U.S. officials in charge of protecting the nation's critical infrastructure and cities from terrorist attacks face "difficult" problems when using surveillance on ordinary citizens, said Eugene Kaspersky, CEO of Moscow-based Kaspersky Lab.
"We don't know how many lives have been saved from collecting this information," Kaspersky said when asked about the National Security Agency surveillance program in an interview with reporters at his company headquarters in Moscow this week. "It's a very difficult situation."
Former NSA contractor Edward Snowden, who is believed to be held up at Moscow's Sheremetyevo International Airport, has appealed to Russian authorities for political asylum. Snowden is expected to be moved from the airport to Moscow. He flew to Russia June 23 from Hong Kong after leaking details about NSA surveillance activities to reporters.
Kaspersky was hesitant to comment on the issue, calling it a "sensitive" diplomatic problem for his country on which he did not want to comment. "According to United States regulation and laws he is definitely a spy," Kaspersky said, adding that he understands the issue is more complex.
The issue of government surveillance to thwart attackers is not new, Kaspersky said. In 2008, the Swedish parliament approved regulations letting Swedish Internet services track and report malicious Internet traffic to third parties. "It was five years ago or so, and no one remembers and it still works today," Kaspersky said. "Much of Russian traffic goes through Sweden."
The threat posed by terrorism could very well extend to cyberespionage activities or worse: the use of cyberweapons, Kaspersky said, recalling the Stuxnet attack against an Iranian uranium enrichment program in 2010 that spread to some industrial control systems globally. Other attacks investigated by Kaspersky Lab researchers indicate a growing use of sophisticated malware targeting individuals, companies and government agencies. One such attack called Red October was an extensive campaign that targeted mobile devices, laptops and servers, Kaspersky said.
Kaspersky said his company and other security vendors are fighting a war on several fronts. In addition to an automated system, teams of Kaspersky Lab engineers write signatures for thousands of variants of financially motivated malware. In the company's control room, computer screens display Zeus or Zbot, SpyEye and other malware families used constantly by cybercriminal gangs to spread malware, steal credit card and financial information to drain bank accounts.
Meanwhile, cyberespionage and targeted attacks are handled by the company's threat research team once suspicious malware samples call for further analysis. The team also responds to requests to investigate suspicious system activity from its enterprise and government customers.
Communication between threat researchers and law enforcement has substantially improved, Kaspersky said. Today antivirus vendors share malware samples immediately when they receive them, Kaspersky told reporters. Connections are set up to send data to each vendor in near-realtime, he said.
The security vendor is also stepping up its work with law enforcement. Kaspersky said the company would be working closely in developing Interpol's cybersecurity division, providing the technology and threat analysis capabilities for the Interpol Global Complex for Innovation based in Singapore. The facility is set to open next year to support Interpol investigations into cybercrime.
Interpol has legal investigative power in 190 member countries. More than 20 officers will be trained on cybersecurity investigations, Kaspersky said, calling the new cybercrime division "significant" in the fight against cybercrime.
"They have been about traditional crime and now they want to pay attention to cybercrime as well, and we want to assist with that," Kaspersky said. "We will have some of our engineers and security experts to be delegated to Singapore."
PUBLISHED JULY 23, 2013