Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals
- By Noah Shachtman
- July 23, 2012 |
Eugene Kaspersky, Soviet officer turned software tycoon.
Photo: Stephen Voss
It’s early February in Cancun, Mexico. A group of 60 or so financial analysts, reporters, diplomats, and cybersecurity specialists shake off the previous night’s tequila and file into a ballroom at the Ritz-Carlton hotel. At the front of the room, a giant screen shows a globe targeted by crosshairs. Cancun is in the center of the bull’s-eye.
A ruddy-faced, unshaven man bounds onstage. Wearing a wrinkled white polo shirt with a pair of red sunglasses perched on his head, he looks more like a beach bum who’s lost his way than a business executive. In fact, he’s one of Russia’s richest men—the CEO of what is arguably the most important Internet security company in the world. His name is Eugene Kaspersky, and he paid for almost everyone in the audience to come here. “Buenos dias,” he says in a throaty Russian accent, as he apologizes for missing the previous night’s boozy activities. Over the past 72 hours, Kaspersky explains, he flew from Mexico to Germany and back to take part in another conference. “Kissinger, McCain, presidents, government ministers” were all there, he says. “I have panel. Left of me, minister of defense of Italy. Right of me, former head of CIA. I’m like, ‘Whoa, colleagues.’”
He’s bragging to be sure, but Kaspersky may be selling himself short. The Italian defense minister isn’t going to determine whether criminals or governments get their hands on your data. Kaspersky and his company, Kaspersky Lab, very well might. Between 2009 and 2010, according to Forbes, retail sales of Kaspersky antivirus software increased 177 percent, reaching almost 4.5 million a year—nearly as much as its rivals Symantec and McAfee combined. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. Microsoft, Cisco, and Juniper Networks all embed Kaspersky code in their products—effectively giving the company 300 million users. When it comes to keeping computers free from infection, Kaspersky Lab is on its way to becoming an industry leader.
But this still doesn’t fully capture Kaspersky’s influence. Back in 2010, a researcher now working for Kaspersky discovered Stuxnet, the US-Israeli worm that wrecked nearly a thousand Iranian centrifuges and became the world’s first openly acknowledged cyberweapon. In May of this year, Kaspersky’s elite antihackers exposed a second weaponized computer program, which they dubbed Flame. It was subsequently revealed to be another US-Israeli operation aimed at Iran. In other words, Kaspersky Lab isn’t just an antivirus company; it’s also a leader in uncovering cyber-espionage.
Serving at the pinnacle of such an organization would be a remarkably powerful position for any man. But Kaspersky’s rise is particularly notable—and to some, downright troubling—given his KGB-sponsored training, his tenure as a Soviet intelligence officer, his alliance with Vladimir Putin’s regime, and his deep and ongoing relationship with Russia’s Federal Security Service, or FSB. Of course, none of this history is ever mentioned in Cancun.
What is mentioned is Kaspersky’s vision for the future of Internet security—which by Western standards can seem extreme. It includes requiring strictly monitored digital passports for some online activities and enabling government regulation of social networks to thwart protest movements. “It’s too much freedom there,” Kaspersky says, referring to sites like Facebook. “Freedom is good. But the bad guys—they can abuse this freedom to manipulate public opinion.”
These are not exactly comforting words from a man who is responsible for the security of so many of our PCs, tablets, and smartphones. But that is the paradox of Eugene Kaspersky: a close associate of the autocratic Putin regime who is charged with safeguarding the data of millions of Americans; a supposedly-retired intelligence officer who is busy today revealing the covert activities of other nations; a vital presence in the open and free Internet who doesn’t want us to be too free. It’s an enigmatic profile that’s on the rise as Kaspersky’s influence grows.
Eugene Kaspersky as a young Soviet military cadet.
Photo: courtesy Eugene Kaspersky
Eugene Kaspersky was a bright kid. At 16 he was accepted to a five-year program at the KGB-backed Institute of Cryptography, Telecommunications, and Computer Science. After graduating in 1987, he was commissioned as an intelligence officer in the Soviet army. A quarter century after the fact, he still won’t disclose what he did in the military or what exactly he studied at the institute. “That was top-secret, so I don’t remember,” he says.
