Mikko Hypponen: Fighting viruses, defending the net

I affection the Internet. It’s true. Think about everything it has brought us. Think about all the services we use, all the connectivity, all the entertainment, all the business, all the commerce. And it’s happening during our lifetimes. I’m pretty sure that one day we’ll be writing history books hundreds of years from now. This time our contemporary will be remembered as the generation that got online, the generation that built something really and truly world. But yes, it’s also genuine that the Internet has troubles, serious problems, problems with security and problems with privacy. I’ve consume my occupation fighting these problems. So let me show you something. This here is Brain. This is a floppy disk — five and a quarter-inch floppy disk fouled by Brain.A. It’s the first virus we ever experienced for PC computers. And we actually know where Brain came from. We know because it says so inside the code. Let’s take a look. All title. That’s the boot sector of an infected floppy, and if we take a closer look inside, we’ll see that right there, it says, “Welcome to the dungeon.” And then it continues, saying, 1986, Basit and Amjad.And Basit and Amjad are first names, Pakistani first names. In fact, there’s a phone number and an address in Pakistan.( Laughter) Now, 1986. Now it’s 2011. That’s 25 years ago. The PC virus trouble is 25 years old now. So half a year ago, I decided to go to Pakistan myself. So let’s see, here’s got a couple of photos I took while I was in Pakistan. This is from the city of Lahore, which is around 300 kilometers south from Abbottabad, where Bin Laden was caught.Here’s a usual street goal. And here’s the street or road leading to this building, which is 730 Nizam block at Allama Iqbal Town. And I thumped on the door.( Laughter) You want to guess who opened the door? Basit and Amjad; they are still there.( Laughter)( Applause) So now standing up is Basit. Sitting down is his brother Amjad. These are the guys who wrote the first PC virus. Now of course, we had a very interesting discussion. I asked them why. I ask questions how they feel about what they started. And I got some sort of satisfaction from received information that both Basit and Amjad had had their computers polluted dozens of eras by fully unrelated other viruses over these years.So there is some sort of justice in the world after all. Now, the viruses that we used to see in the 1980 s and 1990 s obviously are not a problem any more. So let me just show you a couple of examples of what they used to look like. What I’m running here is a system that enables me to run age-old programs on a modern computer. So let me just mount some drives. Got to go. What we have here is a list of old viruses. So let me operate some viruses on my computer. For example, let’s go with the Centipede virus first. And “youre seeing” at the priorities in the screen, there’s a centipede scrolling across your computer when you get infected by this one. You know that you’re infected because it actually shows up. Here’s another one. This is the virus announced Crash, developed in Russia in 1992. Let me demonstrate you one which actually utters some chime.( Siren noise) And the last example, guess what the Walker virus does? Yes, there’s a guy treading across your screen formerly you get infected.So it used to be fairly easy to know that you’re infected by a virus, when the viruses were written by hobbyists and teenagers. Today, they are no longer being written by hobbyists and boys. Today, viruses are a global question. What we have here in the background is an example of our organisations that we run in our laboratories, where we track virus illness worldwide. So we can actually are presented in real day that we’ve just blocked viruses in Sweden and Taiwan and Russia and elsewhere.In fact, if I time connect back to our laboratory structures through the Web, we can see in real age just some kind of idea of how many viruses, how many brand-new examples of malware we find every single day. Here’s the most recent virus we’ve feel, in a document announced Server.exe. And we find it right over here three seconds ago — the previous one, six seconds away. And if we just scroll around, it’s just massive.We witnes tens of thousands, even hundreds of thousands. And that’s the last 20 minutes of malware every single day. So where are all these coming from then? Well today, it’s the organized criminal syndicates writing these viruses because they make money with their viruses. It’s syndicates like — let’s go to GangstaBucks.com. This is a website operating in Moscow where these guys are buying fouled computers. So if you are a virus writer and you’re capable of infecting Windows computers, but you don’t know what to do with them, you can sell those infected computers — somebody else’s computers — to these people. And they’ll actually compensate you money for those computers.So how do these chaps then monetize those infected computers? Well there’s multiple different ways, such as banking trojans, which will steal fund from your online banking reports when you do online banking, or keyloggers. Keyloggers quietly sit on your computer, obstructed from viewpoint, and they record everything you kind. So you’re sitting on your computer and you’re doing Google pursuits. Every single Google search you type is saved and sent to the criminals. Every single email you write is saved and sent to the criminals. Same thing with every single password and so on. But the thing that they’re actually looking for most are discussions where you go online and do online buys in any online collect. Because when you do buys in online supermarkets, you will be typing in your identify, the give address, your credit card number and the credit card security codes. And here’s an example of a record we received from a server a few weeks ago. That’s the credit card number, that’s the expiration date, that’s the security code, and that’s the name of the owner of the card.Once you gain access to other people’s credit card information, you can just go online and buy whatever you want with this information. And that, certainly, is a problem. We now have a whole underground marketplace and business ecosystem structured around online crime. One lesson to seeing how these chaps actually are capable of monetizing their operations: we go and have a look at the sheets of INTERPOL and search for wanted persons.We find guys like Bjorn Sundin, initially from Sweden, and his partner in crime, likewise is available on the INTERPOL craved sheets, Mr. Shaileshkumar Jain, a U.S. citizen. These people were rolling an operation called I.M.U ., a cybercrime operation through which they netted millions. They are both right now on the run. Nobody knows where they are. U.S. officials, precisely a few weeks ago, suspend a Swiss bank account belonging to Mr.Jain, and that bank account had 14.9 million U.S. dollars on it. So the amount of money online crime renders is significant. And that means that the online crooks are truly yield to invest into their attacks. We know that online crooks are hiring programmers, hiring testing parties, testing their code, having back-end arrangements with SQL databases. And they can afford to watch how we work — like how insurance people run — and try to work their