Eugene Kaspersky

Eugene Kaspersky (born Yevgeny Valentinovich Kaspersky) is a Russian cybersecurity expert and the CEO of Kaspersky Lab, an IT security company with 3,000 employees. He cofounded Kaspersky Lab in 1997 and helped identify instances of government-sponsored cyberwarfare as the head of research. He has been an advocate for an international treaty prohibiting cyberwarfare. There is a debate about whether Kaspersky's views and security research show favoratism towards Russian political interests.

Kaspersky was born in 1965 in Novorossiysk, Russia. He graduated from the Institute of Cryptography, Telecommunications and Computer Science in 1987 with a degree in mathematical engineering and computer technology. His interest in IT security began when his work computer was infected with the Cascade virus in 1989 and he developed a program to remove it. Kaspersky helped grow Kaspersky Lab through security research and salesmanship. He became the CEO in 2007.

Early life

Eugene Kaspersky was born on 4 October 1965^[2][3] in Novorossiysk, Russia.^[4] He grew up near Moscow,^[3] where he moved at age nine.^[5] His father was an engineer and his mother a historical archivist.^[5] As a child he developed an early interest in math^[6][7] and technology.^[8] He spent his free time reading math books and won second place in a math competition.^[3] When he was fourteen, Eugene began attending A.N. Kolmogorov boarding school, which is run by Moscow University and specializes in math.^[6][8][9] He was also a member of the youth division of the Communist Party of the Soviet Union.^{[5][lower-alpha 1]}

At the age of 16, Kaspersky entered a five-year program with the Institute of Cryptography, Telecommunications and Computer Science,^[14] which was sponsored by the Russian military and KGB.^[6][7] At-the-time, the most prestigious schools in Russia for mathematicians were KGB sponsored.^[15] He graduated in 1987^[14] with a degree in mathematical engineering and computer technology.^[4][7] After graduating college, Kaspersky served the Russian military^[5] as a software engineer.^[2][9] He met his first wife Natalya Kaspersky at Severskoye, a KGB vacation resort, in 1987.^[2]

Kaspersky Lab

Origins

Eugene Kaspersky's interest in IT security began in 1989, when his PC was infected by the Cascade virus,^[1][16] while working for the Ministry of Defense.^[17] He studied how the virus worked^[14] and developed a program to remove it.^[1] Afterwards he continually found new viruses and developed software to remove them, as a hobby.^[14][16] Early on Kaspersky's anti-virus software had just 40 virus definitions and was distributed mostly to friends.^[2]

In 1991, Kaspersky was granted an early release from his military service^[5] and left the defense ministry to take a job at the Information Technology Center of a private company KAMI, in order to work on his antivirus product full-time.^[2][9] There, he and his colleagues improved the software^[2] and released it as a product called Antiviral Toolkit Pro in 1992.^[6][9] At first the software was purchased by about ten clients per month. It earned about $100 per month, mostly from companies in Ukraine and Russia.^[1][7] Kaspersky's then-future wife Natalya Kaspersky became his coworker at KAMI.^[9]

In 1994 Hamburg University in Germany gave Kaspersky's software first place in a competitive analysis of antivirus software.^[6][7][9] This led to more business for Kaspersky from European and American companies.^[7][18] Kaspersky Lab was founded three years later by Kaspersky, his wife and Kaspersky's friend.^{[5][lower-alpha 2]} Natalya, who pushed Eugene to start the company, was the CEO, while Eugene was the head of research.^[2] The following year, the CIH virus (AKA the Chernobyl virus) created a boon for Kaspersky's anti-virus products, which Kaspersky said was the only software at-the-time that could cleanse the virus.^[2] According to Wired, "their software was advanced for the time." For example, it was the first software to monitor viruses in an isolated quarantine.^[14]

Kaspersky's company grew quickly in the late 1990s.^[21] From 1998 to 2000, its annual revenue grew 280 percent and by 2000 almost sixty percent of revenues were international. By 2000, it had a staff of 65 people, up from 13 shortly after its foundation.^[2] The antivirus product was renamed to Kaspersky Antivirus in 2000, after an American company started using the product's original name, which wasn't trademarked.^[17][21]

Threat discoveries

As the head of research,^[6] Kaspersky authored papers on viruses and went to conferences to promote the software.^[22] He was often quoted in the technology press as an antivirus expert.^[2] He helped establish the company's Global Research and Expert Analysis Team (GReAT), which helps corporations and governments investigate IT security threats.^[14] Initially he told his team not to discuss cyber-terrorism publicly, to avoid giving governments ideas on how to sabotage their political opponents. After Die Hard 4 was released, he said the idea was now public.^[23] He hired the researcher that identified the Stuxnet worm, which is believed to be the first instance of state-sponsored cyberweapon.^[14][24] Afterwards, the company exposed the Flame virus at the request of the International Telecommunication Union. The virus was believed to have been used for cyber-espionage in Middle-Eastern countries.^[14][16][24]

