Kaspersky: "I Have Never Met Putin"

"Israeli government entities who want to, could check our source code for themselves and visit our offices in Russia in order to see that we have no contact with the Russian government," said Eugene Kaspersky in response to the Bloomberg article, as part of a casual interview we conducted with him at CyberTech 2015. "The international cooperation is far more important than the attempts to politicize cyber"

Kaspersky: "I Have Never Met Putin"

Eugene Kaspersky, founder and CEO of Kaspersky Lab, arrived especially for the CyberTech 2015 conference, initiated by Israel Defense and the Israel National Cyber ​​Bureau, and agreed to sit down and openly discuss the question of whether he has links with the Russian government, an allegation that was brought up by Bloomberg last week.

According to the Bloomberg report, Kaspersky was educated at a KGB-sponsored cryptography institute, then worked for Russian military intelligence. More allegations claim that company officials have close ties with Russian intelligence, and even that Kaspersky has weekly meetings with Russian intelligence officials in saunas. The context of the story revolves around the claim that Kaspersky do not publish cyber attacks conducted by Russia, but only those carried out by other countries, for example, the United States.

"Let's start with the fact that none of our publications deal with the question of attribution," says Kaspersky. "Our systems work automatically. Even the collection of data and analysis. When we find a new malicious code, we have no idea whether it was written by a State, a criminal organization or a lone hacker. For us the goal is to understand the weapon or espionage, and publish the information to the relevant people who deal with it, including publishing it on our website."

The reason I wanted to talk with Kaspersky on this issue is the question of why a leading US site as Bloomberg chose to publish this article now, personally attacking Kaspersky. Rumors of Kaspersky's ties with Russia's intelligence services have been around for years in certain circles. This is also correct regarding rumors about American companies and the CIA (the In-Q-Tel investment fund is an interesting test case), and famous Israeli cyber companies and the Mossad. The bond between cyber and state intelligence services should not surprise anyone.

Still, why would an American website choose to clash with a Russian cyber company just now? One hypothesis is that this is a first and significant evidence of the politicization of cyberspace. US is facing Russia also in the virtual space. Is the crisis in Ukraine sliding into cyberspace? Maybe. Another hypothesis might be related to business. A direct accusation by a reliable website like Bloomberg could damage the reputation of Kaspersky Lab and make decision makers around the world think twice before they purchase a product or a service from a company that allegedly has ties with Russian intelligence. We have seen what the reports of Snowden have done business-wise to Cisco and other US companies.

A third hypothesis is related to the recent revelation of Kaspersky – a group of hackers named Equation Group. Kaspersky did not mention for whom the group works, but the report shows a pretty clear picture implying it's probably the American NSA. Arstechnica.com made the connection. Among other things, one of the signs is the connection of this group in the development of the Stuxnet worm, which, according to foreign sources, was developed by the NSA and Israel. Whoever checks the published map of the victims could magically notice that the group did not affect Israeli customers, and that the US appears under "easily damaged" in the map. Anyone can draw conclusions. The group, according to the publication, operated for 14 years without interruption until the release of Kaspersky. Maybe it annoyed someone who used Bloomberg to "get back" at Kaspersky?

"There are always rumors around cyber," says Kaspersky. "You know how many times I've met with Putin? Zero. And how many times with Angela Merkel? Once. With Shimon Peres? Twice. Anyone who wants to, can come and check our offices and see for himself that there are no cables that connect us to the Kremlin. So our office is located near The Kremlin, does that mean that we have a cooperation with them? Regarding the sauna – yes, occasionally Russian intelligence service officers go there. So what? Is that a proof that they have access to Kaspersky's systems?

"As to the claim that our executives are Russian, there is a much simpler reason. When we promote someone, we prefer for he/she will be from inside the company. Many of our employees are Russian, naturally. There are those who work over ten years with the company and they are the ones we advance to management positions. That does not make them Russian spies. On the other hand, in our branches around the world we have a preference for local workers. In a small portion of our branches the managers are Russian, and in the greater part they are local workers, as in Israel, for example.

"Anyone who thinks the politicization of the cyber industry will contribute something to human society in wrong. Cyber ​​has no limits. Various of intelligence services will have to cooperate in order to eradicate cyber terrorism. The same goes for police departments all over the world, in order to eradicate organized crime in cyberspace. Without close cooperation this phenomenon that can inflict a very large damage for everyone. We are cooperating with many police departments around the world and with organizations such as Europol and Interpol to promote a safer cyberspace."

Why do you think Bloomberg is trying to promote the politicization of cyberspace?

"I have no idea. This is a reputable website that often covers us favorably; I do not know what is behind the story".

Will you work to prevent the politicization of cyberspace, if in fact it goes there?

"We as a company do not believe that politics should enter the field of cyber defense. It is not good and does not contribute. If I will see this is happening in certain places around the world, I will make every effort to talk to the decision makers to try to prevent it. The international cooperation in cyber is way too ​​important to allow that to happen".

Cyber ​​Survival War

There is no doubt that the timing of the Bloomberg article is odd. As mentioned, rumors are constantly around, and there are some known industry secrets nobody bothers to write about because of the mutual respect between companies. Cyber ​​is based on trust, and no company wants to take the risk of harming its credibility. One has to remember that the cyber market is rolling a lot of money. A lot. According to economictimes.indiatimes website, the annual revenue comes to 71 billion. Many companies are fighting for this money, most of them are based in the US.

According to the same article, a large part of that money comes from government contracts, and the mutual accusations provide an advantage to local companies. For example, if Russian companies are competing against US companies in a US government tender, an article by a reputable American website defaming a Russian company by saying it has relations with the Kremlin, could cause the American decision makers to favor local companies. A similar story in taking place in recent years with Chinese companies like Huawei and ZTE. These are giant Telco companies that are considered henchmen of the Chinese government and as such, do not win government projects in the US and other European countries. Even in Israel, one wouldn't find them in government tenders and in those connected to the military or security services. However, you could find American companies. In China, however, US companies including Cisco and Apple are considered an espionage arm of the NSA, and as such, are allocated by the government in Beijing.

What have you to say to Israeli customers reading the Bloomberg article?

"I want to reassure those who think that Kaspersky has employees that are planted by Russian intelligence. Even if there are some who I do not know about, their odds of planting backdoors in the code is zero. This is because of the rigorous process of developing that prevents this possibility. First, a number people are working on every segment of the code, not one person. Even if we assume that all the people in that group are working for the Russian government, the code undergoes the examination of another group, in a different physical location, which is independent of the group that developed the initial code. So even if it was implanted with something, the second group will find it. Most of the time the code undergoes further examination of an independent third group.

"Whether it is a government, business or security customer, I invite him to check the source code on his own. We did this before around the world with some clients who demanded it. Under the appropriate agreements, an Israeli entity who wants to, could check our source code for itself. I also invite Israeli entities to visit our offices in Russia, to see that they are not linked in any way to the Kremlin."

You might be interested also