Federal Antivirus
Defenders of the virtual world need state help
The most unpleasant thing in anti-Russian sanctions is that they threaten to stall cooperation in high technologies and electronic means of communication. And for example, blocking the international system of interbank settlements SWIFT can paralyze entire sectors of the economy. At the same time, the West is silent that it has long been striving to turn our country into electronic slavery, trying to control our cyberspace, and even control it.
Even at the dawn of "democratic transformations" we were hooked on an imported computer needle, and now the lion's share of software and "smart hardware" even at Russia's foreign-made strategic enterprises. Moreover, few of the citizens - users of smartphones and the Internet - think that all personal information becomes available to the secret services of the likely adversary at any time, and all sorts of manipulations with virtual technologies have already turned into a series of state coups and fratricidal wars that reached Iraq, Egypt, Libya to Ukraine.
Now is not the time to nostalgic for the Soviet "defense", in which even the import nail was not, not like foreign electronic brains. While lulling tales about entering the civilized world, our “probable friends” and their agents of influence choked domestic intellectual productions and promising developments (which by the way in 80 were not inferior to Western ones) and outbid prospective specialists. And yet we must not sprinkle ashes on our heads, but to see what we really have, what hidden reserves can be mobilized and what exactly needs to be done now so that the oncoming cyber threat does not become lethal.
According to Kaspersky Lab, 2005 registered thousands of viruses in 350, about 2008 millions in 15, 2011 millions in 946, and over six billion in 2014. Panda Security reports daily detection of thousands of malware instances by 160. You should not sin on antivirus protection. Programmers who create it, spinning like a squirrel in a wheel, forced to update their databases every 40 minutes, and as a result, 99,9 recognizes the percentage of unwanted e-guests invading. But penetrating a small fraction is enough not only to spoil the mood, but to disable the whole system.
Intruder network
In the past decade, information security experts have noted an avalanche-like increase in the number of virus attacks on users' organizations and computers. And such an attack is not just a spontaneous flow of electronic "killers", but a highly accurate cyber weapon, organized aggression on a specific, well-protected object of strategic importance with a specific goal (download information, interfere with normal work or lay low and wait for the destruction team).
According to Positive Technologies, an intruder acting over the Internet is able to access the internal 9 network from 10 systems. In 55 percent of cases, an external attacker can build on success and gain complete control over the entire infrastructure of the company.
How, for example, was organized by the very first major target virus attack Stuxnet, aimed at Iran’s nuclear facilities and discovered in 2010 by experts of the Belarusian company VirusBlokAda. At the first stage, some suppliers of equipment were subjected to hidden virus exposure, then - a software and hardware complex for centrifuge control.
The unique nature of Stuxnet is, firstly, that its goal was not even connected to the Internet, secondly, although the virus (the brainchild of the US and Israeli intelligence services) was intended for Iran, it was later recorded in 12 countries of the world, including Russia . And another curious detail: Stuxnet was revealed in 2010 year, remaining unnoticed in networks for three years. Antivirus developers have not yet known such a failure.
Of the recent incidents, an attack on Rosoboronexport’s servers in March 2014 is known. Having cracked the IT systems of the Indian Embassy in Moscow, the attackers sent a malicious email to the head of the state-owned company, infected the Sukhoi, Oboronprom, Gazflot and other enterprises. Hackers published extracted archive files of 448 MB - more than a thousand documents of various degrees of secrecy.
The consequences of the Darkhotel attack, which began in 2004, are unpredictable, and for seven years nobody suspected it. According to some reports, it lasts so far. High-ranking officials, businessmen, and top managers of large companies who settled in the premium-class hotels of several Asian countries became victims of cyber-spies. As soon as the VIPs connected to the hotel Wi-Fi, viral programs were introduced into their gadgets and penetrated through the closed servers of the organizations where guests worked. This indicates both the highest qualification of computer hackers and the fact that their activities are coordinated.
Every third under the hood
After the revelations of Edward Snowden and numerous publications, it became obvious that the United States, in addition to virus attacks, used a wide range of technical methods of spying on citizens of various countries. We name only some of the specialized tracking and listening systems that are used by overseas special services.
PRISM is a completely secret US state program, adopted by the US National Security Agency in 2007, according to which a massive unofficial collection of information transmitted over telecommunication networks. According to estimates by the Washington Post, the NSA in 2010-m daily intercepted and recorded almost 1,7 billion calls and e-mails, about five billion records of the whereabouts and movements of mobile phone owners around the world.
