Given Russia’s cyber skills, it’s not surprising that a Russian entrepreneur, Eugene Kaspersky, runs one of the world’s leading companies offering protection from malware and online crime.
But with the current tensions between Russia and the West, Kaspersky’s ties to the Russian government have raised questions.
There’s a line in the 2007 movie Die Hard 4: Live Free Or Die, when in the midst of a wave of cyberterrorism, the villain warns “you have no idea who you’re dealing with.”
The same might be said of Kaspersky, a man whose company makes anti-virus software that’s on hundreds of millions of computers around the world.
Kaspersky, incidentally, told The Guardian newspaper he didn’t like that movie, because the fiction touched on his own real fears about cyberterrorism.
His firm, Kaspersky Lab, has been a leader in the cybersecurity business, in part because it draws on Russian skills in cyberengineering.
In a March interview, Kaspersky told Bloomberg Businessweek that “Russia is very rich in software engineers, thanks to Russian technical education system. And actually, Russian software engineers are the best.”
He said that comment was a quote made to him by former U.S. Secretary of State Condoleezza Rice.
“But other side of the coin is, that Russian cybercriminals are the best as well. I’m sorry,” he says.
A KGB Education
Kaspersky himself is a product of the Soviet system, studying cryptography and math at the KGB Higher School.
The KGB was the Soviet spy agency and security service, the equivalent of the CIA in the United States. Its main successor is the FSB, or Russian Federal Security Service.
Kaspersky Lab says its chief never worked for the KGB.
After graduation, it says, Kaspersky worked for a few years for a Soviet military research institute, but left in 1991 for the private sector.
Analyst Andrei Soldatov says Kaspersky built his cybersecurity business “from scratch,” but later “became more and more associated with Russian security services, helping them to catch some cybercriminals, helping to provide security for some very important projects.”
Soldatov is an editor at Agentura.ru a watchdog group that monitors the Russian secret services, and co-author of an upcoming book, The Red Web.
He notes that the important projects Kaspersky worked on for the Russian government included cybersecurity for the Sochi Olympics, “supervised by [President Vladimir] Putin personally.”
In 2011, when Kaspersky’s 21-year-old son Ivan was kidnapped, Soldatov says, it was the FSB — not the regular police agencies — that helped return the young man safely to his father.
Relations With The Government
Soldatov says as far as is known, Kaspersky’s relationship with the FSB is little different from other cybersecurity firms’ relations with other countries.
“I think in the United States, you have the same thing, when you have companies which help law enforcement to catch cyber criminals. The problem is that relations are not really transparent,” he says.
Kaspersky wasn’t available to be interviewed for this story. He was in the far eastern Russian region of Kamchatka, where he likes to go for adventurous vacations.
Kaspersky Lab says that while it has worked with Russian authorities fighting cybercrime, it has cooperated with other law enforcement agencies, too, including Interpol.
NPR runs Kaspersky programs on its computer systems and the company is a sponsor of NPR News programming.
Brian Krebs, an American reporter who blogs on cybersecurity, says he also runs Kaspersky programs on his computer systems. He adds that he’s not worried about the potential for spying, even though that software “by design, has to have access to the deepest levels of your computer.”
“If Kaspersky Labs wanted to do something bad, there’s absolutely no question that they could,” Krebs says. But “if Kaspersky was somehow found to be acting at the behest of the Russian government to spy on its customers, I think they’d pretty much be out of business overnight.”
Krebs says that when he was researching a book on cybercrime in 2011, he went to Moscow as Kaspersky’s guest.
He says he found Kaspersky to be an extremely intelligent, funny and generous man, but “singularly uninterested” in talking about Russian cybercriminals, even though they were operating in his own backyard.
“To my surprise, nobody there would talk to me about these guys, not even Eugene,” Krebs says, “and that kind of took me back a little bit. Maybe I was a little naïve, expecting people to stick their necks out a little bit.”
In its March report, Bloomberg Businessweek said that while Kaspersky’s company has exposed malware it says comes from Western governments, it hasn’t gone after Russian viruses with the same vigor.
Kaspersky Lab says that’s a false accusation, and that the company goes after all forms of malware, regardless of their origins.
It cites a list of 11 reports it has published on malware that’s been found to contain Russian-language elements in its code.
The list includes programs with nicknames such as Red October, Black Energy and Team Spy.
Kaspersky says his company is not just Russian, but international, and denies that it has any inappropriate relations with Russian security.
He says he resents that the U.S. government restricts its business to American security companies.