{"id":15191,"date":"2015-07-14T07:42:01","date_gmt":"2015-07-14T07:42:01","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=4204"},"modified":"2019-11-15T07:03:23","modified_gmt":"2019-11-15T12:03:23","slug":"live-from-the-black-box-what-is-like-to-work-in-interpol-digital-crime-centre","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/live-from-the-black-box-what-is-like-to-work-in-interpol-digital-crime-centre\/15191\/","title":{"rendered":"Live From the Black Box: What is Like to Work in INTERPOL Digital Crime Centre"},"content":{"rendered":"

Vitaly Kamluk was born 31 years ago in Belarus. About a third of his life, more than 10 years, he has been employed as a security researcher at Kaspersky Lab. And for the last 7 months, he\u2019s been working in Singapore, home to the recently opened INTERPOL Global Complex for Innovation. In this huge futuristic building on Napier Road, Kamluk is helping policemen from all over the world investigate and prevent cybercrime on a daily basis. <\/em><\/p>\n

Although his current geographical location is far from Kaspersky Lab\u2019s Moscow HQ, Vitaly is still an employee and simultaneously working in INTERPOL.<\/p>\n

This is a special status for employees like him \u2013 experts from the private sector or academia\/research organizations, who agreed to work inside INTERPOL team.<\/p>\n

\u201cTwo other groups of employees include local staff working on a contract basis and worked together with police officers from all over the world. Such separation of employees\u2019 types is crucial to the main idea behind IGCI: bring different parties together and let them interact every day, cracking hard cases together with the fastest face-to-face communication\u201d, \u2013 Kamluk explains to Kaspersky Business.<\/p>\n

Live From the Black Box: What is Like to Work in #INTERPOL Digital Crime Centre<\/p>Tweet<\/a><\/blockquote>\n

For this, security experts from IT should work hand-in-hand with law enforcement representatives, so both parties can exchange information and expertise without passing through many formal obstacles.<\/p>\n

One day in the Black Box<\/strong><\/p>\n

Singapore is not a driver\u2019s city. One would have to have serious reasons for buying or renting a car, because these two options are extremely expensive in tiny Singapore. This is how state authorities fight traffic problems in the city. \u00a0In exchange, Singapore citizens have a system of comfortable and fast public transportation.<\/p>\n

Although fighting cybercrime is a very important, and some times urgent task, Vitaly prefers to be on his feet.<\/p>\n

\u201cI don\u2019t really need a car here. I spend 30 minutes to getting to the office by a comfortable air-conditioned bus. What I love in those buses is that anyone can credit the driver by sending his name in an SMS to a special number. This motivates the drivers to be polite and nice to their passengers. It really works here!\u201d Vitaly says.<\/p>\n

Every day at 9.30am, he passes the security check at the doors of IGCI, including metal detectors \u2013 a necessary procedure for all the employees arriving from the private sector \u2013 and proceeds to his workstation. Unlike most other jobs, Vitaly\u2019s work in INTERPOL requires not one, but three separate stations.<\/p>\n

\u201cOne desk is like any other office desk with a PC connected to the Internet, email, etc. This is mostly for official correspondence and access to intranet, and the usual every day tasks. Another \u2013 in the Digital Forensic Lab \u2013 is for the malware analysis and digital forensics related to ongoing investigations. There is also a third place where I work sometimes \u2013 The Darknet Research Lab. This is a purely R&D area where we \u2013 in cooperation with INTERPOL researchers and researchers from other companies \u2013 are working on different\u2026 let \u2018s say, experimental projects that should help in preventing and investigating cybercrime in the future. This may be related to Darkweb, crypto-currencies, P2P-networks, etc. So, in other words, it is not like I\u2019m dying of boredom here,\u201d he says.<\/p>\n

A workday for a typical office employee starts with email checking, while Vitaly starts his day with education. On a daily basis he holds trainings for other INTERPOL employees involved in cybercrime investigation either in IGCI or back home in the local police departments they came from.<\/p>\n

Vitaly explains,\u201dThese are purely technical trainings on malware analysis, networks analysis, OS architecture, etc. What is disassembler? How debugger works? How to analyze network data? How protocols, encryption works \u2013 on these trainings I try to cover this kind of topic. These are voluntary trainings, but I have several attendees every day, which means that police have clear need of such knowledge.\u201d<\/p>\n