Kaspersky is more open about the day in October 1989 when a virus first infected his computer. It was a playful little thing calledCascade that made the characters on a PC screen tumble to the bottom like Tetrisblocks. Curious, Kaspersky saved a copy of the virus on a floppy disk to study how the code worked. A couple of weeks later he encountered a second virus, and then a third. His interest grew with each discovery. “For Eugene, it was an addiction,” his friend Alexey De Mont De Rique says. Each time a new virus appeared, Kaspersky would “sit in front of the computer for 20 hours straight,” trying to pick it apart, De Mont De Rique recalls. In the small world of antivirus researchers, the Soviet officer quickly made a name for himself.
By the early ’90s, Kaspersky wanted out of the army so he could study viruses full-time. There was one small problem: “It was almost not possible,” he explains. The only way to get out was to go to jail, get sick, or prove yourself to be extremely incompetent. Kaspersky’s old instructor at the Institute of Cryptography had a company that sold everything from athletic shoes to PCs. Somehow—Kaspersky won’t answer questions about this either—the former professor was able to get Kaspersky a discharge and hire him. Kaspersky’s wife, Natalya, and De Mont De Rique soon joined him at the company.
In 1997 the three of them went into the antivirus business for themselves. Their software was advanced for the time. They were the first to allow users of Internet security software to watch malware operate in an isolated “sandbox,” quarantined from the rest of the computer; they were among the first to store entire programs in a virus database. The young company flourished even as Kaspersky’s marriage to Natalya fizzled. The couple divorced in 1998, but she continued to handle sales and finance while he worked in the “virus lab,” classifying new threats himself. “The typical analyst would process maybe 100 pieces of new malware a day,” says Aleks Gostev, one of Kaspersky’s top researchers. “Eugene would do 300.”
Today Kaspersky Lab employs about 200 virus researchers—some in the US and China, but the bulk of them in a converted electronics factory 6 miles northwest of the Kremlin. On a sunny April morning when I visit, the old factory feels more like a grad school, with tattooed twentysomethings from across the former Soviet Union roaming the curved halls. The school mascot seems to be Kaspersky himself. Some employees wear Che Guevara T-shirts—with the boss’s face replacing the revolutionary’s. On the walls are black-and-white photos of long-serving employees dressed in war paint and moccasins like Native Americans. “Eugene the Great Virus Hunter,” reads the caption under the CEO’s image—in which he’s drawing a bow and arrow. Some 12,543 emails about suspicious programs came into the company just this morning, bringing the grand total to nearly 7.8 million.
The accumulation happens automatically. When a user installs Kaspersky software, it scans every application, file, and email on the computer for signs of malicious activity. If it finds a piece of known malware, it deletes it. If it encounters a suspicious program or a message it doesn’t recognize—and the user has opted to be part of the Kaspersky Security Network—it sends an encrypted sample of the virus to the company’s servers. The cloud-based system automatically checks the code against a “whitelist” of 300 million software objects it knows to be trustworthy, as well as a “blacklist” of 94 million known malicious objects. If the code can’t be found on either of these lists, the system analyzes the program’s behavior—looking at whether it’s designed to make unauthorized changes to the computer’s configuration options, for example, or whether it constantly pings a remote server. Only in the rare instance that the system is stumped will one of Kaspersky’s T-shirt-clad virus researchers step in. They’ll characterize the code by function: password stealer, bogus web page server, downloader of more malicious programs. Then they’ll suggest a “signature” that can be used to spot and filter out the malware in the future. In just minutes, a software update that incorporates these new signatures can be pushed out to Kaspersky’s tens of millions of users.
This is the core of the $600-million-a-year business that grew out of Kaspersky’s virus hobby. It’s really not all that different from the way US security companies like Symantec or McAfee operate globally. Except for the fact that in Russia, high tech firms like Kaspersky Lab have to cooperate with the siloviki, the network of military, security, law enforcement, and KGB veterans at the core of the Putin regime.