Kaspersky Lab developed a reputation for discovering cybersecurity threats.^[25][26] In 2015 Kaspersky and Kaspersky Lab discovered a group of hackers known as Carbanak that were stealing money from banks. They also exposed Equation Group, which developed advanced spyware for monitoring desktop activity and was believed to be affiliated with National Security Agency in the U.S.^[26] According to The Economist, it was these discoveries, Kaspersky's "relentless salesmanship" and the company's anti-virus product that made Kaspersky Lab uncommon as an internationally recognized Russian company.^[2][26]

CEO

Kaspersky became CEO in 2007.^[6] According to a 2008 article in USA Today, he traveled to 20 to 30 countries per year promoting Kaspersky Lab products.^[27] In early 2009, CRN said his personality contributed to the company's growth from "relative obscurity to now nipping at the heels of its larger, better-known rivals." At the time, Kaspersky Lab was the fourth largest endpoint security company. It introduced new products for the enterprise market and expanded its channel programs.^[28]

In 2011, Kaspersky made a decision against taking the company public, saying it would make decision-making slow and prevent long-term R&D investments. This led to a series of high-level departures from the company, including his ex-wife and co-founder.^[22][26][29] Another series of departures occurred in 2014 due to disagreements over how to run the company.^[29]

Kaspersky Lab has defended itself against allegedly frivolous patent claims more aggressively than most IT companies. In 2012, it was the only one of 35 firms named in a suit by patent troll Information Protection and Authentication (IPAC) to take the case to court, rather than pay a fee. The case was ruled in Kaspersky's favor.^[30] Also in 2012, another company, Lodsys, sued Kaspersky and 54 other companies for patent infringement, and that case also resulted in the claimant dropping the case against Kaspersky.^[31] According to an article in TechWorld, the company's aversion to settling these claims is most likely because Eugene "just hates" patent trolls. In his blog he called them "parasites" and "IT racketeers."^[32] Kaspersky himself is the co-author of several patents, including one for a constraint-and-attribute-based security system for controlling software component interaction.^[33]

As of 2015, Kaspersky Lab now employs more than 2,800 people.^[1] As of 2012, Kaspersky has been working on developing software to protect critical infrastructure, like power plants, from cyberwarfare.^[22] He throws a New Years party each year with about 1,500 guests and hosts Kaspersky conferences in exotic locations.^[14]

Controversies

Alleged affiliations with Russia

Eugene Kaspersky's prior work for the Russian military and his education at a KGB-sponsored technical college has led to controversy about whether he uses his position to advance Russian government interests and intelligence efforts.^[24][34] According to Kaspersky, allegations of dubious connections with Russian agencies began after he got his first clients in America.^[22] He spends much of his working life trying to get governments and organizations to trust him and his software in spite of the allegations.^[25]

Wired said Kaspersky's critics accuse him of using the company to spy on users for Russian intelligence. Russian telecommunications companies for example are required by federal law in Russia to cooperate with the government's military and spy operations if asked. Kaspersky said his company has never been asked to tamper with its software for espionage^[14] and called the accusations "cold war paranoia."^[35] According to Wired, Kaspersky staffers argue "not unconvincingly" that spying on users would hurt its business and its relationship with the Russian FSB is limited.^[14] According to Gartner, "There's no evidence that they have any back doors in their software or any ties to the Russian mafia or state... but there is still a concern that you can’t operate in Russia without being controlled by the ruling party.”^[16] Computing mocked some of the more extreme accusations of espionage, but said it would be unlikely for a Russian business to grow to the size of Kaspersky Lab without relationships within the Russian government.^[36] NPR journalists also said it was unlikely Kaspersky was using its software for espionage, because it would be risky for the company's business, but said Kaspersky showed an unusual disinterest in Russia-based cybercrime.^[37]

Bloomberg^[38] and The New York Times^[16] also said Kaspersky was less aggressive about identifying cyberattacks originating from Russia than from other countries, allegations Kaspersky refutes. For example, he allegedly ignored or downplayed a series of denial-of-service attacks in December 2011 that were made to disrupt online discussion criticizing Russian politicians.^[14] Kaspersky also allegedly ignored a Russian-based spyware called Sofacy, which is believed to have been used by Russia against NATO and Eastern Europe.^[37] On the other hand, Kaspersky also published information on the Russia-based Crouching Yeti cyberattacks two days before Bloomberg accused him of ignoring Russia-based cyberattacks.^[15] At the time, the company had published eleven reports on malicious Russian programs.^[39][40] Competitor FireEye said it is awkward even in the U.S. to investigate cybercrimes performed by your own government.^[15]