After the trainings, reverse engineering time starts. Being an attached employee means \u2013 among other things \u2013 that he should do his usual job: malware analysis and cybercrime investigation, which he does in Singapore for both Kaspersky Lab\u2019s and INTERPOL\u2019s needs.<\/p>\n

\u201cIGCI is only starting its operation and a lot of things are still need to be set up in order to make it work on a full scale. Perhaps that\u2019s why I currently don\u2019t have many tasks coming from the INTERPOL side. Mostly, I do analysis for Kaspersky Lab however, the results are often used by INTERPOL. Like it was with SIMDA botnet takedown recently,\u201d he says.<\/p>\n

While the beginning of Vitaly\u2019s workday is all about conversations with other people, malware analysis time is when he becomes \u201ca grim sociophob\u201d. Just like those movie-hackers sitting in front of PCs in dark rooms in total isolation. There is actually a simple reason for such behavior.<\/p>\n

\u201cWhen I look at the code I try to not check email, and if it is possible, I try to create conditions in which one would have to get through obstacles in order to distract me. That\u2019s because the reverse engineering process is like building a giant house of cards. This house exists only in your mind. When you are distracted, the entire castle falls down, and you have to start from the beginning. That is why some of our kind are so angry when they\u2019re suddenly distracted by someone,\u201d Vitaly explains.<\/p>\n

Once the malware analysis is over the office work starts. It\u2019s about 4pm and the Moscow office wakes up to load up Vitaly with company operations tasks.<\/p>\n

\u201cAfter 4pm is also conversation time. Europe starts to wake up, then the U.S. A lot of conference calls are happening during this period of the day. In fact, my work here is a lot about negotiations and coordination. When we were preparing for the SIMDA botnet take down, we held many conference calls with stakeholders from all over the world,\u201d Vitaly recalls.<\/p>\n

In parallel, Vitaly is working as a system administrator. Being the only attached employee means that you do the entire job in the frame of partnership between Kaspersky Lab and INTERPOL. Among other things, Kaspersky Lab agreed to set up several workstations dedicated to malware analysis and facilitate remote setup of servers and network equipment that would help Kaspersky Lab to share threat intelligence with IGCI as fast as possible.<\/p>\n

\u201cIt is really important to set up everything properly and efficiently,\u201d Vitaly says, \u201cAlthough, it\u2019s not my main responsibility, I\u2019m not complaining. I do my best to help whenever I have a spare moment from other critical activities and I am really curious how things here in IGCI will change once we launch it on a full scale.\u201d<\/p>\n

However, the main new experience he got working in IGCI is the experience of \u201cthe one from the other side\u201d.<\/p>\n

\u201cPreviously, during multiple investigations conducted by GReAT team, I personally had an experience of working with law enforcement agencies. We collect some information and pass it to law enforcement,\u201d he explains. \u201cAfter that \u2013 there is silence. For weeks or months, or forever. It is like working with a black box: you put information in it and all you can do \u2013 is wait for some output. You have no idea on what is happening with this information in there. You can\u2019t help if some gears stopped spinning. Now, I am inside of the black box. I can understand why things get stuck and even help the gears start moving again. This is a unique experience and a great opportunity.\u201d<\/p>\n

Living In the City of Future<\/strong><\/p>\n

Singapore is often called a city\/country of the future. And that\u2019s not an exaggeration. Built out of nothing, in just a few decades, it is now one of the richest, comfortable, and high-tech places in the world. Futuristic venues of cities built out of concrete, steel, glass, plastic and miles of wires and LED light stripes which we\u2019ve seen multiple times in sci-fi and cyberpunk movies, comic books, and video games, are actually a reality in Singapore when the sun hits the horizon in the evening.<\/p>\n

However, Singapore does not fit in the cyberpunk ideology completely. High-tech\/low-life concept \u2013 a traditional indicator of a standard \u201ccyberpunkish\u201d piece of pop-culture does not work in Singapore because here high-tech is one of the main reasons for its high quality of life. This is due to a combination of wise political and economic decisions, plus active usage of the most recent technological achievements.<\/p>\n

