Would you trust Eugene Kaspersky, Russia’s ‘Cyber Security King’?
Accused of helping Russian spies and sabotaging his competitors, Eugene Kaspersky tells FRANCE 24 he is innocent and has "nothing to hide".
Empty-handed, Eugene Kaspersky obediently backs away from the buffet. A waitress has just told him off for picking up a carrot stick before the party has begun. Little did she know he paid for the lavish networking-do at the 'Les Assises' cyber conference in Monaco. Everyone else, bar the catering staff, knows exactly who he is.
“I was expecting Eugene Kaspersky’s party to be all about red meat and vodka. But instead it’s all salads and champagne,” said Canadian security expert Ben Marzouk. “To see him here as sweet as a lamb, well, that’s killed the myth.”
Eugene Kaspersky is famous and feared in cyber circles. At 16, he was selected to study cryptography at a school partially funded by the KGB. By the time he was 24, he had created his first anti-virus software to protect his own computer.
Eight years later he founded Kaspersky Lab, which is now one of the biggest anti-virus makers in the world, with 460 million users and 711 million euros in annual profit. His firm has impressed critics by revealing real cyber threats like the Equation Group, a highly sophisticated attack team it believes helped create the Stuxnet virus.
Today the Russian billionaire spends most of his working life on a global PR drive trying to convince governments, companies and individuals to trust him and his anti-virus software.
Allegations of aiding Russian espionage
The news agency Reuters says it has evidence Kaspersky Lab deliberately created fake, harmless viruses in 2009 to trick its competitors into deleting important files on their customers’ PCs. The alleged aim was to expose firms Kaspersky believed were using his technology instead of developing their own. Reuters sources claim Kaspersky told his researchers to attack rival AVG by “rubbing them out in the outhouse,” quoting Vladmir Putin’s threat to pursue Chechen rebels wherever.
But the allegations have failed to convince everyone in the industry.
When France 24 spoke to Jeffrey Carr, the American CEO of security firm Taia Global, he said he didn’t know if Reuters’ claims were true or false. “We should be sceptical since the accusers are both anonymous and have an axe to grind against their former employer,” he said.
Kaspersky called Reuters’ claims “ludicrous”, saying the fake virus attack also affected his company.
“It remains a mystery who staged the attack, but now I’m being told it was me!”
Another news outlet, Bloomberg, has accused Kaspersky Lab’s senior management of handing over customer data to help the KGB’s successor, the FSB, carry out spying. It also claims Kaspersky regularly attends banya (sauna) sessions in Moscow with Russian spies.
Kaspersky insists the Russian authorities have no hold over his firm. “There were no cases when we were asked about sharing data we got from customers,” he told FRANCE 24. “There is no way. I’m in the IT business and it’s not possible to pressure us. Our value is our brains, which can travel.”
“Everyone is spying on each other”
Yves Grandmontagne, a journalist who has been covering cyber news for twenty years, says it is hard to believe governments, in Russia or anywhere else, could resist calling on the expert services of domestic firms with access to customer data from around the world.
It is “more than plausible” that Kaspersky Lab hands over its clients’ data to the Russian government, he said. “But we should look at ourselves in the mirror. Because … the Americans are at it, the British, the French, everyone is spying on each other.”
There’s nothing new or extraordinary about firms working with their respective governments, Carr said.“Everyone wants to support their own government's goals and policies, and will do what they've been contracted to do.”
Can you trust foreign cyber security firms at all?
But to protect themselves against international attacks, governments and companies have little choice but to work with non-domestic cyber security providers.
“If governments and companies only use tools developed domestically, they will not acquire the best ones available to suit their particular needs," said Grandmontagne.
Layered, complex threats are coming from outside the country, so the solutions need to as well.
Admiral Dominique Riban, second in command of the French Government’s IT security agency ANSSI, believes “you can trust Kaspersky on your personal computer. But if you’re working in an important industry, trust will need to be built up over time. And when it comes to national defence and classified information, there are times we won't call on the services of a Russian or American firm, or any other nationality.”
“France doesn’t have friends in the cyber world. We have enemies, and we have allies,” he said.
Daily newsletterReceive essential international news every morningSubscribe