A March 2015 article in Bloomberg said an increasing number of executive staff at Kaspersky Lab previously worked for Russian military and intelligence agencies.^[41] According to News & Observer, Kaspersky "published a mammoth response, tearing down Bloomberg's accusations and accusing them of throwing facts out the window for the sake of a juicy anti-Russian narrative."^[40] Competitor FireEye said many U.S. IT companies also have executives that formerly worked for government military and intelligence agencies.^[15] NPR reported that Kaspersky has been doing an increasing amount of business with Russian cybersecurity agencies to catch cybercriminals.^[39] Kaspersky confirms that Russian agencies are among its government customers.^[26][35]

Alleged anti-virus spoofing

In August 2015, two former Kaspersky employees alleged that the company introduced modified files into the VirusTotal community anti-virus database to trick its rivals' programs into triggering false positives. The result of the false positives was that important uninfected files would be disabled or deleted. The allegations also claimed that Kaspersky himself had ordered some of the actions, specifically targeting competitors, including Chinese companies he felt were copying his software. Emails dated 2009, two years after Kaspersky became CEO, were allegedly leaked to Reuters, one of which allegedly had Kaspersky threatening to go after competitors by "rubbing them out in the outhouse," using a phrase popularized by Vladimir Putin.^[42][43] The company denied the allegations.^[42]

Personal life

Eugene Kaspersky lives in Moscow, Russia with his wife and kids.^[1][44] He and his first wife were divorced in 1998.^[14] On 21 April 2011, his son, Ivan, then 20, was kidnapped for a $4.4 million ransom.^{[lower-alpha 3]} Kaspersky worked with a friend at the FSB and Russian police to trace the ransomer's phone call. They setup a trap for the ransomers, where they rescued his son and arrested many of the kidnappers.^{[5][7][16][45]} The incident had an influence on Kaspersky's sense of personal security. He now travels with a bodyguard and security detail.^[22]

Kaspersky is one of the richest people in Russia.^[14] His net worth is about $1 billion.^[6] According to Wired, he has "cultivated the image of a wild man with cash to burn."^[14] He has an interest in racing and drives his sports cars on race tracks as a hobby.^[46] He sponsors a Ferrari Formula One racing team.^[14][47] Kaspersky himself owns a BMW M3.^[21] Kaspersky describes himself as an "adrenaline junky." He has gone hiking on volcanoes in Russia and reserved a trip to space on the Virgin Galactic.^[22] He travels often^[22] and writes about his experiences in his personal blog.^[21]

Kaspersky is known for shunning formal attire, typically dressing in jeans and a shirt.^[28] He supports university projects and competitions in the IT security field.^[19]

Views

Eugene Kaspersky is influential among politicians and security experts.^[22] He has been active in promoting warnings about the possibility of cyberwarfare that targets critical infrastructure. He regularly speaks at conferences advocating for an international cyberwarfare treaty,^[6][22] that would ban government-sponsored cyberattacks.^[16]

After the Stuxnet attack, Kaspersky proposed that the internet needed more regulation and policing. One idea was to have some parts of the internet anonymous, while more secure areas require user identification. He argued that anonymity mostly benefited cybercriminals and hackers.^[19] For example, accessing a network operated by a nuclear power plant could require a verified identity through a digital passport.^[14][24]

Kaspersky said anonymity on the internet could be protected by using a proxy, whereby a responsible international body maintains a record of which online identities correspond to which real-world ones. For example, a browser's identity would be revealed in cases of malicious activity.^[5] Some security experts believe that a centralized database of the real-world identities of internet users would be "a privacy disaster and a highly attractive target for thieves."^[5] The Age said it "sounds a little too close for comfort to a Big Brother scenario"^[5] and Wired said Kaspersky's views were highly aligned with the Russian government's agenda.^[14]

Many organizations have been considering reducing privacy to improve security as a result of Kaspersky's arguments.^[14] In a more recent Slashdot interview Kaspersky said the internet should be divided into three zones: a red zone for voting, online banking, and other "critical transactions" that would require an internet ID; a grey zone that may only require verification of age to access the site, but not identity; and a green zone for blogs, news, and "everything related to your freedom of speech." He proposes "special proxies" for red zone websites that allow disclosure of the user's identity only in the case of suspected malfeasance.^[48]

Notes

References

External links

• Official biography
• Lua error in package.lua at line 80: module 'strict' not found.