As news of Donald Trump Jr.’s possible collusion with the Russian government to sway the presidential election makes headlines across the US, another entity accused of inappropriate contact with Moscow is fighting back on the allegations.
Russia-based Kaspersky Lab was called out in a Bloomberg Businessweek article as working with the Kremlin to spy and hack on unsuspecting businesses and consumers. As the outlet puts it, Kaspersky can “quietly embed the software in everything from firewalls to sensitive telecommunications equipment—none of which carry the Kaspersky name,” going on to say that it does much work at the behest of the FSB, which is the successor to the KGB in the Russian spy world.
While that sounds quite nefarious, Kaspersky insists in a lengthy, point-by-point statement that the facts have been misinterpreted or manipulated.
“Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government,” the company said. “The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.”
As for the seemingly sinister embedding process mentioned earlier, that amounts to nothing more than white-label and routine OEM commercial agreements with other vendors, it said.
“The licensing agreements permit these partners to embed Kaspersky Lab’s unparalleled anti-malware engine into their own solutions, and once Kaspersky Lab products are included, these vendors are responsible for publicly communicating all the external products used in their comprehensive offering,” it said. “It is also important to note that less than four percent of the company’s revenue comes from licensing deals.”
Similarly, Bloomberg seemed to insinuate that routine automatic product updates were a sort of backdoor into organizations: “The software also regularly communicates with the maker to receive updates, which security experts say could theoretically provide access to sensitive users such as government agencies, banks, and internet companies.”
Kaspersky offers hourly malware detection updates to customers, but said that it “does not provide access to these updates to any third party outside of the company, and Kaspersky Lab would never assist any entity in its efforts to spy on users. With a 20-year history in the IT security business as one of the most trusted security providers, the company’s reputation speaks for itself.”
In the most damning pieces of the “expose,” Bloomberg cited internal company emails that it said show that Kaspersky Lab has maintained a much closer working relationship with the FSB than it has publicly admitted, and claimed that it “has developed security technology at the spy agency’s behest and worked on joint projects,” including one around DDoS that was “kept secret.”
That’s a charge that Kaspersky vehemently denied, noting that far from being a Bond-villain super-weapon, the DDoS product is a protective/defensive product, for which the FSB was never a client nor a patron:
“It’s important to be clear, the company never received a request from the Russian government, or any affiliated organization, to create or participate in ANY secret projects, including one for anti-DDoS protection. In the mid-to-late 2000s, Kaspersky Lab was already working to put together an anti-DDoS offering as well as asking customers, prospects and channel partners about this type of solution, and the Russian anti-cybercrime unit told the company that they considered DDoS attacks an emerging and serious threat. Since there was a strong market need, Kaspersky Lab invested in the R&D required to finish fully developing the solution, which is what Eugene Kaspersky indicated in the internal communications referenced by the publication. To clarify, the FSB is not currently, and never was, a Kaspersky Lab DDoS Protection client. Also, while developing the anti-DDoS product, Eugene Kaspersky made it clear in his internal communications that he did not want any possible leaks, as attackers could learn how to bypass the technology measures if public, and he didn’t want competitors to copy it before it could be launched.”
Bloomberg also reported that the project lead for the DDoS initiative was Kaspersky Lab’s chief legal officer, Igor Chekunov, which it characterized as “a former policeman and KGB officer.”
Chekunov actually worked for the Border Service in the Soviet Union—serving obligatory military service for two years.
“At that time, the Border Service was a part of KGB structure,” Kaspersky explained. “For example, in the U.S., this would be the same as working for customs and border protection (CBP), which is under the Department of Homeland Security (DHS). In addition, Mr. Chekunov did not lead the product development for the company’s anti-DDoS solution.”
As for the smoking gun, i.e., the emails, the firm said: “Kaspersky Lab never confirmed the emails the media outlet claims to have are authentic, as the media outlet refused to share them with the company for validation to protect an anonymous source; however, the archives were thoroughly searched for any document they might be referring to, and an internal email that contains routine business chatter regarding product development may be the document the publication is referencing.”
Listing the many law enforcement actions around the world that it has assisted with, including working with Dutch police in identifying and catching the authors of the CoinVault ransomware, the firm said that its raison d’etre is simple: “The company’s goal is very simple—protect users from cyberthreats and make the internet safer for everyone.”
Bloomberg has at the time of writing not published a response or follow-up.