Kaspersky software is recommended by chain stores and other U.S. PC retailers, and is ranked 6th in revenue among security-software makers, with a figure of $667 million in 2013. Its products are recommended by Best Buy’s Geek Squad technicians and have good reviews from users, write Carol Matlack, Michael A. Riley and Jordan Robertson for Bloomberg.
Kaspersky: Sea-change in 2012
However what consumers may not be aware of is the extent to which the Russian secret service is involved with the company. This was not always the case, and in the past efforts were made to play down founder and CEO Eugene Kaspersky’s KGB past. The company recruited senior staff in the U.S. and Europe with a view to expanding its business, and was even working on an IPO with a U.S. investment firm, before a drastic change came about in 2012.
Since then, senior staff have left the company or been fired, and their replacements have often been people with strong ties to Russia’s military or intelligence services. In some cases, these staff actively help the FSB with criminal investigations using data from Kaspersky customers, according to current and former employees. These sources spoke on the condition of anonymity due to their fear of reprisals.
Kaspersky is known to attend weekly sauna nights with a group of 5 to 10 friends that usually includes Russian intelligence officials, but he claims that they are strictly social events: “When I go to banya, they’re friends,” says the company founder. He claims that officials cannot match Kaspersky data with individual customers, and he has not been put under pressure to show loyalty to President Vladimir Putin.
Despite his claims, there are noticeable differences in the company’s treatment of alleged electronic espionage by the U.S., U.K. and Israeli governments and Russian activities. While detailed reports have been published on the hacking tactics of groups such as the Equation Group, thought to be a cover for the NSA, there has been no such investigation into the activities of the Sofacy spyware which has attacked NATO and Eastern European foreign ministries, which is believed to be linked to Russia.
Internet security companies have had to choose sides in some capacity, with Kaspersky the most prominent of those that have cultivated ties with the Russian government. Most major rivals work with the U.S., but whichever side of the political divide they operate on, it becomes more difficult to sell products in some markets due to increasing global paranoia. “It’s a challenge for any security company out there,” says Rick Holland, principal analyst of security and risk management for Forrester Research. “What are your ties to government?”
A changing of the guard
In the case of Kaspersky Lab, government ties increased following two waves of departures by senior staff. In 2012 Kaspersky withdrew from an IPO partnership with investment firm General Atlantic, and shortly after Chief Business Officer Garry Kondakov sent out an internal memo which stated that only Russians would be able to hold top company positions from that point on. The alleged email was seen by two sources, but its existence has been continually denied by the company.
In 2014 a group of senior managers, including CTO Nikolay Grebennikov and North American President Steve Orenberg, proposed that Kaspersky hire a new CEO and retain the chairmanship for himself. They were promptly fired.
A shady presence
According to insiders, Chief Legal Officer Igor Chekunov is the main contact for Kaspersky’s work with the Russian government, and a regular attendee at the now infamous sauna nights. For the past 2 years he has been responsible for a 10-strong team of specialists who study data from customers who have been hacked, and help the FSB and other government agencies.
Although Kaspersky Lab’s MD for North America, Christopher Doggett, says that data on company systems is anonymous, sources have claimed that the technology can be altered to identify individual computers, and it has been used to help the FSB in investigations. Chekunov maintains a low-profile, and did not even have a biography on the company website until a query from Bloomberg Businessweek.
U.S. security company is a good test case for how such relationships work in the States. In its early days the company was greatly influenced by the CIA, which uses its technology, as well as maintaining a stake in the company. FireEye has produced detailed reports on Chinese and Russian hacking activities, but is yet to expose U.S. government involvement.
FireEye CEO David DeWalt praised Kaspersky Lab’s report on the Equation Group, but refused to say whether his company is working on a similar piece of research. The cyber security battle lines have been drawn, and companies find it hard to gain contracts from the other side of the fence due to an emerging cyber isolationism.