An extraordinary story appeared on the Bloomberg website at the end of last week, accusing security company Kaspersky Lab of having “close ties to Russian spies”.
Here are some of the allegations that Bloomberg makes in its article:
“while Kaspersky Lab has published a series of reports that examined alleged electronic espionage by the U.S., Israel, and the U.K., the company hasn’t pursued alleged Russian operations with the same vigor.”
Awkwardly, just two days before the Bloomberg article Kaspersky researchers published further details of what they call the “Crouching Yeti” group who have been targeting industrial, manufacturing and pharmaceutical industries with targeted attacks since the end of 2010.
Crouching Yeti, also known by some as Energetic Bear or Dragonfly, have – according to the Kaspersky Lab report – been mostly targeting the United States, Spain, Japan, Germany, France, Italy, Turkey, Ireland, Poland, and China.
Notice a country missing from that list of targets? Yes, there’s no Russia listed.
Which might seem odd until you read that, in the opinion of Kaspersky, the authors are likely to be Russian-speaking.
Clearly Bloomberg missed that piece of information.
And this is far from the only time that Kaspersky has investigated what appears to be malware that has originated in Russia. Take their research into Epic Turla (sometimes known as Uroburos) and “Red October” for instance.
Personally, I have no doubt that security companies (not just Kaspersky) have awkward business decisions to make regarding their publicising of state-sponsored attacks where they might feel pressure from government customers to keep them quiet.
But Bloomberg doesn’t appear to have found evidence of any suspicious cover-up in Kaspersky’s case.
Score: Bloomberg 0 – 1 Kaspersky
Next, allegations that Kaspersky assists the FSB (the modern name for the KGB):
“Some [staff] actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers who rely on Kaspersky Lab’s software, say six current and former employees who declined to discuss the matter publicly because they feared reprisals.”
You know what, I’d be surprised if a company that counters internet crime doesn’t occasionally work with law enforcement and intelligence agencies tasked with protecting their countries from attack.
So, big deal if Kaspersky sometimes works with the FSB. Just like if FireEye works with the FBI and the CIA. Or Sophos with the NCA and GCHQ.
I would expect all of these companies, as well as their competitors, to believe in protecting their global customer base from threats, wherever they originated around the world, and work when appropriate with law enforcement both at home and abroad to bring criminals to justice.
That isn’t to say that a security vendor should be in the pocket of a particular government, of course, but I see nothing wrong in Kaspersky “actively aiding criminal investigations by the FSB.”
Unless Bloomberg can come up with evidence that Kaspersky’s relationship with the FSB is unhealthy or has compromised its customers, then I’m not sure what there is to worry about.
Score: Bloomberg 0 – 2 Kaspersky
Finally, Bloomberg chooses to share with us details of Eugene Kaspersky’s bathing habits:
“Unless [Eugene] Kaspersky is traveling, he rarely misses a weekly banya (sauna) night with a group of about 5 to 10 that usually includes Russian intelligence officials. Kaspersky says in an interview that the group saunas are purely social: “When I go to banya, they’re friends.””
As far as I know, the sanitary habits of the chief executives of other anti-virus companies have not been scrutinised so closely. But what’s important here is less about whether a man likes to sit in an intensely hot steam room, but the kind of company he keeps – and how that might influence them and their business.
The Bloomberg report suggests that Eugene Kaspersky’s sauna trips might be evidence that the company has too close a relationship with Russian intelligence, but the man himself has robustly denied their purpose is to meet up with intelligence contacts:
“sometimes I do go to the banya (sauna) with my colleagues. It’s not impossible that there might be Russian intelligence officials visiting the same building simultaneously with me, but I don’t know them.”
So, Bloomberg is right that Eugene Kaspersky likes to go to the sauna. But they haven’t provided any evidence that there’s anything suspicious about it. I think that’s a point in Kaspersky’s favour.
Score: Bloomberg 0 – 3 Kaspersky
Kaspersky’s founder is at least prepared to laugh about the allegations, claiming that the company’s next conference for researchers will have the appropriate facilities:
Upcoming @TheSAS2016 will be held in SPA with wide selection of banya, sauna, hamam, thermae & sweat lodge. Then we ride bears to the beach.
— Eugene Kaspersky (@e_kaspersky) March 21, 2015
- Bloomberg – “The Company Securing Your Internet Has Close Ties to Russian Spies”
- Eugene Kaspersky’s blog – “A practical guide to making up a sensation”
- For a somewhat more balanced view of how internet security firms have found themselves tied up in politics, read this Reuters report which predates the schlocky Bloomberg article.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.