Russian anti-virus CEO offers up code for US govt scrutiny
In an interview with The Associated Press at his Moscow headquarters, Eugene Kaspersky said Saturday that he's also ready to move part of his research work to the U.S. to help counter rumors that he said were first started more than two decades ago out of professional jealousy.
"If the United States needs, we can disclose the source code," he said, adding that he was ready to testify before U.S. lawmakers as well. "Anything I can do to prove that we don't behave maliciously I will do it."
Kaspersky, a mathematical engineer who attended a KGB-sponsored school and once worked for Russia's Ministry of Defense, has long been eyed suspiciously by his competitors, particularly as his anti-virus products became popular in the U.S. market. Some speculate that Kaspersky, an engaging speaker and a fixture of the conference circuit, kept his Soviet-era intelligence connections. Others say it's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin.
No firm evidence has ever been produced to back up the claims. But this has not stopped what was once gossip at tech conferences from escalating into public accusations from American politicians and intelligence officials amid rising concerns over Russian interference in the United States.
Senior U.S. intelligence officials have advised Congress to steer well clear of Kaspersky's products and Congress is weighing a proposal to ban the company from the Pentagon. Law enforcement seems to be taking a hard look at the company as well. On Wednesday, NBC news reported that at least a dozen U.S. employees of Kaspersky were visited at their homes by FBI agents.
Kaspersky confirmed the NBC report, although he said he didn't know what the focus of the FBI's questioning was. He did say his relationship with the FBI was now shot.
"Unfortunately, now the links to the FBI are completely ruined," he said, explaining that the agency had frozen out his company, one of the few connected to both U.S. and Russian law enforcement. "It means that if some serious crime happens that needs Russian law enforcement to cooperate with FBI, unfortunately it's not possible."
The FBI didn't immediately return a message seeking comment, but agents are unlikely to lose much sleep over that. Kaspersky allowed that cooperation between Russia and the United States on cybercrime has often been "far from perfect."
But lawmakers' moves to single out the company for special punishment worries even Kaspersky's critics, who note that it would set an unfavorable precedent for American technology firms — many of whom are known to work closely with the U.S. National Security Agency.
Kaspersky defended his work during the interview, saying he never benefited from official protection of any kind.
"I do understand why we look strange. Because for Russia it's very unusual, a Russian IT that's very successful everywhere around the world. But it's true," he said.
Kaspersky said his company does exclusively defensive work, although under questioning he allowed that some unnamed governments had tried to nudge him toward hacking — what he calls "the dark side."
"There were several times it was close to that," he said, adding that the officials involved weren't Russian. He said in one case a discussion about defensive cybersecurity cooperation "turned to the offensive."
"I stopped that immediately. I don't even want to talk about it," he said.
Kaspersky's offer to have his code audited may not quiet all the skeptics, some of whom are concerned less about the integrity of the company's software and more about the company's staff and the data they gather. Like many cybersecurity outfits in the U.S. and elsewhere, some Kaspersky employees are former spies.
Kaspersky acknowledged having ex-Russian intelligence workers on his staff, mainly "in our sales department for their relationship with the government sector." But he added that his company's internal network was too segregated for a single rogue employee to abuse it.
"It's almost not possible," he said. "Because to do that, you have to have not just one person in the company, but a group of people that have access to different parts of our technological processes. It's too complicated."
And he insisted his company would never knowingly cooperate with any country's offensive cyber operations.
"We stay on the bright side," he said, "And never, never go to the dark side."