In our interview with Almantas (or Alan) Kakareka, Founder and CTO of Demyo, Inc, he speaks on malware threat and Russians.
Almantas is a InfoSec consultant to businesses around the globe and a founder and CTO of Demyo, Inc. He has over 10 years of IT security-related experience. His expertise are vulnerability assessments, threat intelligence and penetration testing. Almantas has a Master of Science degree in Computer Science from Florida International University and certifications such as CISSP, GSNA, GSEC, CEH.
Yuri: Alan, please briefly describe your current occupation.
Alan: My current occupation is the same as it was for the last 10 years or so. I work in the InfoSec field. Currently in VA, Pen Test and threat intelligence areas. In the past I have worked probably in every InfoSec field possible, i.e. memory analysis, HDD forensics, network forensics, source code auditing, threat modeling, and reverse engineering, just to name a few. Check it out www.demyo.com.
All good things come to those who wait
Yuri: How did you become involved in computer security field?
Alan: My grandma was working in IT department at some university back then. One-day preschool was closed or something, so she took me to her job. I was 6 years old back then and it was 1985. I saw a computer with black background and green letters and I fell in love… Since then all my attention become electronics and IT-focused. Back then computers were insanely expensive, and I was visiting friends, who had them and computer clubs to get my hands on them.
After many years of frustration the day has come and my parents bought me a computer for my 13th birthday. The luckiest day in my life! I got some kind of ZX Spectrum clone, with Z80 processor, which was 3.5Mhz. I had to use cassette player to load data from the cassette tape and to my biggest fear at the end I used to get “R Type Loading Error”. A few of years later I bought my first PC, it was 386SX with 4 megabytes of RAM IIRC, monochromic VGA monitor, and started sitting on this computer day and night, day and night.
My parents become worried for my health and my grades at school so my father started to take my mouse with him when he goes to sleep. Well it solved only one problem – my bad knowledge of shortcuts, thanks daddy! After couple of days I got caught again in front of computer at night, and this time mouse and keyboard were gone. Bad days has come, but there was a solution to buy another set of mouse and keyboard from my friend. Voilà! Another couple nights of happiness.
Are you still here? Patience please, answer is coming to this question (smiling). All good things come to those who wait. So my parents called up some friend who put a BIOS password on the system, and my good days were over. This was my first InfoSec project. I had to figure out how to take it away. You have to remove BIOS battery and it usually defaults all BIOS settings. Now it seems very easy, but back then it took me quite some time to figure it out, to figure out how to take BIOS password away.
All I knew was “hello”, “goodbye” and “give me some more beer”
Yuri: Do you have any related education?
Alan: My bachelors is in electrical engineering, so if you need your bulbs to be changed at the office please call me (smiling). I got EE degree from Kaunas University Of Technology, which is located in Lithuania. After moving from Lithuania to USA back in 2003 I was looking for a job for a long time without any success to my greatest disappointment. I started working crappy jobs all over and investing all other free time into IT, just like years before.
One night I read a post at some forum, the guy was eventually in the same situation and he put it like this “I didn’t get the job I wanted until I got a degree from US University”. That was it, I drove to Florida International University next morning to ask about programs they had. I had to pass English test, do my bachelors evaluation and GMAT test. Needless to say, being born and rised outside of USA, English was not native language for me. All I knew was “hello, goodbye, and give me some more beer”. Ok, that’s a joke. So I got my masters of science in management information systems.
Yuri: Please describe your working day.
Alan: A short version would be: “wake up, solve problems, go to sleep”.
Yuri: When you get to, what do you do first?
Alan: Start reading my email, and that’s how my job starts.
I go to sleep when I’m done, not then I’m tired
Yuri: What do you do most of the time? Are there days when you work 14 hours or longer?
Alan: Oh yeah, a lot of these days. If I have a project that just has to be done, I’m eager to get it done. I go to sleep when I’m done, not then I’m tired.
Yuri: What do you like about your job most? Less?
Alan: In general I like InfoSec because it is something new every day. Typically I get bored pretty fast, but InfoSec keeps my interest up all the time. There are new exploits every day, new ways to attack and defend every day, new twists in forensics every day. What I don’t like much is report writing, but oh well, many times report is the only deliverable to the client, so it has to be pristine. And I’m getting better at it; I used to write report in the end, now I start early and filling in the all the blanks as I go from the very beginning.
Yuri: How did you start your company?
Alan: I wanted to have my own team for a long time. Good time come up about 2 years ago and here we are.
Yuri: What are the most often projects your company works on?
Alan: Pen Testing, Vulnerability Assessments and Threat Intelligence.
Our customers come first and I really mean it
Yuri: What is special about your company?
Alan: Our customers come first and I really mean it.
Yuri: What is the most interesting thing a customer has ever said about your company or your solutions?
Alan: ”I didn’t know Russians are able to do good work.” USA people confuse me to be Russian all the time, probably because of the accent.
Yuri: What is about your company, you are proud of?
Alan: Aside from our customers being priority number one, I’m proud about our work environment for our employees. We don’t have directions what OS, what programming languages, what tools have to be used and so on. Invent your own OS or programming language for God’s sake. There is only one goal − to get the job done beyond expectations and on time.