highway around any security prudences we can build. They also use the global nature of Internet to their advantage. I necessitate, the Internet is international. That’s why we call it the Internet. And if you just go and take a look at what’s happening in the online life, here’s a video built by Clarified Networks, which illustrates how one single malware household is able to move around the world. This running, is considered to be originally from Estonia, moves around from one country to another as soon as the website is tried to shut down. So you just can’t shut these guys down. They will swap from one country to another, from one jurisdiction to another — moving around the world, exercising the fact that we don’t have the capability to globally police operations like this.So the Internet is as if someone would have given free plane tickets to all the online crooks “of the worlds”. Now, delinquents who weren’t capable of reaching us before can reach us. So how do you actually go around finding online crimes? How do you actually track them down? Let me give you an example. What we have here is one exploit file. Here, I’m looking at the Hex dump of an epitome register, which contains an employ. And that mostly represents, if you’re trying to view this image file on your Windows computer, it actually takes over your computer and rolls code. Now, if you’ll take a look at this image document — well there’s the image header, and there the actual code of the attack starts. And that code has been encrypted, so let’s decrypt it. It has been encrypted with XOR function 97. You merely have to believe me, it is, it is. And we can go here and actually start decrypting it. Well the yellow one of the purposes of the system is now decrypted.And I know, it doesn’t really glance much different from the original. But really remain staring at it. You’ll actually see that down now “youre seeing” a Web address: unionseek.com/ d/ ioo.exe And when you view this image on your computer it actually is going to download and raced that curriculum. And that’s a backdoor which will take over your computer. But even more interestingly, if we continue decrypting, we’ll find this mysterious string, which says O600KO78RUS. That system is there underneath the encryption as some kind of a signature. It’s not used for anything. And I was looking at that, trying to figure out what it implies. So clearly I Googled for it. I get zero touches; wasn’t there. So I spoke with the guys at the laboratories. And we have a couple of Russian chaps in our laboratories, and one of them mentioned, well, it ends in RUS like Russia. And 78 is the city code for the city of St. Petersburg. For example, you can find it from some phone numbers and car registration plate and substance like that. So I went looking for contacts in St.Petersburg, and through a long road, we eventually found this one particular website. Here’s this Russian guy who’s been operating online for a number of years who runs his own website, and he operates a blog under the popular Live Journal. And on this blog, he blogs about “peoples lives”, about “peoples lives” in St. Petersburg — he’s in his early 20 s — about his feline, about his lover. And he drives a very nice car. In fact, this guy drives a Mercedes-Benz S6 00 V12 with a six-liter engine with more than 400 horsepower. Now that’s a nice gondola for a 20 -something year-old kid in St. Petersburg. How do I only knew this gondola? Because he blogged about the car. He actually had a car accident. In downtown St. Petersburg, he actually crashed his gondola into another automobile. And he gave blogged idols about the car accident — that’s his Mercedes — right here is the Lada Samara he gate-crashed into. And you can actually see that the registration plate of the Samara ends in 78 RUS. And if you actually take a look at the stage drawing, you can see that the plate of the Mercedes is O600KO78RUS. Now I’m not a lawyer, but if I would be, this is where I would say, “I rest my case.”( Laughter) So what happens when online felons are caught? Well in most cases it never gets this far. The vast majority of the online crime events, we don’t even know which continent the attacks are coming from. And even if we are able to find online delinquents, quite often there is no outcome. The local police don’t act, or if they do, there’s not enough prove, or for some reason we can’t take them down. I care it would be easier; unfortunately it isn’t. But things are also changing at a very rapid pace. You’ve all heard about things like Stuxnet. So if you look at what Stuxnet did is that it fouled these. That’s a Siemens S7- 400 PLC, programmable logic[ controller ]. And this is what races infrastructure facilities. This is something that guides everything around us. PLC’s, these tiny containers which have not yet been display , no keyboard, who the hell is programmed, are put in place, and they do their job.For example, the elevators in this building most likely are controlled by one of these. And when Stuxnet fouls one of the following options, that’s a big revolution on the kinds of risks we have to worry about. Because everything around us is being run by these. I make, we have critical infrastructure. You going to see any mill, any power plant, any chemical plant, any nutrient processing bush, you look around — everything is being run by computers.Everything is being run by computers. Everything is reliant on these computers working. We have become very reliant on Internet, on basic things like electricity, certainly, on computers wielding. And this really is something which creates entirely new troubles for us. We must have some channel of continuing to work even if computers miscarry.( Laughter)( Applause) So preparedness means that we can do stuff even when the things we take for granted aren’t there. It’s actually very basic stuff — thinking about continuity, thinking about backups, thinking about the things that actually matter. Now I “ve told you” –( Laughter) I affection the Internet. I do. Think about all the services we have online. Think about if they are taken away from you, if one day you don’t actually have them for some reason or another. I check perfection in the future of the Internet, but I’m worried that we might not be understood that. I’m worried that we are running into problems because of online crime. Online crime is the one thing that might make these things away from us.( Laughter) I’ve devote my life defending the Net, and I do feel that if we don’t defend online crime, we are running a risk of losing it all.We have to do this globally, and we have to do it right now. What we need is more world, international law enforcement work to find online criminal gangs — these organized gangs that are stimulating millions out of their attacks. That’s much more important than flowing anti-viruses or moving firewalls. What actually matters is actually attaining the person or persons behind these attacks, and even more importantly, we have to find the people who are about to become part of this online macrocosm of crime, but haven’t yet done it.We have to find the people with the skills, but without the potential benefits and give them the opportunities to use their skills for good. Thank you very much.( Applause ).

As found on YouTube

Book Now For Asbestos Removal In Newcastle