On today’s edition of Hack Off, why are security researchers finding it more and more difficult to disclose hacks and vulnerabilities to governments and private organisations? Raj Samani, Chief Scientist, McAfee and Advisor, Internet Security, European Cybercrime Center explains.
Is there anything called responsible vulnerability disclosure ?
We have raised security vulnerabilities with many organizations while some accept them and some don’t. It is more of a security cultural issue. Some of the organizations think, Oh My God, why wash the dirty laundry in public! More than bug bounties, there needs to be an attitude change on both the sides so that some researcher randomly does not disclose security issues on Twitter without even telling the affected party in question. We, at McAfee, are happy to work with any customer to correct an issue.
How do governments and private companies work on data privacy of consumers in such a established platform?
People need to be more aware while downloading an app or while using a web service. There are trackers everywhere and most of the times, these apps ask the users for their consent before they install the app. It’s just not an IT issue but an overall attitude towards internet ecosystem. People do not read the terms and conditions before they use any app service. There is a dialog needed amongst the citizens to understand their digital role online. We have to do our own due diligence.
Look at the Cambridge Analytica issue, people had signed up for the app made by Kogan and willingly gave their details. The larger issue is with transparency of these organizations in letting their users know how their data is being used. There was a study recently done by F-Secure where people had signed up for free Wi-Fi in return of some details. So, there should be case of informed consent in the world of privacy.
Your platform No More Ransomware has cookies enabled. Why does it need cookies, if it’s trying to help companies in general who have been attacked?
I thought we had removed it long back. Well, If it is then we will get that corrected. We do not store any information. We don’t ask you whether you are a customer or not. We don’t make money out of it. That will be corrected.
Have the ransomware’s gone down?
Good news is we have got the bad guy’s attention. We have managed to provide free decryption keys for 1000 people and saved millions of euros. It’s a constant game of cat and mouse. Ransomware is being used as a tool for destruction. A tool to extract and destroy environments. Cryoptojacking has also come up in a big way because its financially viable. Many sites in India have also fallen for it in the past 6 months.
So have you invested in crypto coins?
Yeah, I have invested in a few million coins. But unlike Warren Buffet, I will not tell you where I invested because if a particular coin value goes down, people will blame me on Twitter.
Is it cheaper to launch cyber attack in 2018?
There has been a steady rise in cyber attacks from 2013 and today anyone can become a hacker because of the presence of as a service hack models across the internet. The Dark Web is accessible for everyone now.
How do you cyber protect yourself?
The hardest thing for me is looking after what my children are downloading and using the internet for. My kids use apps which I have never heard off. So I have developed a system which tells them to request access from me before they download an app. The internet is a great place but also you need caution which we don’t see often.