What is the company of Kaspersky Antivirus

• It is the nightmare of every computer user: suddenly the computer freezes and a message appears on the screen that the hard disk has just been encrypted and that access to it will only be granted after the ransom has been paid. If you don't pay, you lose all your data. Forever. The countdown is running.

Today's criminals and spies need nothing more than a computer with an internet connection. Your malware is able to steal credit card data and passwords as well as paralyze entire industrial plants. The fears and the desire to protect against dangers from the Internet are great.

The data security business is therefore lucrative. Eugene Kaspersky is one of those who made a fortune with it. At conferences he likes to talk in detail about threats that are becoming more and more acute and growing. Around 400 million people around the world trust that programs from the Russian company Kaspersky Lab protect their computers and smartphones against intruders.

But in order for the protection programs to reliably find suspicious files, they must be given access to all corners of the system. That makes them powerful but also dangerous tools. Analysts create a type of search rule for each pest. As new viruses are discovered every day, the list of these so-called signatures is updated regularly. Incorrect signatures can trigger a false positive.

If the user also selects the cloud service, suspicious files are sent in the background to the virus scanner manufacturer for more detailed analysis. The user does not see what exactly is being sent. He has to trust the software.

“Every anti-virus program is basically an atom bomb in your computer. Any such software can be used to attack, ”says Boris Sharov, managing director of the Russian antivirus manufacturer Dr. Web. “But the moment something like this happens, it means the end for the virus scanner. Nobody will ever use it again. "

Trust is the most important currency in the industry - and Eugene Kaspersky’s company currently has a problem with it. In the USA, the authorities have been banned from using the Russian software since September 2017. Large retail chains stop selling. The accusation: the company's products could be used by the Russian government to spy on computers. Kaspersky is no longer considered trustworthy in the US. How did that happen?

Eugene Kaspersky loves adventure. His great passion is climbing active volcanoes. In July 2010, the founder was planning his next vacation on the Kamchatka Peninsula with its volcanoes in eastern Russia when an even greater adventure awaited him in his Moscow office. It came in the form of his chief security expert, Alexander Gostew, who reported that a completely new virus had been discovered on an Iranian computer. Its name was Stuxnet, it could put entire industrial plants out of action, and it was so intricately constructed that ordinary criminals could not possibly be behind it. Kaspersky was impressed. "He said: Put all your resources on Stuxnet, I will free you from all other tasks," Gostew remembers.

When Kaspersky spoke about Stuxnet at a conference in Munich in September 2010, he sounded dramatic: "I think this is a turning point, we are now in a really new world." In the late 1980s, as the young graduate of the Soviet college When the secret service KGB had started to hunt down the first computer malware, viruses were mainly developed by hackers who wanted to show their skills. Later criminals with financial interests followed suit. Stuxnet was of a different caliber.

This virus showed that states are increasingly relying on hacking tools. The knowledge about the weapons of the attackers is thus a precious commodity for national secret services. Precisely this situation is proving to be fatal for the Russian company, which since its founding in 1997 has risen to become one of the global market leaders in IT security with an annual turnover of 698 million dollars in 2017.

Two versions

Stuxnet, about which Kaspersky Lab and other companies published detailed reports, was, as it later emerged, allegedly developed by the US and Israel in order to destroy the centrifuges at the Iranian uranium enrichment plant Natanz. The Kaspersky experts later analyzed the malware Duqu and Flame, which are related to Stuxnet. And they hunted the hackers of the "Equation Group", actually a division of the US secret service NSA. In short, they knew more about US secret Internet operations than almost anyone else in the world. Russia and Iran were among the greatest victims of the Equation Group, whose targets included Russian military and government objects, infrastructure and research facilities.

Last year the New York Times and the Wall Street Journal reported on allegations by the US security authorities against Kaspersky. The Israeli secret service caught Russian state-affiliated hackers using Kaspersky software to steal secret documents from an NSA employee's computer in 2015, which he took home. How exactly this should have happened and whether the company actively helped with it, is not clear from the reports.

In theory, the story is possible. With a modified signature, an attacker can trick any anti-virus scanner into searching for arbitrary files. Top secret documents too. A security tool can quickly become sniffer software. It is extremely difficult to discover this wrongdoing. To do this, you would have to guard the guards.

Kaspersky Lab defends itself against the allegations and published its own version of the events. In fact, her virus scanner downloaded secret documents from a computer in the United States in September 2014. But that happened because the confidential files were in an archive together with malicious software from the Equation Group. Only then did the antivirus program look for it on the computer, so it did nothing other than carry out its actual function. When the analyst in charge saw secret documents, he went to Eugene Kaspersky, who made the decision to destroy the archive immediately. Overall, however, Kaspersky found 121 viruses, Trojans, backdoors and exploits on the US computer that did not come from the Equation Group. According to the Russian company, the computer is also said to have been a popular target for state attackers.

In February 2015, the company released its report on the Equation Group. As a result, it found malware from the Equation Group again on several computers from the same region as it did in September. Gostew says these PCs may have served as decoys. “Our antivirus software constantly discovered various malicious programs on these computers, but the user did not respond to them at all. Then why do you need an antivirus program? "

That version of the story might also be true. There is no evidence on any of the pages. The Federal Office for Information Security (BSI) did not see the reports in the New York Times and Wall Street Journal as an occasion to warn against Kaspersky products in Germany. There was no evidence of the company's misconduct or a security gap in the software, according to a statement by the BSI.

