At HUMAN our focus is to protect organizations by disrupting digital fraud and abuse with modern defense. That is exactly what our Satori Threat Intelligence and Research team did with our latest investigation, VASTFLUX. We accomplished an unprecedented private takedown using the three pillars of modern defense: visibility, network effect, and disruptions and takedowns.
“Winning the economic game is how we win as an industry against cybercriminals.” said Tamer Hassan, CEO of HUMAN via a WIRED exclusive about VASTFLUX.
All of this would not be possible without our most important asset, our Humans. Our team worked to make sure that not only our customers were protected, but that the bad actors behind this operation did not continue to profit. Vikas Parthasarathy was one of those Humans. As a member of the Satori team, he initially discovered the sophisticated threat that led to the VASTFLUX investigation. Vikas is one of the most sincere people you could ever come across. He is passionate with his explanations, intelligent in his evaluations, and humble when it comes to taking credit. Here is our conversation about his Human side.
What do you do at HUMAN?
“I am the Senior Threat Intel Investigator at HUMAN. My title has changed a few times over the years, but my job has been consistent. That job is finding threats, identifying what the threats are, where they're coming from, who is responsible for these threats, how to detect them, and how to fight them for good.”
Why did you choose HUMAN for your career path?
“Interestingly enough, I was invited to work here by the former Head of TI. I had worked with them previously. They knew my work and thought I’d be great at HUMAN.”
Do you enjoy finding threats on the internet or is it something you're naturally good at?
“It is a combination of both. I love investigating and I think over a period of time it became natural just because I've been using the internet from earlier times that were truly crazy up until now. It's kind of my second home.”
I like that, I feel for so many of us the internet is our second home and we should protect it. We just publicly announced VASTFLUX our latest ad fraud operation takedown, which at the time was the biggest takedown by our Satori Threat Intelligence Team to date. What was your role in the VASTFLUX takedown?
“My partner, Marion Habiby, and I discovered a threat together. We had several working theories, which we put to the test. Our detection team is great at creating new signatures and blocking threats. We had to figure out where the threat was coming from, what it looked like in real life, where it was happening, who was sending it, and the cause of it. We had been working on several threats, and we both started finding frauds. That's how we discovered this particular fraud. I was working in my lab, and she was analyzing the signals. When she was looking at the signals, and I looked at this particular fraud, it was very strange. We had never seen a threat of this size before. We were curious about what was happening, why it was happening, its size, and most importantly, how to stop it to protect our customers. That's what led us to this entire research process.”
That is such a quality explanation. What is the main thing you'd want someone to take away from the VASTFLUX takedown?
“There are several important things that can be taken away from this. One of the main ones being that video ad frauds seem to be very high right now. People in video advertisements should be very careful as it is an industry that is still maturing, and fraudsters are taking advantage of this fact. Bad actors are finding unique ways to do these frauds. Advertisers need to be vigilant and hopefully work with us to prevent these operations. We have developed expertise in finding and combating these frauds, and have signatures and research in place. Therefore, if someone is in this field, they would benefit greatly from partnering with us.”
What was the most challenging part of VASTFLUX?
“Every step was challenging, but the first phase was the most challenging, as the threat was so unique. It was like water flowing out of a tank and there are only a limited number of ways that a leak can occur. We checked the usual suspects, but we couldn't find the leak, and we were still losing water.
We had this fraud, and we looked at all the usual ways it should be happening. We were suspicious of what was going wrong, but we were relieved when we eventually found out that the fraud was happening through the exchange. The exchange was being targeted by threat actors who were sending malicious creatives to carry out this type of fraud. We had seen malvertising frauds before, but they were very specific. We did not expect to see this level of fraud happening in this manner. Finding who was being targeted, how they were being targeted, and where the threat was coming from was very challenging. It was not a clean place to look, and we had limited visibility. We did extensive research and reverse-engineered the botnet to monitor them and see what configurations they were sending. From there, we had to analyze and find clues from the inside so that we could isolate the threat. That was our process because otherwise, there was no way to find the source of the threat. We could have blocked it from one exchange, but it would have just started flowing from another exchange. We wanted to put a stop to this, and that meant finding the source.”
After all that work in the process from beginning to end. What was the most rewarding part?
“One major reward was working with this excellent team of researchers. It was very fulfilling to work closely with some of the sharpest minds at HUMAN for VASTFLUX. The biggest reward, however, was taking down these threat actors. We fight against various forms of fraud every day, but it was particularly rewarding to disrupt fraudsters and stop this at the root. Being able to disable their entire operation and potentially deterring them from trying again.”
That's really disrupting the economics of cybercrime by using modern defense. What's something that makes HUMAN different from other cybersecurity companies when it comes to collectively protecting our customers, and takedowns such as VASTFLUX?
“What's unique is the skill set and cross-functional team that we have. When I say cross-functional work, I mean we have teams with different roles working together. Data scientists, signal researchers and the Satori Threat Research team have been working on this for a long time. They have gained a lot of experience and knowledge investigating this takedown. All of them have a knack when it comes to finding frauds, which makes us very unique. I don't think other ad and bot fraud prevention organizations have our abilities. Other organizations may do some investigation, but not to the level of dedication and thoroughness that we do in deep-diving to stop the problem, dedicated threat research, and the organization that we have.”
What is something that's outside of work that you are passionate about?
“ I cannot think of anything in particular that I am overly passionate about these days. I have not lost my passion by any means. I'm just passionate about everything in which I'm doing. That keeps me going! Everything in life is so uncertain. So, just living for life and enjoying everything it gives to me is my passion. I'm grateful for everything which I have. I'm just passionate about my life right now.”
That is a very profound outlook. What was the first job you ever had?
“My first ever job was working as a freelance web developer. Then I started teaching web development and information security to undergraduates. The first threat research job I had was working as a vulnerability researcher.”
What's some advice you would have for someone aspiring to start a career in cybersecurity or wanting to look for threats like you do?
“Cybersecurity has grown significantly compared to what it was when I first started. Now, it has many different roles and aspects. Currently, cybersecurity is a key aspect in everything people do, whether it be development, installation management, or anything else. It has expanded significantly, including what we are doing in threat research, which is more in-depth than cybersecurity in general. So, I would say to practice what you learn, apply it, be enthusiastic about what you do, and have fun while doing it.”
What do you see for HUMAN in the future?
“I see us as the market leader in stopping ad and bot frauds. We are excelling at this because of the people we have in the organization. That's what makes HUMAN, HUMAN- the people we have. They are excellent, and those are the kinds of people you want to work with. So, I see a lot more takedowns, and I see a lot more threats being brought to a halt because of the work we do. I see us leading the space for a long time.”
Together, we can disrupt the economics of cybercrime. Find out what it means to be Human.
