The Soviet spy inside the cyber security boom
Maija Palmer, Financial Times
Eugene Kaspersky rubs shoulders with world security chiefs regularly these days. He has just been on a panel with Condoleezza Rice, the former US secretary of state, at a security summit in Yalta. Next he is meeting European defence ministers in Brussels.
The co-founder and chief executive of Kaspersky Labs, the Russian internet security company, is proud of his high-level contacts – but says it is also worrying. “It is nice to be recognised, but it’s bad, too. The situation on cyber security must be so serious now if I am recognised as important.”
Since the Stuxnet virus was discovered to be attacking Iranian nuclear facilities in 2010, cyber security has risen up the political agenda and world leaders have been keen to hear what Kaspersky has to say. He has been predicting cyber attacks on critical infrastructure facilities for more than a decade, and this year Kaspersky Labs was the first to discover the Flame worm that is used in targeted cyber espionage in the Middle East.
The complexity and cost associated with the design of Stuxnet reportedly required state involvement. Kaspersky worries about where cyber warfare will lead. “There are powers that recognise cyber weapons as an opportunity and we don’t have a defence for it. It is a boomerang that can bounce back on us,” he says.
“Stuxnet infected tens of thousands of machines everywhere around the world including nuclear facilities, and it was designed in a professional way. Now imagine there is another piece of malware that affects so many machines, and it makes a mistake and random systems such as power plants are damaged.”
We are speaking on a train to Plymouth, Kaspersky will receive an honorary degree from Plymouth University. Sitting in a first-class compartment with his small entourage, the IT security multimillionaire looks worried. There are almost certainly malicious codes attacking power plants and other critical infrastructure, possibly without anyone knowing, he says. “I am afraid there are many Flame-like pieces of malware that are invisible. Stuxnet was only discovered because it infected too many machines in too many countries.”
He may also be fearful for more personal reasons, however. As his fortune and personal profile have grown, his own world has become less secure. Last year Ivan, his 20-year-old son, was kidnapped and held for five days by a gang demanding a €3 million ransom. Although his son was released unharmed, Kaspersky is haunted by the incident. “Even though it ended well it has left damage,” he says, pointing to his head.
His own freedom has also been curtailed, if less dramatically. In Russia, he travels with a bodyguard. “There is a beautiful park with ducks between my home and office. I used to love walking there but security say I can’t any more.”
Kaspersky was a cryptologist and officer in the Soviet army when he became fascinated with computer viruses in the 1990s. After developing antivirus programs for a civilian IT company, he spun out the division in 1997 when the parent company was hit by the Russian financial crisis. “I had no choice,” he says. “I had a family with two children and I was looking for a way to make extra money.”
Today, the Moscow-based business has about 2,500 employees in 30 countries and in 2011 had revenues of $612 million. It is one of the largest privately held IT security companies in the world. Holding about 80 per cent of the company’s stock, Kaspersky’s personal wealth was last year estimated at $800 million. His wife Natalya Kaspersky was a co-founder of the business. “Natalya came on board as sales manager when we were just a little project . . .She wanted us to be an independent company. I was a little scared, we were under the umbrella of a respected IT company.” The couple are now divorced and she has started her own security business, Infowatch.
From the outset Kaspersky had promoted his venture by attending conferences and submitting research on viruses to publications, which led to experts overseas taking notice. Income from licensing antivirus technology helped to fund expansion.
Although Kaspersky Labs has customers around the world, Kaspersky says being a Russian in the security business is still a handicap. Wired magazine recently implied that he had close links with the FSB, Russia’s security service.
He published a comprehensive denial of these claims and says it was only the latest in a series of exasperating spy allegations. “In 1994, when we got our first contract with a US company, we were still tiny, but immediately our US competitors began using our Russian origin against us,” he says. “I have no connection, no links with the Kremlin. I keep my distance, not only from them, but any other political party.”
He has worked with the Russian police and the FSB on cyber crimes, but he says this is no different from the co-operation Microsoft and Google might have with the US government: “In the US it is seen as patriotic.”
A self-confessed adrenaline junkie – he has booked a ticket for a space flight on Virgin Galactic – Kaspersky has just returned from a month’s hiking up volcanoes on Russia’s remote Kamchatka peninsula, without an internet connection. “I love being away from everything,” he says. “In fact, I was disappointed this time because some of the camps are starting to get internet over satellite.”
Kaspersky’s current project is to develop industrial systems – for power plants, factories, and other critical national infrastructure – that cannot be hacked. Although the technology is at an early stage, there is strong interest from a number of governments. It is a race against time if the world is to avoid experiencing a hacking incident that affects, for instance, a vital power plant, Kaspersky says.
“Maybe we have already had such an incident, and the news didn’t [become] public,” he says. He leans forward as if to continue but thinks better of it and changes the subject.
His hands rest protectively on his black ThinkPad laptop, which is covered in the stickers that world travellers put on their seats when they do not wish to be woken on long flights. “Do not disturb,” they read, in Russian and English, in big red signs.