"I'm really afraid of terrorist attacks. I don't know when or where, but I'm afraid it is going to happen," said Kaspersky, adding that a potential remote attack on critical infrastructure, including power stations and transport systems, was entirely possible and something he and his researchers had been talking about for a while.
Jim Armitage: Cyber-security guru Eugene Kaspersky chuckles his way through a litany of computer scare stories
So, he's talked about the mafia's move into cybercrime, but what's the next big threat? Easy, he answers. Mobile technology. The shift to mobile has been happening for years, with new mobile banking, e-payments and e-wallets being launched daily. The trouble is, says Mr Kaspersky, while famous viruses over the past 20 years, from Chernobyl to ILoveYou, have made us aware of the risk to our PCs, we're not used to thinking about security on our mobile devices. Yet attacks are happening every day. "When I say 'mobile' I'm also talking here about smart TVs," he says. "These are connected to the internet. They have operating systems and they have cameras. So you are watching TV, and TV is watching you!" he giggles.
"But the worst threats are going to be attacks on critical infrastructure and its physical environment, which is managed by IT systems: power plants, factories, sea ports and aeroplanes for terrorism and sabotage. Many of these systems were designed 20, 30 or 40 years ago when cyber sabotage did not exist. "Now it's a different era. I'm afraid that we will see very bad attacks with real damage on the critical infrastructure because it is managed by computer systems that are vulnerable."
These days Kaspersky seems like a one-man alarm system, pumping his dark dispatches around the world. In October he berated executives at a tech summit for failing to encrypt their smartphones. With just 30 virus hunters — he says he cannot find more to hire — Kaspersky Lab receives 300,000 unique malware reports daily, work that is "like our religion," Kaspersky says. "Our mission is to save the cyberworld, not to make our investors happy." Luckily, business is good: The company earned about $700 million in revenues in 2013. With cash to indulge his passions, Kaspersky hikes active volcanoes (those on Russia's Kamchatka Peninsula are his favorite) and bought a $200,000 ticket to fly to earth's outer orbit, courtesy of Richard Branson's Virgin Galactic.
"I'm afraid that this Snowden case will force governments, nations, to develop their own Internet segments for governments and for enterprises," Kaspersky said yesterday in an interview in Brussels. "This is fragmentation of the Internet, and I'm afraid that it will damage the global network because the global Internet companies will have fewer resources, less investment."
"If nations don't trust each other in cyberspace, the next step is to separate it [into] two networks. One public network, and one enterprise and government. It's an obvious step, and I'm not the first man to talk about that," he said. "I'm afraid it's a very bad option … governments and enterprises will be happier, because they have a secure, unhackable network. Good news? No. First of all, there will be much less investment in the public segment. Governments and enterprises leaving the public space means that the budget's running away. Second, do you have enough engineers to build an Australian national network?"
When it comes to the world around us, Eugene believes that technology will continue to evolve to handle everyday tasks. "When we speak about the industry, little by little we will see the world becoming computerized and automated—there will be no train drivers, no traffic controllers, no shop assistants, nuclear plant operators…all processes, both routine and critical, will be run by computers."
Eugene Kaspersky, IT security expert and founder of Kaspersky Lab noted that cyberweapons have certain unique attributes that make them dangerous. "The difference between traditional weapons and cyber weapons is that it's not possible to [re]assemble a cruise missile after it has been used," he said. "Cyber weapons are different" because the victims "can learn from" weapons used against them.
And if recently discovered and government-sponsored intrusion software proliferates in the same way that viruses have in the past, "somewhere in 2020, maybe 2040, we'll get back to a romantic time – no power, no cars, no trains," said Eugene Kaspersky, chief executive officer of Moscow-based Kaspersky Lab, the largest privately held security vendor.
"Aquisitions ruin company morale. Engineers want to innovate but when you acquire companies it says to them they are not good enough to innovate themselves." … "In 1994, when we got our first contract with a US company, we were still tiny, but immediately our US competitors began using our Russian origin against us. I have no connection, no links with the Kremlin. I keep my distance, not only from them, but any other political party."
Eugene Kaspersky, the Russian cybersleuth: "Maybe there are some people here who are not happy with work I was doing with Stuxnet and Flame," Then the keynote speaker, clad in jeans and an untucked linen shirt, leaned forward and said in a stage whisper, "I'm really sorry." Waves of laughter and applause followed. "It's not personal," Kaspersky went on, drawing out the laughter, which had a quality of mutual congratulation. "It's my job … So next time, be more careful."
"We came to the potential of cyber terrorist attacks years before Die Hard 4.0," explains Eugene Kaspersky, the co-founder and CEO of security firm Kaspersky Lab. "But it was forbidden in my company to explain it to journalists, because I didn't want to open Pandora's Box. I didn't want to let people think that my business is the business of fear. And I didn't want the bad guys to learn from these ideas."
Speaking to ZDNet Australia and presenting at AusCERT 2012 this week, Eugene Kaspersky slammed the traditional model of regulation for technology and cybercrime, criticising it of being slow and unsuitable. "Traditional regulation — it's far, far, far behind reality," he said. He compared it to writing a book on emerging security issues (which he had been approached to do, but deemed it as being impossible). "Come on, it's not possible. When a book is printed or published in any other way, it's outdated. The history of IT security, yes, but not the present time, because it takes time. Same with regulation."
This could one day happen on a much bigger scale, warns Eugene Kaspersky. For example, entire nations could be plunged into darkness if cyber-criminals decided to target power plants. "It is possible that a computer worm doesn't find its exact victim – and since many power plants are designed in a similar way [and often use the same systems], all of them could be attacked, around the world," he says. "If it happens, we would be taken 200 years back, to the pre-electricity era." International collaboration and treaties about the use of cyber weapons, similar to nuclear and biological arms control treaties, could help prevent such attacks.