds ago — the previous one, six seconds ago. And if we just scroll around, it’s just big. We find tens of thousands, even hundreds of thousands. And that’s the last 20 minutes of malware every single day. So where are all these coming from then? Well today, it’s the organized crime organizations writing these viruses because they make money with their viruses.It’s gangs like — let’s go to GangstaBucks.com. This is a website operating in Moscow where these people are buying polluted computers. So if you are a virus writer and you’re capable of infecting Windows computers, but you don’t know what to do with them, you can sell those infected computers — somebody else’s computers — to these guys. And they’ll actually pay you fund for those computers. So how do these chaps then monetize those infected computers? Well there’s multiple different ways, such as banking trojans, which will steal fund from your online banking details when you do online banking, or keyloggers. Keyloggers silently be participating in your computer, obstructed from examine, and they record everything you category. So you’re sitting on your computer and you’re doing Google pursuits. Every single Google search you type is saved and sent to the criminals. Every single email you write is saved and sent to the criminals.Same thing with every single password and so on. But the thing that they’re actually looking for most are conferences where you go online and do online obtains in any online supermarket. Because when you do obtains in online accumulations, you will be typing in your figure, the bringing address, your credit card number and the credit card security codes.And here’s an example of a enter we acquired from a server a few weeks ago. That’s the credit card number, that’s the expiration date, that’s the security code, and that’s the name of the owner of the card. Once you gained from other people’s credit card information, you can just go online and buy whatever you want with this information. And that, undoubtedly, is a problem. We now have a whole underground marketplace and business ecosystem built around online crime. One example to seeing how these chaps actually are capable of monetizing their operations: we go and have a look at the sheets of INTERPOL and sought for wanted persons. We find chaps like Bjorn Sundin, initially from Sweden, and his partner in crime, too is available on the INTERPOL wanted sheets, Mr.Shaileshkumar Jain, a U.S. citizen. These chaps were extending an operation called I.M.U ., a cybercrime enterprise through which they netted millions. They are both right now on the run. Nobody knows where they are. U.S. officials, simply a couple of weeks ago, froze a Swiss bank account belonging to Mr. Jain, and that bank account had 14.9 million U.S. dollars on it. So the amount of money online crime produces is significant. And that means that the online crooks are truly open to invest into their attacks. We know that online crimes are hiring programmers, hiring testing people, testing their code, having back-end arrangements with SQL databases. And they can afford to watch how we work — like how certificate parties act — and try to work their space around any protection precautions we can build. They also use the world-wide mood of Internet to their advantage.I mean, the Internet is international. That’s why we call it the Internet. And if you just go and take a look at what’s happening in the online world, here’s a video built by Clarified Networks, which illustrates how one single malware family is able to move around the world. This procedure, is considered to be primarily from Estonia, moves around from one country to another as soon as the website is tried to shut down. So you just can’t slammed these people down.They will switch from one country to another, from one jurisdiction to another — moving around the world, using the facts of the case that we don’t have the capability to globally police actions like this. So the Internet is as if someone would have given free aircraft tickets to all the online crimes “of the worlds”. Now, crimes who weren’t capable of reaching us before can reach us. So how do you actually go around finding online crimes? How do you actually move them down? Let me give you an example. What we have here is one exploit file. Now, I’m looking at the Hex dump of an image record, which contains an manipulate. And that basically entails, if you’re trying to view this image file on your Windows computer, it actually takes over your computer and runs system. Now, if you’ll take a look at this image folder — well there’s the persona header, and there the actual code of the attack starts.And that system has been encrypted, so let’s decrypt it. It has been encrypted with XOR function 97. You really have to believe me, it is, it is. And we can go here and actually start decrypting it. Well the yellow-bellied part of the code is now decrypted. And I know, it doesn’t really examine much different from the original. But precisely restrain staring at it. You’ll actually see that down now “youre seeing” a Web address: unionseek.com/ d/ ioo.exe And when you end this image on your computer it actually is going to download and operated that platform. And that’s a backdoor which will take over