Ask the expert: Vitaly Kamluk tells how INTERPOL catches cyber criminals and other stories

Vitaly Kamluk answers our readers’ questions about his work with INTERPOL and other digital investigations.

Ask the expert: Vitaly Kamluk and Interpol cybercrime investigations

Vitaly Kamluk has more than 10 years of experience in IT security and now he holds the title Principal Security Researcher at Kaspersky Lab. He specializes in malware reverse engineering, computer forensics, and cybercrime investigations. Currently, Vitaly lives in Singapore. He works with INTERPOL as a member of the Digital Forensics Lab, doing malware analysis and investigation support.

We have invited our readers to ask Vitaly questions. There were so many questions, in fact, that we decided to break down this Q&A session into several parts. Today, Vitaly will answer questions related to digital investigations and cooperation with INTERPOL.

Do you like staying in Singapore?

The sun rises and sets here at the same time every day, all year round. When the moon appears at night it sits at a strange angle because of its location in the world. The summers are endless with no cold water running through pipes. Weather in Singapore reminds me of a dream, or of the movie Groundhog Day.

Is there any information that is exchanged about individuals and their devices and locations between INTERPOL and large tech companies like Apple, Google, Facebook, Twitter?

INTERPOL doesn’t need your data unless you are a criminal. When there’s a need the data is requested on a given criminal case basis in accordance with the local laws and is supported by a court order. In these situations, it’s always some local law enforcement agency that requests this data, not INTERPOL itself.

What is the biggest obstacle to fighting cybercrime nowadays?

Borders between countries and differences in legislation. Internet has no borders, but the physical world does. We can work quickly in cyberspace but all this speed is lost when it comes to cross-border requests and authorizations.

Are we living in a cyberwar?

I used to believe that cyberwar is an invisible war. If you think the same — then yes, we are living in a cyberwar. If you believe that a war always has evident consequences in the physical world: massive destruction, casualties, violence, then fortunately we are not at that point.

Will cybercrime be stopped someday? Until now, the theft of thousands of dollars is something that has been talked a lot about and apparently the war is lost…

People will take this hit, and even harder hits, and survive. Human nature enables us to adapt to much more significant changes. However, there will never be an end to crime in the physical world nor in cyberspace. But we have the power to change our environment and way of living to reduce the level of crime to a minimum.

Did you have experiences in cybercrime when you were younger? Does someone who wants to work in cybersecurity need to have this background?

Are you wondering if I committed any cybercrimes when I was younger? I believe I was lucky — I had role models, who explained to me that knowledge is a weapon, and this weapon gives you a power and power requires responsibility. The short answer is this: no, I haven’t.

Being a cybercriminal and attacking people may destroy your reputation forever and people will not trust you anymore again. Don’t do that.

Share with us your personal experience on how you started working in cybersecurity!

Hackers, silent magicians who were looking into the portals of the computer communications’ abyss and making impossible things a reality, impressed me.

I wanted to learn how to play this game and, if I was lucky, to be able to compete with even stronger opponents. The attraction to the game of hackers, their code of conduct, philosophy and ethical problems was extremely interesting to me, so I started to learn.

With the significant growth in technological resources available to us, as well as cyberattacks, how do you watch these trends and what do you study to keep on pace with the evolution of infection vectors over the Internet?

I read the latest news from security researchers and keep a finger on the pulse of all the new techniques of attack and defense. If you want to defend your resources you should also keep the surface of attack on you as small as possible. Follow the rule of “deny everything by default” (aka default-deny). As security researchers we have to be aware of everything, but you should be aware of resources you have to protect. Use it to your advantage, focus on the most important.

How are digital investigations done in cybercrimes? And what tools do you use? Could you provide us with some examples?

It may differ from case to case, but very often we use common techniques and tools for computer forensic examination: Encase, Sleuthkit, various data carvers, data format recognizers, and even standard binutils.

We develop a lot of scripts and tools ourselves, sometimes just for a single case: unpackers, deobfuscators, custom debuggers, dumpers, decryptors, etc. Reverse engineering binaries takes quite a lot of time as well. We also may do mapping infrastructure, scanning networks, ports. Developing sinkholing software and log parsers is yet another important part of quality research.

How many hackers have you already caught?

Security experts do not catch hackers – this job is for law enforcement agencies.

Have you ever blamed an innocent man?

I do it very often. The man is usually myself.

What’s the biggest obstacle in finding new virus signatures?

The biggest obstacle is the unavailability of some samples. It’s a challenge to collect the most rare samples of malware that may be used just once, but created a threat comparable to a malware that infected millions.

The rise of Cryptolocker is increasing because criminals need to capitalize on their crimes. Is there any agency dedicated to tracking malware’s communications to its origins and to capture cybercriminals? If so, which International organization is responsible for this global problem? Or does each state have a department of cybercrimes offering security to its citizens?

There is no single organization to address this. The Internet is not owned by a single entity — it’s a network of equal participants. The solution is the union of all participants of the global network against cybercrime. We have to create unified Internet laws and some kind of Internet police with transnational powers.

Superheroes need supervillains. If you could put an end to those guys, would you? If so, you’ll no longer be remembered as a hero. Would you be ready to be forgotten?

Life is rich in opportunities for becoming a hero, but that’s not my intention. I am just doing my job and I am trying hard to do it the best way I can. Honestly, I’d love to lose my job because cybercrime is no longer an issue and I would spend my time on art. However, it’s not likely to happen anytime soon. But if I do ever quit my job, I will continue to use my knowledge for good, not evil.

I’d like to add that the most important heroes are the people that no one knows about. They are changing the world and making it a better place but no one can even thank them. Those people are real heroes and I am sure some of them might be reading this article right now. Thank you, invisible friends!

What would you recommend to students who would like to follow this path in security? What kind of degree should one get to become an expert like you and help fight global cybercrime?

Here is what I can recommend:

  1. Learn how cybercrime works but never do it. You don’t need to commit a crime to become a security expert.
  2. Study: Observe what motivates you and exploit it. Be a researcher for your own body and mind.
  3. Balance mental and physical exercise. A healthy body is the best way to increase your performance and stay mentally sharp.
  4. Do not follow other people’s success stories — always find your own way. Being different is your advantage in finding a workaround or a unique solution. This is what makes you valuable in the end.