For Russian security vendor Kaspersky Lab, 2017 will go down as a year to forget. The Moscow-based Kaspersky Lab has repeatedly been under fire for alleged spying on U.S. government officials. A charge Kaspersky has denied from the start. And, about a month ago the U.S. Department of Homeland Security banned all of its agencies from using any products from Kaspersky. Also, a few of its U.S.-based employees have been investigated by the FBI.
And, just last month I witnessed some poor Kaspersky executives manning a booth at a conference in the U.S. getting inundated with – at times – harsh questions about the company’s trustworthiness from show attendees.
Company founder Eugene Kaspersky, who is anything but shy, is not making some public statements about these allegations. Through his communications team, ITWorld Canada has received this statement from the Kaspersky boss.
“We recognize that some people think ‘Russian cybersecurity company’ are three words that shouldn’t be in the same sentence, especially these days. Still, the motivation behind recent reports, while intriguing, cannot be our concern. Instead, we need to focus on doing everything possible to be as transparent as possible for our most important stakeholders: our customers and partners.
“Despite today’s tense geopolitical situation, KL has continued to do what it does best: focusing on protecting our customers from cyberthreats regardless of where those threats may come from.”
This statement came as a blog post entitled: Proud to keep on protecting – no matter the false allegations in the U.S. media.
I found what came after his statement to be more interesting. Kaspersky added, in his blog, that the company has strengthened its partnership with INTERPOL.
I first interviewed Eugene at the tail end of 2009 in Moscow off all places.
In that interview, he talked about INTERPOL and his wish to work with them to establish a cybercrime unit. Nothing was sign back them, but over time Eugene did get an official working relationship with INTERPOL as well as the European agency Europol. He signed two cooperative agreements with both agencies. The agreements cover that Kaspersky would provide products, intelligence, and ongoing support to INTERPOL’s Global Complex for Innovation (IGCI) team.
Together INTERPOL and Kaspersky alerted the world to the Tyupkin ATM malware, which targeted several banks around the world in 2014.
So, the question begs to be asked…why go through all that work with INTERPOL/Europol and then start spying years later? Was it an elaborate, long-term smoke screen? If Kaspersky is a front for spying then why has it taken so long to expose them? Are they that good at security that no one can hack into them for eight years? And, keep in mind some of the best hackers in the world target security companies like Kaspersky, Symantec, McAfee and others to gain recognition.
And, one more thing: if you visit Interpol’s website (https://www.interpol.int/About-INTERPOL/International-partners/Kaspersky-Lab) you will find a section on Kaspersky Lab and the work they have done together.
So, here is another question. If Kaspersky was spying; wouldn’t INTERPOL know and remove any and all mentions of this company from their website? There has been no evidence yet to surface that proves Kaspersky spied on anything. But if there were – even if it wasn’t made public – don’t you think INTERPOL would take action and remove all mentions of Kaspersky on their Web site?
When I was in Moscow with Eugene, he told me that security companies in general would be unable to provide a risk-free environment to business. Boy was he right.
Eugene also said that he would continue to lobby INTERPOL to create an Internet INTERPOL to combat cybercriminals. And, if INTERPOL had established that taskforce back in 2009 then he predicted a clean Internet would be possible in 50 years.
Video blog from 2009:
Kaspersky is trying to be transparent during this crisis. They announced a series of moves to tackle the spying allegations. They are:
• Independent source code review: To start by Q1 2018, undertaken with an internationally recognized authority
• Independent review of internal process: To verify integrity of our solutions and processes
• Three transparency centres worldwide in three years: Enabling clients, government bodies and concerned organizations to review source code, update code and threat detection rules. First centre in 2018, three centres by 2020, in Asia, Europe and the U.S.
• Increased bug bounty rewards: Up to $100,000 per discovered vulnerability in main Kaspersky products.
The Senior Leader’s Guidebook to Emergency Management and Business Continuity