>>David Rowan: The data seems to suggest that
cybercrime is getting a more serious threat.
The U.K. cabinet office recently said just
in the U.K. it's costing us 27 billion pounds
a year.
But from where you're standing, how serious
is that threat?
>>Mikko Hypponen: Well, it's been getting
more and more serious every single year I
have been watching it.
And over these 20 years that I have been fighting
online crime and online attackers, it seems
that we just seem to be unable to fix these
things.
And we actually seem to be unable to even
quantify them.
Numbers like 27 billion sound impressive,
but, I mean, it's actually very hard to count
on how much money we are losing because of
cybercrime and cybersabotage or cyber attacks
of all kind.
So the amount of money we lose has nothing
to do with the amount of money criminals are
actually pocketing, and even that is massive.
>>David Rowan: So how vulnerable are we?
>>Mikko Hypponen: Well, there are great examples
of where we are getting better.
People keep asking me how come we can't fix
these things?
How come we can't make an operating system
or an application which couldn't be hacked.
We just can't.
It's like could somebody build a perfect lock
which couldn't be picked?
No, you can't.
You take the ten best guys on the planet to
pick locks and give them unlimited budget
and time and they will be able to figure out
a way.
Exactly the same thing applies to our computers.
>>David Rowan: Tell us, you spend your time
chasing them.
Who are the bad guys?
>>Mikko Hypponen: This is a crucial thing
to understand because people often get confused
about the attackers and build defenses without
really understanding who we are fighting.
And we have totally different groups out there
launching these attacks.
We can group them into multiple different
groups but the way I like to group them is
their motives and that brings us into three
main groups.
And that would be criminals who do it to make
money, to hacktivists who don't do their attacks
to make money, who do their attacks to send
a message or a political motive.
And then we have governmental attacks, so
attacks where governments or nation states
are creating malware and launching attacks.
>>David Rowan: Let's pick them apart.
The criminals.
We have the stereotype of the guy in his bedroom
somewhere in eastern Europe trying to target
your bank account.
Is that the reality or is it more organized?
>>Mikko Hypponen: Well, that's the way it
used to be.
We can actually play a series of mug shots
of online attackers who have been caught recently
so we can see some faces behind these crimes.
And, indeed, it used to be fairly simple.
It used to be the teenager writing viruses
in the bedroom for fun or for challenge.
Then we started seeing more money-making activity,
which early on was fairly simple by using
infected computers to send Spam, but then
we started to see more organized activity.
So banking Trojan gangs creating malware to
steal money from online bank accounts while
people were doing online banking all the way
to key loggers which will steal credit card
numbers when people type them in from their
keyboards to ransom Trojans which take over
computers and want money for you to open the
computer.
So it is, actually, fairly organized and we
have seen gangs which have made millions of
dollars, tens of millions of dollars in profit
out of these attacks.
And we have to remember, this is tax free.
>>David Rowan: Tell us about a couple of your
friends.
So there is a nice chap lying down with his
gun.
>>Mikko Hypponen: The guy with the gun is
Dmitry Golubov from Kiev, which is the capital
of Ukraine.
He was running a credit card theft ring a
couple of years ago.
The last I heard of him, he has been out of
jail where he was sentenced for a while and
he was running for parliament in Ukraine,
which is an interesting career move.
>>David Rowan: He is going to boost the economy.
>>Mikko Hypponen: Sure.
He certainly knows how to make money.
>>David Rowan: Do you feel at personal risk
if you are trying to monitor these guys?
>>Mikko Hypponen: Well, I have never been
threatened.
I know of some people who work in this industry
who have been threatened so we do take some
precautions but it isn't like the real-world
police work, really.
>>David Rowan: Is you talked about the hacktivists.
Two or three years ago nobody here would have
known about Anonymous.
How important a threat is this?
>>Mikko Hypponen: It's one of the three groups
of attackers, and hacktivists really aren't
after money.
They want something more than money.
It could be as simple as retaliating against
a perceived threat or perceived wrongness.
For instance, Sony was hacked 37 times last
year mostly because they went into a court
case over somebody modifying their own PlayStation.
And then Anonymous as the movement wanted
to retaliate that.
But some of these guys we've seen when they
gain access to systems often get greedy.
Like they see something valuable like a collection
of credit card numbers and then they just
start stealing stuff instead of trying to
send a message.
And then we simply move them from one group
to another.
They are no longer hacktivists.
Now they are criminals.
>>David Rowan: So the third threat you said
was the nation state.
So obviously China comes top of mind.
How active are the Chinese?
>>Mikko Hypponen: Chinese activities we first
started seeing them around 2005, and then
it was just espionage.
And here, attribution is very complicated.
People keep pointing the finger towards China
and Chinese government and the Chinese Army,
the PLA.
In practice, this has been very hard to prove
or link back all the way through.
And, in fact, although China gets the blame
for many of the attacks we also should as
assume that at least some of the attacks and
for instance some of the espionage stuff we
see online isn't done by the Chinese but it's
done to look like the Chinese because it's
an easy scapegoat.
But the fact is that we see cyber capabilities
being displayed by basically any advanced
nation.
And it's not just espionage.
For example, German government has been using
Trojans in criminal investigations where they
infect a suspect's computer with a Trojan,
with a back door, so the government can monitor
what you're doing on your computer.
And this, it sounds horrible.
In many ways it is, but it's actually a very
clear path which has led us to that.
Ten years ago if somebody was suspect for
a crime, his phone would be tapped, his land
line phone would be tapped.
Today, his mobile phone would be tapped.
His Internet connection would be tapped.
But it doesn't really tell much.
Even if the operator is monitoring all of
your Internet traffic, because a big part
of your traffic is encrypted.