The secret program Aurora Gold was developed by the NSA for tracking mobile operators. According to one of the documents, made public by Snowden, by May 2012, US intelligence was receiving technical information about 70 percent of mobile networks in the world. The NSA spied on, among other things, the influential British GSM Association, an association of mobile operators that develops standards for GSM communications. This organization, in particular, includes leading Russian companies: MTS, Megafon and Beeline.
Approximately 32 percent of the working population of Russia use smartphones, in other words, spyware. This means that overseas overseers at any second know the location of 30 of millions of Russian citizens with an accuracy of 50 meters, their routes, all personal data, including last name, first name, patronymic name, age, account numbers, social circle, friends, acquaintances, relatives, correspondence via SMS and e-mail, the profession, all their social activities, status, photos, audio and video preferences and so on. According to the user agreements, all these data can be transferred to US government agencies (intelligence services) without the knowledge of customers.
Another powerful tool of Western e-aggression is social networks, which entangle an increasing number of inexperienced, revealing the souls of the World Wide Web and falling under the influence of cyberklists. It is known that the coordination of anti-state speeches, including riots on Bolotnaya Square in 2011, was carried out via social networks.
Against "ducks" and "bugs"
Recently, there have been frequent injections of misinformation camouflaged as usual. news. The technology is simple. An absolute fake passes through a furious repost and begins to be quoted by the official media. As a result, the lie acquires the legitimacy of the news - it is replicated. Sometimes refutation succeeds, in most cases - not. Bad information spreads more successfully, because the negative clings stronger, on which the stuffing is based.
As President Vladimir Putin noted at the FSB collegium, in 2014, over 25 thousands of Internet resources were found with publications violating the law, and more than 1,500 extremist websites were shut down.
“We need to continue to clear the Russian Internet space of illegal, criminal materials, more actively use modern technologies for this, to participate in the formation of the international information security system,” the head of state demanded. - It's not about restricting freedom on the Internet, not at all. It is about ensuring security and the rule of law. At the same time, it is necessary to strictly observe Russian and international legal norms and standards in this field. Not to interfere with the communication of people on the Web and the placement of legal, permissible and correct information there. ”
Information is the most expensive product, saving on its quality and security is extremely dangerous. And the antidote to malicious programs that breed at the speed of 300 thousands per day, Russian specialists in electronic security create. Let's see how this is done, for example, the development company InfoWatch. The system is not initially looking for spyware as such, but identifies IT deviations from the norm, constantly honing the skill of detecting virus attacks. The whole process - from sampling the current data stream to a detailed study of the identified anomalies and diagnosis - occurs automatically. Moreover, the analysis is carried out on servers inaccessible to attackers. For example, in the cloud service. Due to self-learning system 98-percent guarantee is achieved that dangerous software will be detected and correctly classified in automatic mode. The remaining most difficult and insidious two percent of cases will be neutralized by computer analysts, who will also take on the retraining of their IT colleagues.
Armed with domestic know-how, the response centers for threats that should be formed in each region can become a reliable intellectual guardian of cybersecurity.
However, technology is only one of the elements of a country's digital sovereignty, securing the rights and capabilities of a state to independently determine its interests in the electronic sphere, including the Internet.
The program of digital sovereignty should be adopted as national - with appropriate support, including financial. By the way, according to experts, the cost of electronic security will be about 0,1 percent of the profits of the enterprise. God knows what amounts even with the current economic turbulence.
An important section of the program is import substitution and support for domestic developers. Where there are Russian analogues, it is necessary to apply them, where not - to create.
Unfortunately, many of our scientists and production workers are not eager to switch to domestic technologies. Last year, only 20 percent of the total government procurement in software was spent on the purchase of Russian information development.
Almost the entire domestic defense industry uses foreign computer equipment, and this cannot guarantee confidentiality. Not only can foreign supplies and services be stopped due to sanctions, where are the guarantees that there are no “bugs” there, that information does not flow to “probable friends”? Back in September, the State Council of China 2003 adopted a resolution prohibiting government agencies from purchasing foreign software.
The state program of digital sovereignty must be backed up by legislative and regulatory framework. The doctrine of the information security of Russia was adopted in the 2000 year, and there are not enough documents providing the mechanism for its implementation.
Interregional conference in St. Petersburg was devoted to recommendations on how to overcome the whole spectrum of threats in the field of electronic security. It was held under the auspices of the State Duma Committee on Defense, which will present specific legislative initiatives to the country's leadership. But to ensure the information security of Russia with the help of domestic developments, political will is required.
