Kaspersky: Google hack takes spotlight from Russia
- — 05 February, 2010 12:06
Does that give you a hiring advantage, if there are not a lot of software companies and there are a lot of people getting a good education?
Kaspersky: There are not so many companies but [students] have enough job offers. It's competitive. In the past, software engineers in Russia, they were cheap. Now, if you [don't count] taxation, they make almost the same as in Silicon Valley. It's not cheap anymore.
There's this perception in the U.S. that Russia is the source of all sorts of cybercrime...
Now this perception has been changed. Now American media is starting to say 'Chinese hackers.' It was only 'Russian hackers,' now it's Chinese. It's a perception. It's the same in Germany about Americans. I read an article in CeBIT News that was about spam. And they didn't say just spammers, they said 'American spammers.' So in Germany there's a perception that all spam is coming from the United States. It's wrong.
Why is there this perception? I don't know. Is it the truth or not? Partly it's the truth. I think that Russian-speaking hackers and cybercriminals, they're number three in the ranking of cybercrime. Number one is China. It's quite a big distance to the second one. Second is Latin America -- well, Spanish- and Portuguese-speaking malware -- I think mostly from Brazil, but also from other countries as well. Russia, it's not just Russia, but they're from the Ukraine, from Kazakhstan, Baltic countries, or Israel, New York, Seattle, we don't know. The malware doesn't have a passport, and when the attacks are coming from some territory, we are not sure because it could be a proxy server. So it looks a bit stupid when they say, 'Oh this attack was run from China?' Why? 'Because their IP addresses, they are Chinese.' Come on. It's a proxy server in China that's it.
Have you paid attention to the Aurora attacks on Google and other companies?
We still don't have enough data about that, but there was too much noise, I think. These attacks are happening every day on some companies. They simply don't disclose the information. Why did they decide to start their PR? I don't know. It could be some part of the game.
To pressure China, you mean?
Yes, I think, but not on the government level. I think Google has its own strategy for the Chinese market and that it could be part of the strategy. So they took this incident as good news and disclosed it just to take more attention to the problems they have in China. And it's not just about human rights or freedom of information. It's also the fact that they have a major competitor in China: Baidu. The Chinese market is very difficult.
How is your business in China?
We have more than 100 million users in China. I didn't say customers.
How many paying users do you have?
Are you concerned at all about IP theft and espionage, getting back to Aurora?
This type of targeted attacks is not news, but still the security industry doesn't have the right answer for these issues. Still we are looking for the right ways to protect, and there's no magic bullet against that, because there are so many different attacks.