The FSB, a successor to the KGB, is now in charge of Russia’s information security, among many other things. It is the country’s top fighter of cybercrime and also operates the government’s massive electronic surveillance network. According to federal law number 40-FZ (.pdf), the FSB can not only compel any telecommunications business to install “extra hardware and software” to assist it in its operations, the agency can assign its own officers to work at a business. “Rule number one of successful companies here is good relations with the siloviki,” says one prominent member of Russia’s technology sector.
Kaspersky says the FSB has never made a request to tamper with his software, nor has it tried to install its agents in his company. But that doesn’t mean Kaspersky and the security agency operate at arm’s length. Quite the opposite: “A substantial part of his company is intimately involved with the FSB,” the tech insider says. While the Russian government has used currency restrictions to cripple a firm’s international business in the past, Kaspersky faces no such interference. “They give him carte blanche for his overseas operations, because he’s among the so-called good companies.”
Eugene Kaspersky’s lab isn’t just an antivirus company; it’s also a leader in uncovering cyber-espionage.
Photo: Stephen Voss
Next door to the Moscow virus lab is the home base for another arm of the operation—a team of elite hackers from around the world that Kaspersky hand-selected to investigate new or unusual cybersecurity threats. Kaspersky calls this his Global Research and Expert Analysis Team—GREAT, for short. Two of them are waiting for me in their office. Sergei Golovanov sports rectangular glasses and a beard out of a ’90s nu-metal video. Aleks Gostev is skinny as a rope and has dark circles under his eyes.
With Kaspersky’s encouragement, GREAT has become increasingly active in helping big companies and law enforcement agencies track down cybercriminals. Gostev assisted Microsoft in its takedown of the Kelihos botnet, which churned out 3.8 billion pieces of spam every day at its peak. Golovanov spent months chasing theKoobface gang, which suckered social media users out of an estimated $7 million.
One of GREAT’s frequent partners in fighting cybercrime, however, is the FSB. Kaspersky staffers serve as an outsourced, unofficial geek squad to Russia’s security service. They’ve trained FSB agents in digital forensic techniques, and they’re sometimes asked to assist on important cases. That’s what happened in 2007, when agents showed up at Kaspersky HQ with computers, DVDs, and hard drives they had seized from suspected crooks. “We had no sleep for a month,” Golovanov says. Eventually two Russian virus writers were arrested, and Nikolai Patrushev, then head of the FSB, emailed the team his thanks.
Kaspersky’s public-sector work, however, goes well beyond Russia. In May, Gostev and Kaspersky were summoned to the Geneva headquarters of the International Telecommunication Union, the UN body charged with encouraging development of the Internet. The Russians were ushered into the office of ITU secretary-general Hamadoun Touré, where the Soviet-educated satellite engineer told them that a virus was erasing information on the computers of Iran’s oil and gas ministry. This was coming just two years after the discovery of the Stuxnet worm, which had damaged Iran’s centrifuges. Touré asked Kaspersky to look into it.
Back at the lab, analysts from GREAT began combing through archived reports from customers’ machines. One file name stood out: ~DEB93D.tmp. The virus was eventually found on 417 customers’ computers—398 of which were in the Middle East, including 185 in Iran. Some machines had been infected since 2010, but the file had never been deeply analyzed. The researchers were able to isolate one piece of the malicious code—and then another and another.
One module of the software surreptitiously turned on a machine’s microphone and recorded any audio it captured. A second collected files, especially design and architectural drawings. A third uploaded captured data to anonymous command-and-control servers. A fourth module, with the file name Flame, infected other computers. The analysts discovered about 20 modules in all—an entire toolkit for online espionage. It was one of the biggest, most sophisticated pieces of spyware ever discovered. In honor of the transmission program, the researchers called it Flame. On May 28, a Kaspersky analyst announced what the team had found.
The spyware was too complex for simple crooks or hacktivists, the researchers said. Flame had been coded by professionals, almost certainly at a government’s behest. The company called it a cyberweapon and speculated that it was related to Stuxnet.