Yuri: I remember your talk at HackersHalted in Miami, where you gave an excellent overview of various Russian h4x0r resources. Do you use them in your investigations? Was you successful in penetrating to closed areas of such resources? Did it really help?
Alan: Every Russian hacker forum has closed sections, usually there are 4 sections in total, 0 level would be a public section where everybody can read and write messages, it is indexed by search engines and so on. Some forums require you to register an account with them to be able to see 0 level, but it is free and quick, so it’s no brainer. To get into 1st access level you need to be in the forum a little bit, and write some useful posts; 50-200 posts depending on the forum and you will be granted to the 1st level automatically. To get into the 2nd level you need to share some “good info”, some databases what not, to become a known and trusted persona with good feedback. To get to the 3rd and most interesting level you basically have to commit crime, and then others will vote on you.
I was on and off Russian hacking forums for long time
Yuri: Why have you chosen to become an expert in Russian cybercrime?
Alan: I was on and off Russian hacking forums for long time, I like to go there and see what is new in this arena. At one of my past jobs I had a breach our team had hard time solving. I went to Russian underground and was lucky enough to find some hacker posting just about our incident. That gave a great deal of insider information what happen. That case struck my head and since then I try to find information for my clients and cases in the underground. For company it is so much cheaper to know what’s happening in the underground that relates to the company and take action against it. The issue is many company don’t want to spend much money on proactive security, even if its 10 times cheaper to do so beforehand, they just spend millions afterwards, when all bad publicity is on the news and data is lost.
I wish I could speak Chinese
Yuri: Why Russian? Just because of language?
Alan: Language is one of the factors, I speak Russian and that helps, I wish I could speak Chinese as well (smiling).
Yuri: Are there really that much Russians in cybercrime?
Alan: May of them, as an example take a look at one of many Russian hacking and cracking forums – antichat.ru. It has 2 million messages and 115 000 users. There are many more open and hidden forums with their own hidden sections.
Yuri: What is Russian specifics in cybercrime?
Alan: Russians are typically after money, where Chinese are mostly after information, blueprints or trade secrets. It does not mean they can’t switch, but that’s the common approaches by them.
Yuri: Do you often have a work connected to Russian cybercrime?
Alan: All the time.
Yuri: What is the most famous Russian-made malware?
Alan: Probably ZeuS, it’s all over Internet with its many plugins and many ways to exploit browsers. Some time ago ZeuS source code leaked, and a lot of new malware was created based on it. Many clones and modified versions of ZeuS are in the wild now.
Yuri: Some time ago I have interviewed Pasquale Stirparo, who says the future of malware is mobile malware. What do you think on this statement?
Alan: I couldn’t agree more. Mobile devices are much less defended, a typical desktop or laptop has all the resources to exercise defense in depth, i.e. have antivirus engine on it 24/7, has resources to send syslogs to SIEM almost in real time, has resourses to have full disk encryption, tons of space locally and CPU to do a million things at any moment.
It is easier to attack mobile devices
Mobile devices on the other hand are limited on resources, they can have AV running on them 24/7 but it will slow down devices considerably, will suck out its battery, and this practice is not used 9 times out of 10. That’s why it is easier to attack mobile devices, they are less protected. One more thing it is annoying to type in complex, long passwords on mobile devices, so they typically contain much easier passwords.
Yuri: Are Russians already doing something like this? Chinese? Americans?
Alan: I have no doubt everybody does that who has skills to do it
Yuri: Ilya Sachkov from Group IB thinks that the problem in Russia is insufficient laws, which do not even have a notion of digital evidence. Do you agree?
Alan: It is insufficient laws, one more thing we have to remember it’s not enough just to write a law, that law should make sense, be in the best interest to the public and be enforced.
Yuri: What computer forensics or security resources do you regularly read? What would you recommend to others?
Alan: Other than I constantly read Russian hacking forums I like to read papers on http://www.exploit-db.com/papers, also follow full-disclosure mailing list.
Yuri: What do you see as major trends in cybercrime? Globally and in particular, in Russia?
Alan: As one of your questions mentioned mobile malware it is probably the case, Internet is getting mobile more and more, more smartphones, more various networks are being widely deployed (4G LTE, WiMax, and others), even cars are in the works to be constantly connected to the Internet.
Yuri: You are an author of Computer Security Handbook. What was your motivation to write it?
Alan: I just want to share my knowledge and ideas with others.
Yuri: Everyone knows it is very hard to complete a book. Whom do you recommend it to read, which readers?
Alan: I recommend it to everybody who wants to upgrade their skill and prosper in InfoSec. I didn’t write the whole book, I’m a co-author with many other great folks (smiling). This book has many interesting topics, and covers a wide array of technologies and techniques. The second edition is coming out in early 2013, which will have even more topics.
Yuri: How old are you?
Alan: I’m x years old, where x = 4!+9
Yuri: Do you do any sports? Which one? What is your preference in watching professional sports?
Alan: I like basketball the most, however if it’s a super final of any sport I try to watch it.
I dream retina display will have anti-glare screen
Yuri: Do you have a dream?
Alan: I dream macbook pro with retina display will have anti-glare screen option sometime in the future.
Yuri: What music do you like?
Alan: I like psycho trance. Sesto Sento is one of my favorite groups.
Yuri: Thanks for your really amusing interview, Alan!