The most unpleasant thing in anti-Russian sanctions is that they threaten to stall cooperation in high technologies and electronic means of communication. And for example, blocking the international system of interbank settlements SWIFT can paralyze entire sectors of the economy. At the same time, the West is silent that it has long been striving to turn our country into electronic slavery, trying to control our cyberspace, and even control it.
Even at the dawn of "democratic transformations" we were hooked on an imported computer needle, and now the lion's share of software and "smart hardware" even at Russia's foreign-made strategic enterprises. Moreover, few of the citizens - users of smartphones and the Internet - think that all personal information becomes available to the secret services of the likely adversary at any time, and all sorts of manipulations with virtual technologies have already turned into a series of state coups and fratricidal wars that reached Iraq, Egypt, Libya to Ukraine.
Now is not the time to nostalgic for the Soviet "defense", in which even the import nail was not, not like foreign electronic brains. While lulling tales about entering the civilized world, our “probable friends” and their agents of influence choked domestic intellectual productions and promising developments (which by the way in 80 were not inferior to Western ones) and outbid prospective specialists. And yet we must not sprinkle ashes on our heads, but to see what we really have, what hidden reserves can be mobilized and what exactly needs to be done now so that the oncoming cyber threat does not become lethal.
According to Kaspersky Lab, 2005 registered thousands of viruses in 350, about 2008 millions in 15, 2011 millions in 946, and over six billion in 2014. Panda Security reports daily detection of thousands of malware instances by 160. You should not sin on antivirus protection. Programmers who create it, spinning like a squirrel in a wheel, forced to update their databases every 40 minutes, and as a result, 99,9 recognizes the percentage of unwanted e-guests invading. But penetrating a small fraction is enough not only to spoil the mood, but to disable the whole system.
Intruder network
In the past decade, information security experts have noted an avalanche-like increase in the number of virus attacks on users' organizations and computers. And such an attack is not just a spontaneous flow of electronic "killers", but a highly accurate cyber weapon, organized aggression on a specific, well-protected object of strategic importance with a specific goal (download information, interfere with normal work or lay low and wait for the destruction team).
According to Positive Technologies, an intruder acting over the Internet is able to access the internal 9 network from 10 systems. In 55 percent of cases, an external attacker can build on success and gain complete control over the entire infrastructure of the company.
How, for example, was organized by the very first major target virus attack Stuxnet, aimed at Iran’s nuclear facilities and discovered in 2010 by experts of the Belarusian company VirusBlokAda. At the first stage, some suppliers of equipment were subjected to hidden virus exposure, then - a software and hardware complex for centrifuge control.The unique nature of Stuxnet is, firstly, that its goal was not even connected to the Internet, secondly, although the virus (the brainchild of the US and Israeli intelligence services) was intended for Iran, it was later recorded in 12 countries of the world, including Russia . And another curious detail: Stuxnet was revealed in 2010 year, remaining unnoticed in networks for three years. Antivirus developers have not yet known such a failure.
Of the recent incidents, an attack on Rosoboronexport’s servers in March 2014 is known. Having cracked the IT systems of the Indian Embassy in Moscow, the attackers sent a malicious email to the head of the state-owned company, infected the Sukhoi, Oboronprom, Gazflot and other enterprises. Hackers published extracted archive files of 448 MB - more than a thousand documents of various degrees of secrecy.
The consequences of the Darkhotel attack, which began in 2004, are unpredictable, and for seven years nobody suspected it. According to some reports, it lasts so far. High-ranking officials, businessmen, and top managers of large companies who settled in the premium-class hotels of several Asian countries became victims of cyber-spies. As soon as the VIPs connected to the hotel Wi-Fi, viral programs were introduced into their gadgets and penetrated through the closed servers of the organizations where guests worked. This indicates both the highest qualification of computer hackers and the fact that their activities are coordinated.
Every third under the hood
After the revelations of Edward Snowden and numerous publications, it became obvious that the United States, in addition to virus attacks, used a wide range of technical methods of spying on citizens of various countries. We name only some of the specialized tracking and listening systems that are used by overseas special services.
PRISM is a completely secret US state program, adopted by the US National Security Agency in 2007, according to which a massive unofficial collection of information transmitted over telecommunication networks. According to estimates by the Washington Post, the NSA in 2010-m daily intercepted and recorded almost 1,7 billion calls and e-mails, about five billion records of the whereabouts and movements of mobile phone owners around the world.