On June 1, The New York Times revealed for the first time that the White House had, in fact, ordered the deployment of Stuxnet as part of a sophisticated campaign of cyberespionage and sabotage against Tehran. Then, on June 19, The Washington Post was able to confirm that Flame was yet another part of this shadow war against Iran. Kaspersky had outed—and in effect killed—it.
For Kaspersky, exposing Flame reflects his company’s broader ambition: to serve as a global crime-stopper and peacekeeper. Malware has evolved from a nuisance to a criminal tool to an instrument of the state, he says, so naturally he and his malware fighters have grown in stature and influence too. “My goal is not to earn money. Money is like oxygen: Good idea to have enough, but it’s not the target,” he says. “The target is to save the world.”
In a locked room down the hall from his office, Kaspersky is working on a secret project to fulfill that lofty ambition. Not even his assistant has been allowed inside. But after we’ve spent a day together—and knocked back a few shots of Chivas 12—he unlocks the door and offers me a peek. It’s an industrial control system, a computer for operating heavy machinery, just like the ones that Stuxnet attacked (and, Kaspersky researchers believe, Flame may also have targeted). Kaspersky’s team is quietly working on new ways to harden these systems against cyberattack—to protect the power grids and prisons and sewage plants that rely on these controllers. The idea is to make future Stuxnets harder to pull off. The controllers haven’t been engineered with security in mind, so the project is difficult. But if it succeeds, Kaspersky’s seemingly outsize vision of his company’s role in the world might become a little less outlandish.
In the meantime, there’s always politics.
Kaspersky at the 2011 Brazilian Grand Prix, flanked by drivers from the Ferrari F1 team that he sponsors.
Photo: courtesy of Kaspersky Lab
Kaspersky has cultivated the image of a wild man with cash to burn—the flamboyant say-anything, do-anything, drink-anything gazillionaire. In Asia, he’s clowned around in TV commercials with Jackie Chan. In Europe, Kaspersky sponsors the Ferrari Formula One team and goes on Dublin pub crawls with Bono. Back in Russia, he throws New Year’s parties for 1,500. The most recent one had a rock-and-roll theme; Kaspersky took the stage in a Harley jacket. Last summer he took some 30 people to Russia’s Kamchatka Peninsula for a volcano-hiking excursion. Then there are the Kaspersky Lab conferences disguised as boozy getaways (or perhaps vice versa): the “analysts’ summit” on Spain’s Costa del Sol, the “VIP executive forum” in Monte Carlo, the “press tour” in Cyprus, the whatever-it-was thing in Cancun.
All of this might lead some to dismiss Kaspersky as a dilettante plutocrat who drinks single-malt and gets made up for TV while his employees do the real technical work. But the critics would be missing the point: One of the systems Kaspersky is now trying to hack is politics, and his antics are part of the act. Every trip to Shanghai’s Formula One race or the London Conference on Cyberspace is another chance to court diplomats and politicians, another chance to extend his company’s influence. And one of his goals is to persuade policymakers to refashion the Internet into something more to his liking—and, as it happens, something more to the liking of the Putin government as well.
In one hotel ballroom after another, Kaspersky insists that malware like Stuxnet and Flame should be banned by international treaty, like sarin gas or weaponized anthrax. He argues that the Internet should be partitioned and certain regions of it made accessible only to users who present an “Internet passport.” That way, anonymous hackers wouldn’t be able to get at sensitive sites—like, say, nuclear plants. Sure, it might seem like we’d be sacrificing some privacy online. But with all the advertisers, search engines, and governments tracking us today, Kaspersky argues, we don’t really have any privacy left anyway. “You can have privacy if you live somewhere in the jungle or the middle of Siberia,” he recently told a confab in the Bahamas.
The Internet grew from a network of researchers to the global nervous system in large part because practically anyone was able to access any part of it from anywhere—no ID needed. And the values of openness, freedom, and anonymity became deeply embedded in net culture and in the very architecture of the network itself. But to Kaspersky, these notions no longer work: By “protecting our right to freedom we actually sacrifice it! We sacrifice the right to safe Internet surfing and to not get infected by some nasty piece of malware at every step.”
