Kaspersky Lab: Friend or foe?

Note: The following post is a personal opinion and doesn't represent the views of any organisation or employer that I am associated with.

“The fact is that we have no way of knowing if the person who we  think we are is at the core of our being. Are you a decent girl with the potential to someday become an evil monster, or are you an evil monster that thinks it's a decent girl?"

"Wouldn't I  know which one I was?"

"Good God, no. The lies we tell other people are nothing to the lies we tell ourselves.” 

―  Derek Landy,  Death Bringer

Firstly, dislosure.

I worked for Kaspersky for 3 years, from 2009 to 2012.

In early 2009 I got a call from Kaspersky Lab to come talk to them about a System Engineering and Technical Team Lead role. At the time I was working for a US-based information security company, and to be honest I accepted the first interview to do some local market recon on what they were up to.

I didn't expect to become very interested in joining the organisation. Back then, it was just February and I had a 1 month holiday planned to travel around the north of India with my girlfriend (now wife). They kept looking, and I parked it as an interesting career exploration.

A couple of months later, they rang me back saying they had not found anyone else and if I was still interested.

From the middle of 2009 until middle 2012 I had some of the best career experiences in my life, and this is why I started this post with a disclosure - I have both the fondest and worst memories of working there in my career to date. And I wouldn't change it for the world.

Why post now?

Lately, there's been a lot of bad press about Kaspersky Lab. When I resigned from my post middle 2012 I must admit I did not have a high opinion of the organisation, but that has everything to do (ironically) with the typical effects of any standard capitalist / corporate politics and nothing to do with anything else. That's going to be important. Kaspersky Lab is a corporate entity, just like any other US-born capitalist venture or shareholder controlled company of the same calibre.

I write because the not-so-free media depicts the organisation in a manner in which I find detestable. The media have given very little (if any) air time to recent Wikileaks revelations around the CIA spy software able (and used) to impersonate anti-virus software including Kaspersky Lab. It reminds me of the often forgotten reality that STUXNET was a jointed United States & Israel initiative. It reminds me that the US and China have been jostling for #1 and #2 position of biggest producers of malware for years now, not just the countries most susceptible TO malware.

You used to be able to search easily for this information , but for some reason the average layperson would find it more difficult to google search for this information now.

2010 Sophos article showing US as #1 producer of malware

List of Counties hosting Malware and Botnets

We're more interested in the victim role these days it seems:

Malwarebytes/Forbes article on countries most affected by malware

Secondly, competitive vendors use cheesy (crappy) tactics to win consumers based on FUD, kicking a company when it's down. I personally think it's a shameful tactic to capitalise on geo-political fearmongering and I would never buy (or stop using) software from any company that did this.

The Media Portrayal

Taking a look through a more expansive search of media articles, some which made it - and some which did not. For anyone with access to business information and research tools, I'll leave the article titles intact. I picked ones that were reasonably accurate to the content of the reported article.

In June, several Kaspersky Lab US employees got "soft raided" by FBI, article here.

In July, a US congressman bubbled up this "risk" here.

As you can see, you get an interesting timeline.

25th August 2017: US government admits urging companies to avoid Kaspersky security products

3rd September 2017: US Senate Seeks to Introduce Ban on Government Use of Kaspersky Lab's Antivirus

11th September 2017: Top US Retailer pulls Kaspersky Lab Products (Best Buy)

13th September 2017: DHS Orders Federal Agencies to purge Kaspersky software

14th September 2017: Kaspersky Lab Says US accusations based on false allegations, Inaccurate Assumptions

14th September 2017: Russia says Kaspersky removal in U.S. delays bilateral ties recovery

15th September 2017: Kaspersky products ban reveals drive to Demonize Russia - NSA Whistleblower

15th September 2017: Kaspersky CEO agrees to testify before US Congress

Note: Interesting point, I'm pretty sure Eugene proactively sought to defend his position, all references to his proactive efforts seems to have disappeared off the net. I suppose it's easier for the public to think he begrudgingly testified as opposed to the truth of proactively seeking to exonerate his name.

7th October 2017: U.S. News: Firm faces scrutiny following NSA Hack

12th October 2017: Kaspersky Lab: 'We've never helped any Government with cyberespionage efforts'

13th October 2017: Kaspersky Lab, INTERPOL Sign Deal on sharing cyberthreat intelligence data

23rd October 2017: Kaspersky Lab to disclose source code of products for transparency

25th October 2017: Kaspersky identifies other malware on NSA hacker's home computer

26th October 2017: Kaspersky Lab says took reported Spy Tool source code from US company

9th November 2017: Kaspersky Lab: Council of Europe Agree to protect Human Rights on Internet

10th November 2017: Kaspersky Lab confirms software firm's certificates were forged

10th November 2017: US media to ignore WikiLeaks report about Kaspersky software and CIA

10th November 2017: Russia's Kaspersky confirms WikiLeaks report on CIA malware

What does it all mean, Basil?

This is all shaping up like a mess you'd expect on that old TV series, Fawlty Towers.

Sadly, I don't have the answers, I can't espouse that I have intelligence or insight that puts me in a unique position to know the truth of the situation.

Was Kaspersky software was utilised in the manipulation or interference in the US election? I don't know. Just seems a bit convenient to me, to be honest.

But this is what I do know:

1. In the 3 years I was at Kaspersky Lab, it was the only place the CEO made a personal effort to come visit every single individual in the office, shake our hands and genuinely thank them for their part in playing to secure the world. There's going to be doubters, but seriously - if Eugene was nefarious, why even bother greeting the most junior support engineer? What possible benefit could it have?
2. Kaspersky Lab software is technically great. While I was there at the company I had disagreements with the way the support organisation was run, and ultimately soured my personal experience there. However, as far as protection goes it's great.
3. Kaspersky Lab have been very upfront in spending resources on cyber security education, news, trends, and addressing cyberbullying (https://securelist.com/ , https://threatpost.com , https://support.kaspersky.com/learning/courses , https://kids.kaspersky.com/parents/p-cyberbullying/ ) This is WELL before bad press. I refuse to believe this has all been a misdirection to other ulterior motives.
4. Having personally shared time with Eugene on occasions during my tenure, he was incredibly open, candid and unguarded. That was my personal experience, I don't think I'm an outlier.
5. Everything I'm reading lately about the issue(s), it appears like there's multiple agendas being run here.

To analogise with Game of Thrones lore, while we're busy trying to paint Kaspersky Lab as whitewalkers, when do we stop and ask whether we're the Lannisters?

My personal hope is that the company is given a fair assessment. The truth will come out eventually, it always does.