He wanted
his company to go beyond selling anti-virus software to consumers and small
businesses and become a major vendor to the U.S. government - one of the
world's biggest buyers of cybersecurity tools.
Kaspersky
set up a U.S. subsidiary, KGSS, in Arlington, Virginia that would be focused on
winning that business. He sponsored flashy conferences with high-profile
speakers -including Michael Flynn, who was briefly President Donald Trump's
national security adviser - sought to join U.S. trade groups and even
underwrote programming on National Public Radio.
All of this
was done to burnish Kaspersky's image and help it become an accepted vendor for
the U.S. government despite its Russian roots, according to people familiar
with the strategy.
But Eugene
Kaspersky was never able to overcome lingering suspicions among U.S.
intelligence officials that he and his company were, or could become, pawns of
Russia's spy agencies. Kaspersky "has never helped, nor will help, any
government in the world with its cyberespionage efforts," the company
said.
Kaspersky's
American ambitions were further eroded by the sharp deterioration in
U.S.-Russia relations following Russia's invasion of Crimea in 2014, and later
when U.S. intelligence agencies concluded that Russia had hacked the 2016 U.S.
presidential election.
Testifying
before the U.S. Congress in May, U.S. intelligence chiefs for the first time
publicly expressed doubt that Kaspersky products could be trusted.
FBI agents
last month interviewed Kaspersky employees, asking whether they reported to
Russia-based executives and how much data from American customers could be seen
by Russian employees, according to three current and former employees. The FBI
declined to comment on Thursday.
On Tuesday,
the U.S. General Services Administration, the government agency that manages
the federal bureaucracy, removed Kaspersky from a list of approved vendors,
saying GSA's mission was to ensure the security of U.S. government systems.
There is
also a bill before Congress that would explicitly bar the Defense Department
from using any Kaspersky products.
Kaspersky
says his company is being targeted for political reasons.
"These
reckless actions negatively impact global cybersecurity by limiting
competition, slowing down technology innovations and ruining the industry and
law enforcement agency cooperation required to catch the bad guys,” he said in
a statement to Reuters.
The
Arlington offices of KGSS were empty when a Reuters reporter visited them on
Thursday. A Kaspersky spokeswoman said most of the staff, which number less
than 10, often work from home.
The U.S.
clampdown comes even though officials have offered no public evidence to
suggest the company has done anything untoward or that the Russian government
is using its software to launch cyber attacks.
Two former
employees and a person briefed on the FBI case told Reuters that Kaspersky
software has at times inappropriately inspected and removed files from users'
machines in its hunt for alleged cyber criminals, even when those files were
not corrupted by viruses.
“Kaspersky
Lab believes it is completely unacceptable that the company is being unjustly
accused without any hard evidence to back up these false allegations,” the
Kaspersky spokeswoman said in response in an email.
Unusual Step
It is
extremely rare for a company to be singled out for federal buying restrictions
in the absence of clear evidence of wrongdoing.
"This
sets a really dangerous precedent" where other nations could make similar,
unsubstantiated claims against U.S. vendors, said Robert M. Lee, a former
cyberwarfare operative for U.S. intelligence and now CEO of cybersecurity
startup Dragos.
The Russian
government has denounced the Kaspersky crackdown and said it does not rule out
retaliatory measures. Officials at U.S. tech companies with significant
operations in Russia say they fear they could become targets.
Federal
contracting databases reviewed by Reuters show only a few hundred thousand
dollars in purchases from Kaspersky, and an employee confirmed the company's
federal government revenue was "miniscule."
But
Kaspersky also sells to federal contractors and third-party software companies
that incorporate its technology in their products, so its technology may be
more widely used in government than it appears from the contracting databases,
U.S. officials say.
Founded in
1997, Kaspersky grew rapidly through the 2000s to become one of the world's leading
anti-virus software companies. (Kaspersky's global reach: tmsnrt.rs/2uWTQoV)
But the
company was dogged from the start by suspicions about its ties to Russia's
Federal Security Service (FSB), the main successor to the KGB. Eugene Kaspersky
attended a KGB school and the company has acknowledged doing work for the FSB.
As the
company grew, Kaspersky was determined to overcome those fears.
"We
have to be more American than Americans," Kaspersky told Reuters in 2013,
when a U.S. goodwill offensive began.
"Public
Shaming"
A
cornerstone of the effort was a series of KGSS-hosted conferences in Washington
where prominent U.S. officials including Flynn, a former Defense Intelligence
Agency director, former CIA and NSA Director Michael Hayden and House of Representatives
Homeland Security Committee Chairman Michael McCaul discussed cybersecurity
issues.
The company
privately courted U.S. intelligence and law enforcement officials by sending
experts to brief them on nation-state hacking campaigns uncovered by the firm,
according to people present at those meetings.
"They
came to us and said, 'We want to change our image, we know people don't trust
us'," said one former senior Obama administration official who took part
in some of those meetings.
But the suspicions
never subsided. When the company sought to join one Washington-based technology
trade organization, it was "politely told it couldn’t happen,"
according to an industry source with direct knowledge of the matter.
The source
said industry group officials had an inside joke: "Kaspersky (membership)
is like having the Kremlin join."
Not
coincidentally, Kaspersky's government sales effort never gained traction. In
an email to Reuters, the company noted "complexities associated with doing
business with North America’s government sector."
Privately
held Kaspersky said its U.S. revenue, most of which comes from selling
anti-virus software to consumers and small businesses, slipped from $164
million in 2014 to about $156 million in 2016.
Some U.S.
national security experts say Kaspersky is being treated unfairly. Lee said he
has long been bothered by the "public shaming" of Kaspersky by people
who make allegations without presenting evidence.
The U.S.
government has the right to choose not to use Kaspersky products for any
reason, he said, but "the way they are doing it" is wrong.
"I don’t
believe in geographic restrictions that say, 'Because Kaspersky is a
Russian-based company, therefore it is bad,'" said former White House
cybersecurity policy coordinator Michael Daniel. "You would want your
decision to be based on actual corporate bad behavior."
0 Comments