your computer. But even more interestingly, if we continue decrypting, we’ll find this mysterious string, which says O600KO78RUS. That code is there underneath the encryption as some sort of a signature. It’s not used for anything. And I was looking at that, trying to figure out what it means.So patently I Googled for it. I get zero hits; wasn’t there. So I spoke with the chaps at the lab. And we have a couple of Russian chaps in our labs, and one of them mentioned, well, it ends in RUS like Russia. And 78 is the city code for the city of St. Petersburg. For example, you can find it from some phone numbers and gondola license plates and trash like that. So I went looking for contacts in St. Petersburg, and through a long road, we eventually located this one particular website. Here’s this Russian guy who’s been operating online for a number of years who runs his own website, and he moves a blog for the purposes of the favourite Live Journal.And on this blog, he blogs about his life, about his life in St. Petersburg — he’s in his early 20 s — about his cat, about his lover. And he drives a very nice car. In fact, this guy drives a Mercedes-Benz S6 00 V12 with a six-liter engine with more than 400 horsepower. Now that’s a nice gondola for a 20 -something year-old kid in St. Petersburg. How do I only knew this automobile? Because he blogged about the car. He actually had a car accident. In downtown St. Petersburg, he actually gate-crashed his gondola into another automobile. And he settled blogged personas about the car accident — that’s his Mercedes — right here is the Lada Samara he crashed into. And you can actually see that the registration plate of the Samara ends in 78 RUS. And if you actually take a look at the panorama drawing, you can see that the plate of the Mercedes is O600KO78RUS. Now I’m not a solicitor, but if I would be, this is where I would say, “I rest my case.”( Laughter) So what happens when online crooks are caught? Well in most cases it never goes this far. The vast majority of the online crime events, we don’t even know which continent the attacks are coming from. And even if we are able to find online crooks, quite often there is no outcome.The local police don’t act, or if they do, there’s not enough evidence, or for some reason we can’t make them down. I care it would just be easier; regrettably it isn’t. But things are also changing at a very rapid pace. You’ve all is known about things like Stuxnet. So if you look at what Stuxnet did is that it infected these. That’s a Siemens S7- 400 PLC, programmable reasoning[ controller ]. And this is something that passes infrastructure facilities. This is something that runs everything around us. PLC’s, these small-time cartons which have not yet been display , no keyboard, which are programmed, are put in place, and they do their job. For example, the elevators in this building most likely are controlled by one of these.And when Stuxnet infects one of the following options, that’s a big revolt on the types of risks we have to worry about. Because everything around us is being run by these. I intend, “were having” critical infrastructure. You go to any plant, any power plant, any chemical flower, any meat processing weed, you look around — everything is being run by computers. Everything is being run by computers. Everything is reliant on these computers working. We have become very reliant on Internet, on basic things like energy, apparently, on computers driving. And this really is something which creates completely new difficulties for us. We must have some practice of continuing to work even if computers disappoint.( Laughter)( Applause) So preparedness means that we can do stuff even when the things we take for granted aren’t there. It’s actually very basic stuff — thinking about continuity, thinking about backups, thinking about the things that actually matter. Now I “ve told you” –( Laughter) I adoration the Internet. I do. Think about all the services we have online. Think about if they are taken away from you, if one day you don’t actually have them for some reason or another.I meet perfection in the future of the Internet, but I’m worried that we were able to not be understood that. I’m worried that we are running into problems because of online crime. Online crime is the one thing that might take these things away from us.( Laughter) I’ve expend my life defending the Net, and I do feel that if we don’t battle online crime, we are running a risk of losing everything there is. We have to do this globally, and we have to do it right now.What we need is more world, international law enforcement work to find online criminal mobs — these unionized organizations that are shaping millions out of their attacks. That’s much more important than feeing anti-viruses or guiding firewalls. What actually matters is actually encountering the people behind these attacks, and even more importantly, we have to find the people who are about to become part of this online macrocosm of crime, but haven’t yet done it. We have to find the people with the skills, but without the opportunities and give them the opportunities to use their skills for good. Thank you very much.( Applause ).

Amjad

As found on YouTube

Book Now For Asbestos Test In Newcastle