The idea of stripping some amount of privacy from the Internet is gaining traction in many sectors, thanks at least in small part to Kaspersky’s lobbying. In Cancun, he was joined onstage by Alexander Ntoko, a top official at the International Telecommunication Union. “Why don’t we have digital IDs as a de facto for everybody?” he asks. “When I’m going to my bank, I’m not going to cover my face.” In other words, why should things be any different online?
The ITU was once a bureaucratic backwater. In recent years, however, the Russian and Chinese governments have been pushing to give the agency a central role in governing the Internet. Instead of the US-dominated nonprofits that currently coordinate domain names and promote technical standards, they want to turn authority over to a gathering of national governments represented by the ITU. It’s a move that one of the Internet’s creators, Vint Cerf, told Congress risks “losing the open and free Internet,” because it would transfer power from geeks to government bureaucrats. The ITU is set to revisit the 24-year-old treaty governing international telecommunications in December.
Whether or not it secures this power, the ITU has found a willing ally in Kaspersky. When he traveled to ITU headquarters in Geneva, a few months after Cancun, Kaspersky not only agreed to look into the attacks on the Iranian oil ministry, he also told ITU chief Touré that he would assign some of his top researchers to be on call to help the organization with any future investigations. It’s a good deal for both men. Kaspersky gets to extend his influence—and maybe catch the next big cyberweapon. Touré and the ITU get a personal cybersecurity team.
But Kaspersky’s closest political ties remain in Russia. As one of his country’s most successful technology entrepreneurs—and, in many ways, Russia’s spokesman for all things Internet—Kaspersky has hosted former president and current prime minister Dmitry Medvedev in his offices (see video below); Medvedev, in turn, appointed Kaspersky to serve in Russia’s Public Chamber, which is charged with monitoring the parliament.
Kaspersky and the Moscow government have espoused strikingly similar views on cybersecurity. This goes beyond the security industry’s basic mission of keeping data safe. When Kaspersky or Kremlin officials talk about responses to online threats, they’re not just talking about restricting malicious data—they also want to restrict what they consider malicious information, including words and ideas that can spur unrest.
Kaspersky can’t stand social networks like Facebook or its Russian competitor, VK (formerly known as VKontakte). “People can manipulate others with the fake information,” he says, “and it’s not possible to find who they are. It’s a place for very dangerous action.” Especially dangerous, he says, is the role of social networks in fueling protest movements from Tripoli to Moscow, where blogger Alexei Navalny has emerged as perhaps the most important dissident leader and sites like VK and LiveJournal have helped bring tens of thousands of people into the streets. Kaspersky sees these developments as part of a disinformation campaign by antigovernment forces to “manipulate crowds and change public opinion.”
Nikolai Patrushev—the former FSB chief who now serves as Putin’s top security adviser—makes a nearly identical case. In June he told a reporter that outside forces on the Internet are constantly creating tensions within Russian society. “Foreign sites are spreading political speculation, calls to unauthorized protests,” he says.
Russia’s government and its most famous technology entrepreneur have long had each other’s backs, cooperating on cybercrime investigations and supporting each other’s political agendas. But the two became utterly intertwined at 6:30 in the morning on April 19, 2011, when Kaspersky’s cell phone rang in his London hotel room. According to the caller ID, it was Ivan, Kaspersky’s 20-year-old son. But the voice on the other end was not Ivan. It was an older man who politely told Kaspersky: “We’ve got your son.”
Eugene Kaspersky now travels in Russia with bodyguards, after the kidnapping of his son.
Photo: Stephen Voss
Outwardly, Kaspersky didn’t react to the news of Ivan’s kidnapping. He said he was tired and asked the caller to ring him back later in the morning—which the caller did, from another number. This time, Kaspersky said he was in an interview and told the guy to make a third call.
It was a ploy, a stall for time while Kaspersky hurriedly reached out to his corporate security manager, who reached out to the FSB. Ordinarily the Russian intelligence service isn’t in the business of freeing kidnap victims. But Ivan Kaspersky wasn’t your average abductee. “My first thought was that this is serious. Second, immediately call the FSB. And third, they are stupid to attack me,” Kaspersky says. “I was 100 percent sure—well, 99 percent sure—that FSB and police would find them. We have very good relations with both the FSB cybersecurity department and the Moscow police department. They know us. They know us as people who support them when they need it. They started to work like crazy.”
