No one is surprised that cybersecurity companies recruit former hackers, experts in the dark side who, over time, have been recycled in the name of ethics. The opposite could be said of Dan Woods: he worked for two decades in the CIA and the FBI investigating cybercrime, but he says that his personal ethics come from the years when he was a patrolman in Phoenix (Arizona).

He is currently the global head of intelligence for the company 5F. Originally (1996), the business of this company was the optimization of applications and workloads, which has naturally extended to protection against malicious code (bots, in the industry jargon), for which it has been reinforced with acquisitions in the last years. Every day, about 2 billion transactions circulate through the F5 analytics infrastructure.

“My job,” Woods explains, “is partly to look at attack patterns and models, monetization schemes, and the tools that cybercriminals use.” Additionally, he assumes the role of an evangelist that leads him to travel the world on formation missions like the one that has brought him to Spain. “Unfortunately, cybersecurity is a never-ending battle; We can only get closer to the root of the problem, but I don’t think we will be able to eliminate those criminal practices that we fight and that are so entrenched”.

Given his professional background, it was logical to ask Woods about the effects of the war in Ukraine on cybersecurity. “It has certainly had a big impact, but not in the way or on the scale that we expected. I am convinced that Russia’s capabilities to launch sophisticated cyberattacks have been overestimated, just as Russia’s capabilities to quickly win this war have been overestimated. The first diagnoses warned that the United States would suffer devastating attacks against its infrastructures, but this has not been the case.

At the same time, he points out, this conflict has stimulated the development of more sophisticated attack tools than those that existed a few years ago and that, in certain cases, have been used against Russia. “This is one of the problems that the war is going to leave us: access to an arsenal of cybernetic weapons has spread, to the point that educational videos on how to mount an attack are circulating on YouTube. The essential failure of social networks has been exacerbated, their conversion into vehicles of disinformation; We have estimated that eight out of ten Twitter accounts may be fake and that the majority of those eight are used for fraudulent purposes.”

Has the number of attacks increased as a result of the war? Woods believes that is a misperception. “It happens that we have more visibility of the attacks that take place and, given the circumstances, we tend to interpret the greater notoriety as a sign of growth.”

The dominant cybercrime continues to be ransomware (hijacking of web pages whose data is not unlocked until a ransom has been paid). Woods departs from another topic. “There are those who draw up very elaborate roadmaps, but of little use. Hackers are not stubborn: they know that when an attack is going to cost them dearly or it will not be profitable for them, it is best to attack a more vulnerable victim.

Two of the limitations in the fight against cybercrime are, in his opinion, the scant cooperation between governments -even between agencies of the same government- and the tendency of many companies to dispense with defensive measures if they consider that they will reduce their productivity.