CybersecurityQuestions raised about Kaspersky’s close ties to the Russian government

Published 20 July 2015

Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers. Since 2012, the company began to replace senior managers with people with close ties to Russia’s military or intelligence services. The company is also helping the FSB, the KGB’s successor, in investigating hacks – and people in the know say the company provides the FSB with the personal data of customers. The company’s actual or perceived alliances have made it a struggle to win U.S. federal contracts.

Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers.

The company used to recruit senior managers in the United Sates and Europe to expand its business, and to ready an initial public offering with a U.S. investment firm.

In 2012, however, Kaspersky Lab abruptly changed its senior management recruiting practices – and, some suspect, perhaps a few other things as well. Bloomberg reportsthat high-level managers left or who were let go were, in many cases, replaced by people with ties to Russia’s military or intelligence services — some of them known to have used data from the company’s customers to help criminal investigations by the FSB, the KGB’s successor.

The change in the company’s senior hiring policy reminded people that the company’s founder and Chief Executive Officer Eugene Kaspersky used to work for the KGB. In advertising for the company he was once described as “A Specialist in Cryptography from KGB.”

Kaspersky Lab is not the only cybersecurity business with ties to the government. Most major American security-software makers work, in one way or another, with U.S. government agencies, and some of the products they sell have been developed in collaboration with government agencies.. FireEye, for example, had close ties with the CIA, which uses the company’s software, and the CIA’s investment arm, In-Q-Tel, maintained a stake in FireEye until recently. Observers note that FireEye’s revelations about Chinese and Russian hacking in the United States may have benefitted from the company’s ties to the CIA (see “Cyber espionage campaign, likely sponsored by China, targets Asian countries: FireEye,” HSNW, 15 April 2015; “New report details Russia’s cyber-espionage activities,” HSNW, 30 October 2014); “Massive cyberattack by Chinese government hackers on Penn State College of Engineering,” HSNW, 18 May 2015).

Rick Holland, principal analyst of security and risk management for Forrester Research, says that any government relationships can make a company’s products harder to sell.“It’s a challenge for any security company out there,” Holland told Bloomberg. “What are your ties to government?”

Kaspersky Lab’s ties dramatically increased after two waves of executive departures, say four of the former insiders. Christopher Doggett, Kaspersky Lab’s managing director for North America, insists that customers’ data used in the company’s support to the FSB are anonymous, but people familiar with the company’s technology say it can be modified so it can collect identifying information from individual computers, and that this modified technology has been used to assist the FSB in investigations.

Kaspersky Lab’s software is still regarded highly by technical experts, and the company’s products do well against competitors. Appreciation of the company’s products notwithstanding, the company has found it difficult to win federal U.S. contracts. Holland, the Forrester analyst, says that the company has to overcome suspicions about its senior management and about the organization with which it collaborates.

“There’s a cyber isolationism that’s definitely emerging,” Hollandtold Bloomberg.“They have to overcome any perceived or actual alliances.”