That night Kaspersky took the red-eye back to Moscow. He plodded his way through the morning rush hour, his phone ringing every few minutes. As the kidnappers made their demands—3 million euros in denominations of 500—they tried to cover their tracks, switching cell phones and SIM cards constantly. But with every call, the kidnappers were giving the FSB more data to track them down.
Kaspersky arrived at a police station in central Moscow and promptly passed out from anxiety and exhaustion. He and his ex-wife stayed there for the next four days, pacing the halls while the FSB pored through call records and the Moscow cops staked out a suburban cabin where they believed Ivan was being held. After a few days, the officers lured the kidnappers out of the house with the promise of a ransom payment. They were captured without a shot. Ivan was freed, a little grimy—there was no running water in the cabin—but otherwise fine. “It was probably the only period in his life when he was reading books,” jokes his mother, Natalya Kaspersky, who met him at the scene.
At first, Kaspersky publicly blamed himself for not adequately protecting his family. But later he started blaming something else: VK. Kaspersky said that the Russian social network had tempted Ivan into posting his address, phone number, even details of his internship at InfoWatch, Natalya’s security company. “Social networks shouldn’t encourage users to post that sort of information. If a site asks for private information, then criminal charges should be brought against it in the event of a leak,” Kaspersky told Russia’s RT television channel in October. Widely viewed as a Kremlin propaganda outlet, RT aired the remarks as part of a documentary on the death of online privacy and the dangers of social networks, with Ivan’s kidnapping as a primary example. The program encouraged people to protect themselves by dropping offline completely. As it happened, the documentary ran just as online opposition to the ruling party was starting to bubble up. In the months that followed, top bloggers and activists were detained by the government, and the FSB tried (unsuccessfully) to force VK to purge the pages of some groups from its network.
The Kaspersky kidnapping ended up being a tool for the ruling party. But according to Natalya, the whole kidnapped-because-of-VK story is nonsense. “They found him on social networks? It’s not true. They followed him for a month or more. They knew all his ways, where he is going, whom he contacts,” she says. Yes, Ivan posted an address online—”a false address from an old house.” There’s no way, she says, that this helped the kidnappers.
So why did Eugene Kaspersky publicly blame VK? Perhaps Kaspersky simply let his emotions get the better of him—his son had been kidnapped, after all. Perhaps he mistook the fake address Ivan posted for a real one. Whatever the reason, in the end, the son’s kidnapping became a way to attack the father’s political foes.
Eugene Kaspersky now travels in Moscow with a team of bodyguards. He moved to a duplex in a gated community bordering a park—better for keeping his girlfriend and their infant son safe, he explains. A wraparound balcony overlooks the still-frozen Moskva River and the site of Kaspersky Lab’s new five-story headquarters. To the left you can almost see Kaspersky’s childhood home: a one-room shack originally built for prison laborers in the Stalin era.
It’s an early Sunday afternoon in late April. Kaspersky, smoking a Chinese cigarette, is wearing the same bargain-rack striped shirt he was wearing Friday. His mother, who also lives in the complex, heats up blintzes and opens some canned caviar. Up close it becomes clear that Kaspersky’s image as a mega-rich, hyperconnected playboy is mostly an act. In truth, he stays away from Russia’s oligarchs, whom he sees as little different from the cybercrooks he chases. He views his move into politics as a necessary evil, an offer he’s in no position to refuse. Kaspersky doesn’t bother with political rallies or Moscow’s famously immoderate nightlife; he’d rather be in an airplane seat on his way to some conference to share ideas with other technophiles. When he goes to places like Kamchatka, he says, he takes employees or clients. “I don’t have any friends outside of work.”
While critics assume that Kaspersky’s company is a virtual arm of Russian intelligence, he and his staff insist, not unconvincingly, that their work with the FSB has its limits. They argue that using its software to spy on users would undermine the company’s credibility worldwide; it would be like the local locksmith moonlighting as a cat burglar. That credibility is at the heart of Kaspersky Lab’s business. Without lots of customers, there would be no Kaspersky Security Network, no database of known threats or tally of infected machines.
