The chief executive of Russia’s Kaspersky Lab says he’s ready to have his company’s source code examined by US government officials to help dispel long-lingering suspicions about his company’s ties to the Kremlin.
In an interview with The Associated Press at his Moscow headquarters, Eugene Kaspersky said Saturday that he’s also ready to move part of his research work to the US to help counter rumours that he said were first started more than two decades ago out of professional jealousy.
“If the United States needs, we can disclose the source code,” he said, adding that he was ready to testify before US lawmakers as well. “Anything I can do to prove that we don’t behave maliciously I will do it.”
Kaspersky, a mathematical engineer who attended a KGB-sponsored school and once worked for Russia’s Ministry of Defense, has long been eyed suspiciously by some competitors, particularly as his antivirus products became popular in the US market. Some speculate that Kaspersky, an engaging speaker and a fixture of the conference circuit, kept his Soviet-era intelligence connections. Others say it’s unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin.
No firm evidence has ever been produced to back up the claims. But this has not stopped what was once gossip at tech conferences from escalating into public accusations from American politicians and intelligence officials amid rising concerns over Russian interference in the United States.
Senior US intelligence officials have suggested Congress steer well clear of Kaspersky’s products and lawmakers are weighing a proposal to ban the company from the Pentagon. Law enforcement seems to be taking a hard look at the company as well. On Wednesday, NBC news reported that at least a dozen US employees of Kaspersky were visited at their homes by FBI agents.
Kaspersky confirmed the NBC report, although he said he didn’t know what the focus of the FBI’s questioning was. He did say his relationship with the FBI was now shot.
“Unfortunately, now the links to the FBI are completely ruined,” he said, noting that his company cooperated with both US and Russian law enforcement. “It means that if some serious crime happens that needs Russian law enforcement to cooperate with FBI, unfortunately it’s not possible.”
The FBI declined to comment, but agents are unlikely to lose much sleep over that; Kaspersky allowed that cooperation between Russia and the United States on cybercrime has often been “far from perfect.”
Still, lawmakers’ moves to single out the company for special punishment worries even Kaspersky’s critics, who note that it would set an unfavorable precedent for American technology firms – many of whom are known to work closely with the US National Security Agency.
Kaspersky defended his work during the interview, saying he never benefited from official protection of any kind.
“I do understand why we look strange. Because for Russia it’s very unusual, a Russian IT that’s very successful everywhere around the world. But it’s true,” he said.
Kaspersky said his company does exclusively defensive work, although under questioning he allowed that some unnamed governments had tried to nudge him toward hacking – what he calls “the dark side.”
“There were several times it was close to that,” he said, adding that the officials involved weren’t Russian. He said in one case a discussion about defensive cyber-security cooperation “turned to the offensive.”
“I stopped that immediately. I don’t even want to talk about it,” he said.
Kaspersky’s offer to have his code audited may not quiet all the skeptics, some of whom are concerned less about the integrity of the company’s software and more about the company’s staff and the data they gather. Like many cyber-security outfits in the US and elsewhere, some Kaspersky employees come from espionage backgrounds.
Kaspersky acknowledged having ex-Russian intelligence workers on his staff, saying that “most probably we have these guys in our sales department for their relationship with the government sector.” But he added that his company’s internal network was too segregated for a single rogue employee to abuse it.
“It’s almost not possible,” he said. “Because to do that, you have to have not just one person in the company, but a group of people that have access to different parts of our technological processes. It’s too complicated.”
And he insisted his company would never knowingly cooperate with any country’s offensive cyber operations.
“We stay on the bright side,” he said, “And never, never go to the dark side.”