Kasperskys on cybercrime: Don't blame the Russian mafia and why we need anti-anti-anti virus software

Russian security professionals Eugene and Natalya Kaspersky dropped by Network World this week en route from Moscow to the RSA Conference in California. In a wide-ranging interview with Features Editor Neal Weinberg, the Kaspersky Lab duo discussed the Russian mafia, the latest in hacker tricks and their view that the bad guys are winning.

Are we winning or losing the battle against cybercriminals?

Eugene: The industry itself is losing the game.

Natalya: We’re trying our best to stay on top, but unfortunately I must confess that the detection level is slowly going down. We develop new technology to stop them and they develop new technology to bypass. We still have the highest detection rate, but we cannot stop some malicious code. This makes us scared if we will be able to stop them in the future.

There was a time when we thought that antivirus technology was enough, but that time has gone. It’s not enough, obviously. We need help from local authorities. We need help from operating system providers. And one very important thing is education. Many people become infected because they don’t know.

In the United States, it’s common for new exploits and attacks to be blamed on "the Russian mafia." Since you live in Russia, what’s your take on that?

Eugene: Traditional criminals are not in touch with computer criminals, probably because they still don’t understand how to manage it. With the traditional mafia, it’s drugs, it’s prostitution, it’s illegal weapons trading.

So the whole idea of the Russian mafia being behind global computer crime is a myth?

Eugene: I think it’s a myth.

Where is most of the criminal activity coming from?

Eugene: No. 1 is China. Different countries have specific malicious code that they develop. Chinese people mostly develop multi-vector backdoor Trojans, also Trojans that steal data from online games.

No. 2 is Spanish-speaking countries and Brazil. Most of the Trojans which we see from these countries are banking Trojans to steal money from personal banking accounts.

No. 3 was Russia, but I was really surprised to see a report from my virus lab that now Russia seems to be No. 4 and No. 3 is Turkey. Now there are more Internet users and more and more criminals in Turkey. Russian hackers are mostly developing proxy Trojans to send spam and also spyware to steal everything, all the personal data and all the access codes.

Is law enforcement making a dent in cybercrime?

Eugene: The situation is getting worse. In 2004, there were 100 arrests around the globe. In 2005, there was a few hundred. Last year, there were about 100 arrests again. It seems like the stupid guys were jailed. The smart guys, it’s very difficult to find them.

Why can’t law enforcement track them down?

Eugene: The problem is that many criminal actions are done internationally. Last week, there was a report of a bank robbery in Sweden. Customers of this bank were infected with a Trojan and the bank lost 1 million Euros. We don’t have proof but it seems like the Trojan was developed by a Russian guy, but he never used it. He had a Web page with an explanation of the Trojan and the price. The origin was Russian. Some people bought it, I have no idea who they are, and they attacked a Swedish bank. In order to investigate you need people from at least three countries. It’s not easy.