The IT security consultant Felix von Leitner sees no evidence for this either: “You have to speak of a campaign in the USA as comprehensive as the authorities and the press have warned about Kaspersky products.” He points out that the allegations in the USA allowed a wide scope for interpretation. “Let's say a secret service hacks Kaspersky and extracts the data. Is that then: 'Secret services use Kaspersky software for espionage'? What if a secret service bribed a Kaspersky employee or smuggled in their own Kaspersky employee and they stole the data? These are the likely scenarios how an intelligence agency would do that. Can you really blame Kaspersky on that? ”Asks von Leitner.

Eugene Kaspersky loves adventure. His great passion is climbing volcanoes that are still active.

A conflict of conscience

Kaspersky’s loss of confidence in the US seems to have more political than technical reasons. "There are no facts, only conclusions," says a former top manager at Kaspersky Lab. “But I understand the general concern in the US. The company is based in Russia, most of the top managers live there, and the products are developed there. The question is not what happened, but what if? And it's very difficult to answer. "

In fact, Kaspersky works closely with the Russian domestic secret service FSB when it comes to investigations into Internet crime. Several high-ranking employees have good relationships with security services, which is not uncommon in the industry. In the Russian media, the name Igor Tschekunow is mentioned again and again. He served with border troops, which were subordinate to the Soviet secret service KGB, and later worked in the police. At Kaspersky Lab he is responsible for relations with Russian authorities. His influence in the company grew especially after the kidnapping of Kaspersky's son in 2011, who was freed with the help of Russian intelligence services. It is also reported about Eugene Kaspersky himself that he goes to the sauna with his FSB friends.

Kaspersky always denies all personal intelligence connections. "We work together with the department of the FSB, which is responsible for the IT security of the financial systems," says Anton Schingarjow, the vice president of the press department. You wouldn't do anything for your own services that you wouldn't do for the German police.

First of all, there are worlds between the German police and the Russian domestic secret service when it comes to working methods and goals. And second: How can you guarantee that the FSB does not recruit individual employees? In the Russian IT scene, stories are told over and over again about the fact that the secret service is interested in both criminal hackers and employees of private companies.

The reverse also seems to be the case. The Russian newspaper »RBK« recently reported that the Russian subsidiary of the software manufacturer SAP hired a former general of the domestic secret service FSB as an advisor to the management. Vladimir Skorik headed the information security center of the FSB until 2009.

Anton Schingarjow from Kaspersky says, in order to dispel the concerns, one is ready to disclose the source code of the software and all updates to Western authorities and thus to make every case of abuse public immediately.

The company cares about its reputation - and millions of dollars. The US and Europe are major markets, and US sales are down eight percent, according to warnings from US authorities. Kaspersky Lab is one of the few Russian companies that is globally successful - and not by selling raw materials.

Kaspersky Lab does not only focus on foreign countries. In several reports, the analysts describe the activities of various Russian groups such as Red October, Sofacy, TeamSpy or BlackEnergy, which spied in the West and the former Soviet Union, later hacked the Democratic Party in the USA or paralyzed electricity suppliers in the Ukraine. The reports suggest that these could be government-affiliated organizations. But the hints are formulated with extreme caution.

At the height of the Democratic Party's hacking scandal, the otherwise alarmist Eugene Kaspersky was noticeably reticent. It could be that he, who by then has managed to have one foot in Russia and the other in the West, this time came under pressure from both sides.

Not a friend of freedom

For years, Kaspersky had supported the Russian government's agenda for regulating the Internet at conferences and meetings with politicians and had promoted initiatives such as the introduction of the “Internet ID”, which would mean an end to anonymity. In interviews, he praised the political systems in China and Singapore.

It seems like the internet is becoming increasingly nationalized. “There is always mistrust. After the Snowden story, trust in US suppliers in Europe has declined. And after the fall of Kaspersky Lab, confidence in Russian providers is likely to decline as well. Nevertheless, there are other markets, ”says a person from the Russian IT security industry who does not want to be named.

What could these markets look like? “The FSB Academy stands for outstanding training quality. Mathematics is taught very well there, ”says Andrei Golov, who heads the Russian IT company Security Code and, like Kaspersky, is a graduate of the secret service college. He openly says that he worked for the FSB for two years. He's never been to the US and doesn't want to change that. Unlike Kaspersky, he does not want to conquer the global private customer market. Almost all of its customers are government or government-affiliated organizations. Above all in Russia, but he also had a few orders abroad, for example from the military in South America, and wants to expand into other countries. He even hopes to benefit from mistrust by working for states that do not necessarily trust the West or are subject to its sanctions. “We Russians have always thought that technology shouldn't be trusted if we couldn't control it. And we can't trust the technologies that aren't developed by us, ”he says.

Another way is to stay out of geopolitical entanglements as much as possible. Boris Scharow, the managing director of the antivirus manufacturer Dr. Web, are aware of the risks. His company also has an office in Germany and works with the police at the state level. "Wherever we have an office, the police come to us and ask what we are doing and whether we are spying," he says. But he doesn't want anything to do with that. Its customers are mainly private users and medium-sized companies. You never had problems with state-affiliated hackers. "We do not deal explicitly with such groups, since simple users are not their primary target."

What about Kaspersky? He had already announced his willingness to leave Russia and relocate the company to a new location if Russian intelligence agencies asked him to spy on users. But that's easier said than done. ---