Crack­down threat­ens Kasper­sky’s dream

Kuwait Times - - ANALYSIS -

Eu­gene Kasper­sky, the CEO of the Rus­sian cy­ber­se­cu­rity soft­ware firm that bears his name, had a big Amer­i­can dream. He wanted his com­pany to go be­yond sell­ing anti-virus soft­ware to con­sumers and small busi­nesses and be­come a ma­jor ven­dor to the US govern­ment - one of the world’s big­gest buy­ers of cy­ber­se­cu­rity tools. Kasper­sky set up a US sub­sidiary, KGSS, in Ar­ling­ton, Vir­ginia that would be fo­cused on win­ning that busi­ness. He spon­sored flashy con­fer­ences with high-pro­file speak­ers -in­clud­ing Michael Flynn, who was briefly Pres­i­dent Don­ald Trump’s na­tional se­cu­rity ad­viser - sought to join US trade groups and even un­der­wrote pro­gram­ming on Na­tional Pub­lic Ra­dio.

All of this was done to bur­nish Kasper­sky’s im­age and help it be­come an ac­cepted ven­dor for the US govern­ment de­spite its Rus­sian roots, ac­cord­ing to peo­ple fa­mil­iar with the strat­egy. But Eu­gene Kasper­sky was never able to over­come lin­ger­ing sus­pi­cions among US in­tel­li­gence of­fi­cials that he and his com­pany were, or could be­come, pawns of Rus­sia’s spy agen­cies. Kasper­sky “has never helped, nor will help, any govern­ment in the world with its cy­beres­pi­onage ef­forts,” the com­pany said.

Kasper­sky’s Amer­i­can am­bi­tions were fur­ther eroded by the sharp de­te­ri­o­ra­tion in US-Rus­sia re­la­tions fol­low­ing Rus­sia’s in­va­sion of Crimea in 2014, and later when US in­tel­li­gence agen­cies con­cluded that Rus­sia had hacked the 2016 US pres­i­den­tial elec­tion. Tes­ti­fy­ing be­fore the US Congress in May, US in­tel­li­gence chiefs for the first time pub­licly ex­pressed doubt that Kasper­sky prod­ucts could be trusted. FBI agents last month in­ter­viewed Kasper­sky em­ploy­ees, ask­ing whether they re­ported to Rus­sia-based ex­ec­u­tives and how much data from Amer­i­can cus­tomers could be seen by Rus­sian em­ploy­ees, ac­cord­ing to three cur­rent and for­mer em­ploy­ees. The FBI de­clined to com­ment on Thurs­day. On Tues­day, the US Gen­eral Ser­vices Ad­min­is­tra­tion, the govern­ment agency that man­ages the fed­eral bu­reau­cracy, re­moved Kasper­sky from a list of ap­proved ven­dors, say­ing GSA’s mis­sion was to en­sure the se­cu­rity of US govern­ment sys­tems. There is also a bill be­fore Congress that would ex­plic­itly bar the De­fense De­part­ment from us­ing any Kasper­sky prod­ucts.

Kasper­sky says his com­pany is be­ing tar­geted for po­lit­i­cal rea­sons. “These reck­less ac­tions neg­a­tively im­pact global cy­ber­se­cu­rity by lim­it­ing com­pe­ti­tion, slow­ing down tech­nol­ogy in­no­va­tions and ru­in­ing the in­dus­try and law en­force­ment agency co­op­er­a­tion re­quired to catch the bad guys,” he said in a state­ment to Reuters. The Ar­ling­ton of­fices of KGSS were empty when a Reuters reporter vis­ited them on Thurs­day. A Kasper­sky spokes­woman said most of the staff, which num­ber less than 10, of­ten work from home.

The US clam­p­down comes even though of­fi­cials have of­fered no pub­lic ev­i­dence to sug­gest the com­pany has done any­thing un­to­ward or that the Rus­sian govern­ment is us­ing its soft­ware to launch cy­ber at­tacks. Two for­mer em­ploy­ees and a per­son briefed on the FBI case told Reuters that Kasper­sky soft­ware has at times in­ap­pro­pri­ately in­spected and re­moved files from users’ ma­chines in its hunt for al­leged cy­ber crim­i­nals, even when those files were not cor­rupted by viruses. “Kasper­sky Lab be­lieves it is com­pletely un­ac­cept­able that the com­pany is be­ing un­justly ac­cused without any hard ev­i­dence to back up these false al­le­ga­tions,” the Kasper­sky spokes­woman said in re­sponse in an email.