So the only way, really, for authorities to
see that traffic is to have a back door on
the computer.
And that brings us into a situation where
even western nations are creating back doors
and Trojans which they use against their own
citizens.
>>David Rowan: Let's look specifically at
the Chinese, because I know Google has had
some trouble.
I know that the Nobel Peace Prize has had
some trouble.
>>Mikko Hypponen: We've had several cases
where, for example, the Nobel case was after
two years ago when Liu Xiaobo, one of the
Chinese dissidents, was awarded the Nobel
Peace Prize and right after that, five days
later the Nobel Peace Prize Foundation Web
site was hacked with an attack with was infecting
everybody who visited the Web site with a
back door, and you really started to wonder,
like, what's going on here?
Who would have the motive to launch an attack
like this?
And as I said, the Chinese government keeps
denying any link back to them.
Let's actually play a video.
We have a video which was shown on Chinese
governmental CCTV7 last year which was a governmental
propaganda video called "Cyber Storm is Rising,"
and that's a 20 minute documentary produced
by the Chinese government.
Talks about cyber attacks and cyber war and
how the Chinese PLA Army is protecting the
citizens against western aggression, but there
is an interesting detail in the video at around
minute 12.
So if you can look at what's happening and
if you freeze for a moment at this application
we see on screen right here.
Because throughout this video they show a
lot of different code on screen and people
at the keyboard and lots of fast cuts.
But for two seconds, they are shooting a screen
which has this Windows application there and
somebody is operating the application.
And if you translate that it says copyright
People's Liberation Army, and then it says
select target and we can see somebody using
the mouse and selecting a target from the
list, and then there's two buttons and he
clicks the button which says attack.
And the IP address which we see up there is
actually an IP address in the United States
of America.
>>David Rowan: Smart.
>>Mikko Hypponen: So this would seem like
a smoking gun, maybe.
[ Laughter ]
>>David Rowan: Go get them, guys.
So probably the most high profile example
of what we assume is one state hitting another
state is the Stuxnet virus that took out part
of the Iranian nuclear program.
So who was behind Stuxnet?
>>Mikko Hypponen: Oh, it was the United States.
>>David Rowan: How do you know that?
>>Mikko Hypponen: actually, I don't know,
and that's the key point.
I do believe it was the United States, most
likely with the Israelis.
In fact, I do believe Stuxnet was the end
result of George W. Bush signing a cyber attack
program against Iranian nuclear program in
2008.
But the key part here is I can't prove it.
So cyber arms or cyber attacks, cyber sabotage
like this gives you deniability, and that's
exactly why we are right now seeing governmetns
around the world starting to stockpile cyber
arms like these because they work, they are
fairly cheap, and they give you deniability.
So for all we can see, we are right now in
the middle of some kind of cyber arms race
which is starting right now.
>>David Rowan: And the Iranians are also getting
their revenge by finding ways to access people's
Gmail accounts in rather clever ways.
>>Mikko Hypponen: Indeed, what we are saying
totalitarian states like Iran or Syria or
Libya, governments trying to monitor their
own citizens for revolutionary people or for
dissidents.
And we saw actually a sad case with Iranian
government trying to monitor their own people.
And just like they couldn't just monitor the
traffic because the revolutionary people were
effectively using foreign services which were
outside of Iran.
They were using encrypted services, like,
for example, Gmail.
Most of the of the email connectivity between
Iranian dissidents were over Gmail because
Gmail is always SSL encrypted, which means
mogul government can't read what you're doing.
Even if you tap the Internet connection, it's
encrypted.
So as an end result, we saw a case where Iranians
hacked into a foreign certificate authority
in the Netherlands to generate 27 rogue SSL
certificates with which they could then set
up local fake copies of Gmail.com, Hotmail.com,
Live.com, Skype.com, Facebook.com, and the
local people who were using these services
actually ended up on a server which was used
to track them and trap them.
And we believe it's actually likely people
died in Iran because of this.
>>David Rowan: So we're moving very quickly
to the mobile Internet.
People were educated to put antivirus in their
PCs, but we don't put antiviruses in our mobile
phones, our tablets.
How vulnerable are we?
>>Mikko Hypponen: Well, I guess the mobile
side best shows us that we are capable of
learning.
For example, if you look at the iPhone, next
month it's five years old and we have had
zero attacks, zero Trojans, zero viruses against
the iPhone because it's a very locked down
system.
Of course, these mobile systems, the more
open you have them, the more vulnerabilities
you will have.
On Android phones by Google, we have seen
attacks, a few thousand of them, which sounds
like a big number, but then when you compare
it to the amount of attacks you see on traditional
Windows computers, we see millions of attacks
there.
But the truth is we are seeing the attackers
move to where the customers are or where the
victims are.
And obviously we are all moving to the mobile
world, so the criminals are moving there as
well.
>>David Rowan: It's just been announced that
Chrome has overtaken Internet Explorer, according
to StatCounter, to be the most used Web browser.
Can we trust Chrome?
Is it secure?
>>Mikko Hypponen: Chrome is actual excellent
in security sense and I am not saying that
just because we are at the Google event.
Looking at real world statistics from people
who surf the Web and happen to visit the Web
site which has an exploit kit waiting, users
surfing with IE or fire Fox in practice have
a much higher risk of getting infected than
users with Chrome.
And I do believe that's one of the reasons
why Chrome bypassed IE in popularity globally
just yesterday, after IE had been the number
one browser in the world for 14 years, Chrome
became number one yesterday.
>>David Rowan: This is editorial.
This is not sponsored.
[ Laughter ]
>>David Rowan: Thank you, Mikko Hypponen.
>>Mikko Hypponen: Thank you.
[ Applause ]