Vitaly arrived in this futuristic venue having an experience of living in another futuristic Asian country. Several years ago, for a whole year, he worked as a security expert in Kaspersky Lab\u2019s Japan office. And he sees differences.<\/p>\n

\u201cAlthough I love Japan, I was feeling like some kind of Lost in Translation <\/em>guy. Alone in a foreign country with a very complicated foreign language and a very distant culture. I don\u2019t feel the same in Singapore. Even though technically it is an Asian country, it is way more western than many others. Their official language is English and there are a lot of foreigners who live and work here,\u201d he explains.<\/p>\n

Like most of other citizens of Singapore he and his wife, an artist, rent an apartment in a condominium not far from the city\u2019s center. They spend their weekends walking around beautiful city venues, attending multiple touring performances or sometimes just playing volleyball at the beach, which is just 15 minutes away.<\/p>\n

\u201cIt is really comfortable place for work and living: warm climate, a lot of interesting people and activities. It is very safe place. When I first was offered to go here, I wasn\u2019t excited at all. I thought, here we go again: alone in an unfamiliar place somewhere in Asia. But now I see that there were no grounds for those concerns. Well, almost\u2026\u201d Vitaly relates.<\/p>\n

One day in early April, Vitaly was speaking with a representative of the Garden by the Bay \u2013 one of the most famous tourist destinations in Singapore. The representative was trying to convince Vitaly that \u201cit\u2019s absolutely impossible, we have never seen them here. It\u2019s not the place where you can find them.\u201d<\/p>\n

You see, moments before Vitaly was strolling with his wife on one of park\u2019s walking roads, when he stepped on what he thought was a wooden stick\u2026 but then it moved and slithered into the bushes. It was a Boiga snake. Vitaly checked his legs, and attending to his inner senses, detected his heart rate had increased due to a sudden rush of adrenaline.<\/p>\n

\u201cI am a cybersecurity expert and not an Asian snake expert, so that moment wasn\u2019t very funny for us. There was no chance to take a photo of the snake and we felt a bit hopeless. However, the most interesting part started after I checked and confirmed no signs of puncture. I can tell you, your mind is playing games with you all the time and that was a moment when it was so sharply visible. While common sense told me there was nothing to worry about, my mind artificially created light symptoms that were appropriate for a venomous snake bite. I had a strange feeling in my leg and the moment I thought about other symptoms such as vertigo, I started feeling dizzy and wanted to find a bench to sit down,\u201d Vitaly remembers.<\/p>\n

\u201cAfter all, I have learnt my lesson: feelings of safety make you relaxed, but if you want to survive in this world, you must always stay focused.\u201d<\/p>\n

\u201cFeelings of safety make you relaxed, but if you want to survive you must always stay focused\u201d #truth<\/p>Tweet<\/a><\/blockquote>\n

\u201cYou tell them: Hey guys, you have snakes in your backyard. And they tell you: No, no, that\u2019s impossible. They stick to their belief until the moment when a stick under their own leg turns into a venomous monster. For a security researcher it isn\u2019t hard to draw the parallels with the IT industry here,\u201d Vitaly concludes.<\/p>\n[youtube\u00a0https:\/\/www.youtube.com\/watch?v=wN-S6w4jQME&feature=youtu.be]\n","protected":false},"excerpt":{"rendered":"

You tell them: Hey guys, you have snakes in your backyard. And they tell you: No, no, that\u2019s impossible. They stick to their belief until the moment when a stick under their own leg turns into a venomous monster.<\/p>\n","protected":false},"author":614,"featured_media":15502,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[347,2157],"class_list":{"0":"post-15191","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-interpol","10":"tag-malware-analysts"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/live-from-the-black-box-what-is-like-to-work-in-interpol-digital-crime-centre\/15191\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/live-from-the-black-box-what-is-like-to-work-in-interpol-digital-crime-centre\/15191\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/live-from-the-black-box-what-is-like-to-work-in-interpol-digital-crime-centre\/15191\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/interpol\/","name":"Interpol"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/614"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=15191"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15191\/revisions"}],"predecessor-version":[{"id":30451,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15191\/revisions\/30451"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15502"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=15191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=15191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=15191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}