Fast Talk: Threat Reduction

Symantec’s Zulfikar Ramzan on figuring out online crime before the criminals do.

Zulfikar Ramzan

Senior Principal Researcher, Symantec Advanced Threat Research Group
Cupertino, California

Ramzan, 31, a cryptographer with a PhD from MIT in electrical engineering and computer science, has been in on nearly all the key developments in Web security in the past decade. But as he says, understanding the technology behind cybercrimes isn’t all it takes to stay ahead of the bad guys.


“The goal is to figure out the crime before the criminals. But that’s not really a matter of technology. Web security from a cryptographic perspective is largely solved, so what’s crucial now is deciphering the human component. A simple shift can transform a basic attack into a devastating one.

For instance, as more people set up internal and wireless networks in their homes, we found that pharming–in which a victim visits an attacker’s malicious site after typing the name of a legitimate site in a browser–could evolve to take control of the victim’s Internet connection. We haven’t seen this technique used in the wild, but it’s a simple extension of known techniques: A single line of JavaScript embedded in a Web page you view would reroute all your network’s Web traffic through the attacker’s domain name system server. So the criminals wouldn’t need to pose as to get your account information; you’d give it to them when you access through their server. We call it drive-by pharming.

That’s the sort of thing we have to predict. Where are people going online? What are they doing? What vulnerabilities do effective attacks exploit? I stare at the overall Web-security picture for a long time and from a lot of angles, and eventually, it comes to me as a eureka moment. Often, the solutions are as simple as the evolution of the crime; in the case of drive-by pharming, protecting your network is as easy as changing your router’s password.”