It is ex­tremely rare for a com­pany to be sin­gled out for fed­eral buy­ing re­stric­tions in the ab­sence of clear ev­i­dence of wrong­do­ing. “This sets a re­ally dan­ger­ous prece­dent” where other na­tions could make sim­i­lar, un­sub­stan­ti­ated claims against US ven­dors, said Robert M. Lee, a for­mer cy­ber­war­fare op­er­a­tive for US in­tel­li­gence and now CEO of cy­ber­se­cu­rity startup Dra­gos. The Rus­sian govern­ment has de­nounced the Kasper­sky crack­down and said it does not rule out re­tal­ia­tory mea­sures. Of­fi­cials at US tech com­pa­nies with sig­nif­i­cant oper­a­tions in Rus­sia say they fear they could be­come tar­gets.

Fed­eral con­tract­ing data­bases re­viewed by Reuters show only a few hun­dred thou­sand dol­lars in pur­chases from Kasper­sky, and an em­ployee con­firmed the com­pany’s fed­eral govern­ment rev­enue was “minis­cule”. But Kasper­sky also sells to fed­eral con­trac­tors and third-party soft­ware com­pa­nies that in­cor­po­rate its tech­nol­ogy in their prod­ucts, so its tech­nol­ogy may be more widely used in govern­ment than it ap­pears from the con­tract­ing data­bases, US of­fi­cials say. Founded in 1997, Kasper­sky grew rapidly through the 2000s to be­come one of the world’s lead­ing anti-virus soft­ware com­pa­nies. But the com­pany was dogged from the start by sus­pi­cions about its ties to Rus­sia’s Fed­eral Se­cu­rity Ser­vice (FSB), the main suc­ces­sor to the KGB. Eu­gene Kasper­sky at­tended a KGB school and the com­pany has ac­knowl­edged do­ing work for the FSB. As the com­pany grew, Kasper­sky was de­ter­mined to over­come those fears. “We have to be more Amer­i­can than Amer­i­cans,” Kasper­sky told Reuters in 2013, when a US good­will of­fen­sive be­gan.

A cor­ner­stone of the ef­fort was a se­ries of KGSS-hosted con­fer­ences in Wash­ing­ton where prom­i­nent US of­fi­cials in­clud­ing Flynn, a for­mer De­fense In­tel­li­gence Agency di­rec­tor, for­mer CIA and NSA Di­rec­tor Michael Hay­den and House of Rep­re­sen­ta­tives Home­land Se­cu­rity Com­mit­tee Chair­man Michael McCaul dis­cussed cy­ber­se­cu­rity is­sues. The com­pany pri­vately courted US in­tel­li­gence and law en­force­ment of­fi­cials by send­ing ex­perts to brief them on na­tion­state hack­ing cam­paigns un­cov­ered by the firm, ac­cord­ing to peo­ple present at those meet­ings.

“They came to us and said, ‘We want to change our im­age, we know peo­ple don’t trust us’,” said one for­mer se­nior Obama ad­min­is­tra­tion of­fi­cial who took part in some of those meet­ings. But the sus­pi­cions never sub­sided. When the com­pany sought to join one Wash­ing­ton­based tech­nol­ogy trade or­ga­ni­za­tion, it was “po­litely told it couldn’t hap­pen,” ac­cord­ing to an in­dus­try source with di­rect knowl­edge of the mat­ter. The source said in­dus­try group of­fi­cials had an in­side joke: “Kasper­sky (mem­ber­ship) is like hav­ing the Krem­lin join.”

Not co­in­ci­den­tally, Kasper­sky’s govern­ment sales ef­fort never gained trac­tion. In an email to Reuters, the com­pany noted “com­plex­i­ties as­so­ci­ated with do­ing busi­ness with North Amer­ica’s govern­ment sec­tor.” Pri­vately held Kasper­sky said its US rev­enue, most of which comes from sell­ing anti-virus soft­ware to con­sumers and small busi­nesses, slipped from $164 mil­lion in 2014 to about $156 mil­lion in 2016.

Some US na­tional se­cu­rity ex­perts say Kasper­sky is be­ing treated un­fairly. Lee said he has long been both­ered by the “pub­lic sham­ing” of Kasper­sky by peo­ple who make al­le­ga­tions without pre­sent­ing ev­i­dence. The US govern­ment has the right to choose not to use Kasper­sky prod­ucts for any rea­son, he said, but “the way they are do­ing it” is wrong. “I don’t be­lieve in ge­o­graphic re­stric­tions that say, ‘Be­cause Kasper­sky is a Rus­sian­based com­pany, there­fore it is bad,’” said for­mer White House cy­ber­se­cu­rity pol­icy co­or­di­na­tor Michael Daniel. “You would want your de­ci­sion to be based on ac­tual cor­po­rate bad be­hav­ior.” — Reuters

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.