What a very interesting interview Aviva Zacks of Safety Detective had with Vladimir Katalov, ElcomSoft’s CEO. Read all about his company’s vision, but don’t ask about their products.
Safety Detective: What was your journey to cybersecurity and what do you love about it?
Vladimir Katalov: One day, soon after graduating from university (National Research Nuclear University MEPhI), I found I forgot a password. I wanted to recover it so badly I had to write a piece of software for it. Then I figured others could use it, too, and so I set up a small business together with my brother. A few years later, we started paying attention to the mobile forensic market. Long story short, we finally got the full range of products helping the good guys take care of the bad guys in the cybersecurity world. If you look back at all these events, they seem a little incredible, as I never planned to be there.
SD: What is ElcomSoft’s flagship product?
VK: We have no single flagship product. The marketing department won’t be happy with what I’m about to say, but I really don’t want to talk about “products.” See, in the forensic world, there is no such thing as a silver bullet. Our tools cannot stop the criminals and neither can any other tool made by anyone. If a manufacturer tells you that they can, it’s a lie. We do our best. I passionately work 10 to 16 hours a day, and since we aren’t a public company, I can tell you this: our main goal and the purpose of our existence is not to earn all the money in the world, but to make that world a better and safer place. We do have some unique solutions, and we do have the features that even competitors, a hundred times our size, don’t have. We are proud of these technical achievements, but I will not list them here. We do break the encryption. We also extract data from mobile phones, and we break into clouds.
SD: How does your company help law enforcement stay ahead of the criminals?
VK: I would be happy to answer that “we help law enforcement stay ahead,” but I try to never lie in public interviews. Unfortunately, the law enforcement can never get ahead, whatever it is the vendors say. We do help authorities, often free of charge, but modern criminals are not just very well-educated but also very well-budgeted. They have access to the equipment that we don’t have. Obviously, they do not comply with the law and do not follow the rules and restrictions. They are free from the formalities that LEA is obliged to follow. Criminals use secure communication channels. They can hire the best lawyers when they get caught. And in some countries, they can get away with corruption.
I’m not saying we are losing the battle. We have so many success stories that I am not even able to count them—from drug trafficking to national security, from corporate data leaks to crimes against children. The bad guys are always at least one step ahead, whatever they do. This message is for them: We will get you sooner or later—just because we are on the right side!
SD: What is the worst cybersecurity threat today?
VK: The greatest security threats are posed by smartphones, cloud services, IoT, and smart home devices. There are also other threats out there, but these are the most severe “trending” threats. Do you need to worry? Oh yes. Saying “I have nothing to hide” is the worst mistake, the consequences of which we’re seeing way too often. One’s personal information has a calculated monetary cost, and that cost is high unless one lives in a forest without an Internet connection, using a feature phone without the “smart” part, and does not communicate with anyone outside their bubble. Such people don’t really exist.
SD: How will cybersecurity change now that we are living through a pandemic?
VK: I’d say the pandemic hasn’t changed much. We miss in-person communications though. Before the pandemic, we traveled every other week, met cybersecurity professionals, attended top-notch events, and so on. The new risks? Of course, there are some, but there’s nothing that’s really new or significant. We keep working as we did in the last 20 years.