The secret program Aurora Gold was developed by the NSA for tracking mobile operators. According to one of the documents, made public by Snowden, by May 2012, US intelligence was receiving technical information about 70 percent of mobile networks in the world. The NSA spied on, among other things, the influential British GSM Association, an association of mobile operators that develops standards for GSM communications. This organization, in particular, includes leading Russian companies: MTS, Megafon and Beeline.
Approximately 32 percent of the working population of Russia use smartphones, in other words, spyware. This means that overseas overseers at any second know the location of 30 of millions of Russian citizens with an accuracy of 50 meters, their routes, all personal data, including last name, first name, patronymic name, age, account numbers, social circle, friends, acquaintances, relatives, correspondence via SMS and e-mail, the profession, all their social activities, status, photos, audio and video preferences and so on. According to the user agreements, all these data can be transferred to US government agencies (intelligence services) without the knowledge of customers.
Another powerful tool of Western e-aggression is social networks, which entangle an increasing number of inexperienced, revealing the souls of the World Wide Web and falling under the influence of cyberklists. It is known that the coordination of anti-state speeches, including riots on Bolotnaya Square in 2011, was carried out via social networks.
Against "ducks" and "bugs"
Recently, there have been frequent injections of misinformation camouflaged as usual. news. The technology is simple. An absolute fake passes through a furious repost and begins to be quoted by the official media. As a result, the lie acquires the legitimacy of the news - it is replicated. Sometimes refutation succeeds, in most cases - not. Bad information spreads more successfully, because the negative clings stronger, on which the stuffing is based.
As President Vladimir Putin noted at the FSB collegium, in 2014, over 25 thousands of Internet resources were found with publications violating the law, and more than 1,500 extremist websites were shut down.
“We need to continue to clear the Russian Internet space of illegal, criminal materials, more actively use modern technologies for this, to participate in the formation of the international information security system,” the head of state demanded. - It's not about restricting freedom on the Internet, not at all. It is about ensuring security and the rule of law. At the same time, it is necessary to strictly observe Russian and international legal norms and standards in this field. Not to interfere with the communication of people on the Web and the placement of legal, permissible and correct information there. ”
Information is the most expensive product, saving on its quality and security is extremely dangerous. And the antidote to malicious programs that breed at the speed of 300 thousands per day, Russian specialists in electronic security create. Let's see how this is done, for example, the development company InfoWatch. The system is not initially looking for spyware as such, but identifies IT deviations from the norm, constantly honing the skill of detecting virus attacks. The whole process - from sampling the current data stream to a detailed study of the identified anomalies and diagnosis - occurs automatically. Moreover, the analysis is carried out on servers inaccessible to attackers. For example, in the cloud service. Due to self-learning system 98-percent guarantee is achieved that dangerous software will be detected and correctly classified in automatic mode. The remaining most difficult and insidious two percent of cases will be neutralized by computer analysts, who will also take on the retraining of their IT colleagues.
Armed with domestic know-how, the response centers for threats that should be formed in each region can become a reliable intellectual guardian of cybersecurity.
However, technology is only one of the elements of a country's digital sovereignty, securing the rights and capabilities of a state to independently determine its interests in the electronic sphere, including the Internet.
The program of digital sovereignty should be adopted as national - with appropriate support, including financial. By the way, according to experts, the cost of electronic security will be about 0,1 percent of the profits of the enterprise. God knows what amounts even with the current economic turbulence.
An important section of the program is import substitution and support for domestic developers. Where there are Russian analogues, it is necessary to apply them, where not - to create.
Unfortunately, many of our scientists and production workers are not eager to switch to domestic technologies. Last year, only 20 percent of the total government procurement in software was spent on the purchase of Russian information development.
Almost the entire domestic defense industry uses foreign computer equipment, and this cannot guarantee confidentiality. Not only can foreign supplies and services be stopped due to sanctions, where are the guarantees that there are no “bugs” there, that information does not flow to “probable friends”? Back in September, the State Council of China 2003 adopted a resolution prohibiting government agencies from purchasing foreign software.
The state program of digital sovereignty must be backed up by legislative and regulatory framework. The doctrine of the information security of Russia was adopted in the 2000 year, and there are not enough documents providing the mechanism for its implementation.
Interregional conference in St. Petersburg was devoted to recommendations on how to overcome the whole spectrum of threats in the field of electronic security. It was held under the auspices of the State Duma Committee on Defense, which will present specific legislative initiatives to the country's leadership. But to ensure the information security of Russia with the help of domestic developments, political will is required.
Information