REPORT
''A cold war has been taking place on the internet in recent years''
Chema Alonso, wearing a beanie as usual, shared his opinions of the digital world of today and tomorrow with all the alumni present on Thursday 21st October at ESADE Madrid. The cybersecurity guru began by explaining the meaning of the word 'hacker'. ''A hacker is someone who loves technology and tries to push the boundaries of what it was made for. A hacker is someone who wants to discover new uses and apply technology to improve people’s lives. Most hackers have a great education, they usually have a PhD,'' he explained.
At the other end of the spectrum to hackers are the cybercriminals who, says Alonso, do not care whether the technology they use is innovative, they simply want to make money. The third sort of hacker, ‘hacktivists’, use their hacking skills for ideological aims, i.e. they use legally ambiguous or illegal digital tools for political purposes.
Alonso explained that the main methods used by cybercriminals are blackmail and identity theft. APTs (Advanced Persistent Threats) are individuals who study companies and interact with their clients in order to undermine the security of their IT systems. ''They worm their way into an organization and when they discover its Achilles’ heel, they steal an identity which they then use to access one computer from which they then start gathering data. Very advanced cybercriminals are very dangerous and companies sometimes take as long as 6 months to realize that they are inside their system''.
The Wannacry ransomware attack, a global cyberattack that affected companies and organizations in more than 70 countries in May 2017, also targeted Telefónica. Chema Alonso described how that cyberattack left Telefónica employees without email for 24 hours. ''Wannacry was a cyberworm that demanded ransoms for file recovery. It was released in Korea at 7am Spanish time and at 9am we detected it at Telefónica. Our detection mechanisms were triggered and by 10 o’clock we had neutralised it and were working on our response. This happened on Friday and by Monday all Telefónica employees were working normally. It was business as usual for customers because it did not affect their internet connection or calls,'' he said.
These cybercriminals are driven by profit and money, but the fact is that a cold war has been under way on the Internet for a long time. ''All countries have been stealing information from each other for many years. According to statistics published last year, Spain ranked second in terms of cyber attacks detected. This does not mean that Spain is the second country attacked most, but the second country that detects most attacks. The government has made great efforts in cyber defence, which is why these attacks are detected. Alonso told the audience how the turning point occurred in 2007 when the IT system of a nuclear power plant in Iran was targeted. ''Many companies are attacked not for monetary gain but for intelligence motives, to gather intelligence for the governments themselves. That is why countries use special centres for critical infrastructures such as telephony and electric utilities''.
Can we protect ourselves from our own apathy and carelessness about protecting our own data and devices? In response to this question, Chema Alonso admitted that two factors are involved, ''People don’t worry much about their computer security and on top of this, those of us who work in security haven’t made it easy for them. In a perfect world, it would be easier and users would be more tech savvy.''
Alonso said that the worst possible mistake is to think there is a magic recipe to protect oneself. ''The secret is to want to learn a little bit about security because there are lots of small things we can do such as, for example, automatic updates, have a real-time antivirus, browse as a user who is not the administrator, make daily backups'', etc.
Alonso also had something to say about privacy on the internet. In today’s world, if you use a credit card, or have mobile apps, or connect to wi-fi networks, or have a smartphone, they know where you are at all times. By knowing where you are, they know where you live and where you work, what political party you support, what your likes and hobbies are, etc. They know all this about your life. For example, when you download a game or an app, you pay with all that information and that information is sold to data brokers, big companies that then sell people’s profiles to other companies. ''For example, an advertiser on Twitter might come along and say they want to place an ad for pregnant women aged 20 to 25 who have Kellogg’s cereal for breakfast. They also buy data about the physical world, for example, when you pay with a card in a shopping centre, they know what you have bought, and by crossing all these data they build up very detailed profiles. This is the world we live in,'' said Alonso, pointing out that a new paradigm shift is on the horizon as regards privacy. ''We live in a global village. Data protection regulations will probably change – and the economic model too. In all likelihood, companies will have to pay according to the amount of data they have''.
In Q&A time, Chema Alonso fielded several questions such as the obstacles the police face in order to recover information from the mobile of a missing person. ''In the case of Diana Quer specifically, her mobile phone was recovered and because there was a court order, it was possible to clone her SIM card and access her social media, WhatsApp, etc. Here at Telefónica we offer a public service and we obey the law, and we did what the judge told us to do. But companies like Apple make things very difficult because of their encryption software and they do not allow strangers to access their phones. Their stance is that their customers’ privacy comes before everything else. In the end, citizens will have to decide whether companies that refuse to hand over data must be forced to obey the law, or whether privacy must prevail'', he concluded.
Chema Alonso
Chema Alonso is currently the Chief Data Officer at Telefónica and as such he is in charge of Telefónica’s fourth platform, advertising and big data strategy. His work on defining the fourth platform also entails being the head of the personal data bank team, and he is also the main internal sponsor of the Data Transparency Lab. He is also in charge of global cyber security and data security, creating the new global security unit with information security global business in B2B and B2C and Eleven Paths.
He was the founder and previous CEO of Eleven Paths, a subsidiary of Telefónica Digital focused on innovation in security products, and managing director of global security business in the B2B unit of Telefónica Business Solutions. Prior to joining Telefónica in 2013, he worked and was a manager in Informática 64 for 14 years, a company focused on computer security and training. PhD in computer security (Universidad Rey Juan Carlos, Madrid), computer engineer (URJC) and computer systems engineer (Universidad Politécnica de Madrid, which named him honorary ambassador of the university’s school of computing in 2012). Since 2009 he has also been in charge of the master in computing security at Universidad Europea de Madrid.
He has written several books and articles about cyber security. Board member on behalf of Telefónica in Alise Devices, a company receiving support from Telefónica in the form of its start-up acceleration program Wayra and developer of anti-forgery technology, consisting mainly of engineers from the Universidad Politécnica de Madrid.
For further information:
ignacio.ramon@esade.edu
Language: Spanish