Yes, Kaspersky publicly touts a Kremlin-friendly line. But in Putin’s Russia, executives who neglect to do so have a disturbing habit of winding up in jail or being forced into exile. Besides, you don’t need to be a Moscow crony to push against free speech and privacy online. Plenty of Western officials are doing that too. Until 2011, Italians had to present their ID cards before using Wi-Fi at an Internet café. The European Commission is now mulling a continent-wide system of “electronic authentication.” British prime minister David Cameron contemplated cracking down on social media after the 2011 London riots. And retired US vice admiral Mike McConnell wrote in The Washington Post about the “need to reengineer the Internet to make attribution … more manageable.” He previously served as US director of national intelligence—America’s top spy.
In many ways, the relationship between the Kremlin and Kaspersky Lab is the same as the one between Washington and the big US security companies. Moscow gives millions to Kaspersky to help secure government networks—much as the Pentagon pours millions into contracts with McAfee and Symantec. Kaspersky helps the FSB track down cybercrooks; McAfee and Symantec work with the FBI. Kaspersky employees brief the Duma, Russia’s parliament; American researchers brief Congress and the White House. These security firms have all become key players in their home countries’ network defenses and in cybersecurity investigations worldwide.
But while the American and Russian companies are similar, there are important differences. Stuxnet was a highly classified US operation serving one of the government’s top geopolitical goals. Symantec, a US company, went after it anyway. It’s hard to find a similar case of Kaspersky and the Kremlin working at cross-purposes.
In December 2011, Kaspersky came under criticism for appearing to do the opposite—ignoring an act of online criminality when it was politically convenient. On the eve of Russia’s parliamentary elections, massive denial-of-service attacks brought down social networks like LiveJournal, media outlets like Kommersant.ru, and the independent election watchdog Golos. It seemed to be a politically motivated hit on potential opponents and critics of the ruling regime. Yet Kaspersky Lab—which boasts that its software can spot and fight DDoS attacks—denied the existence of any such activity. “We detected none. Very strange,” Kaspersky tweeted. The next day he wrote on his blog that the attacks actually had been detected, but he speculated that many of the sites were victims of technical problems or perhaps their own popularity.
Kaspersky denies that he blew off the DDoS attacks in an attempt to curry favor with the ruling powers. (Then he claims that pro-Putin sites got hit by the online strikes as well.) But Andrei Soldatov, a muckraking investigative journalist whose Agentura.ru site was hammered in the attacks, has a very different view: “I cannot explain Kaspersky’s ignorance by anything but conscious intention to take the Kremlin’s side, a position very weird for the independent expert he claims to be.”
Kaspersky’s office has just the trappings you’d expect for someone who rose from a kid in a shack to become a continent-hopping mogul: a Ferrari racing jacket, boxes of his software in Chinese and German, a model of SpaceShipTwo, the aircraft that’s going to fly well-heeled tourists to the edge of the atmosphere (Kaspersky already has a $200,000 ticket). Late one afternoon, he reaches into a small closet and pulls out a lab coat with his company’s logo to show me. Behind that is a basketball jersey from the New Jersey Nets, the NBA team owned by Russian billionaire Mikhail Prokhorov. At the very back of the closet I glimpse the dark green dress jacket from Kaspersky’s Soviet Army uniform. The garment is in pristine condition; it looks like it could still be worn in a military parade.
There are plenty of Russian magnates content to use their Kremlin connections and corruption-fueled profits to bully and buy their way into the global arena. Kaspersky has long tried to play a different game: He’s an international entrepreneur and thinker who is from Putin’s Russia, but not of it. Kaspersky’s financial success and influence is a testament to how skillfully he has walked this fine line. Yet the questions endure: Can a company so valuable to Moscow’s government ever be truly independent of it? And what else is hidden in the back of the closet, that the rest of the world can’t see?
I go in for a closer look at the jacket. Kaspersky shuts the door. “It’s nothing,” he says, walking out of the room. “Let’s find a drink.”