Questions about Kaspersky Lab's relationship to the Russian government have been raised once again, this time because leaked emails show that the antivirus company has secretly helped the FSB intelligence agency respond to distributed-denial of service (DDoS) and other attacks.
Of particular concern is a program that saw Kaspersky Lab employees accompany FSB agents on physical raids. Bloomberg reported that the antivirus company would help the Russian government defend against cyber attacks, gather information about the attackers, and then help with "banging down the doors" when the attackers were found. The first two steps aren't that surprising--security companies often assist government agencies with responding to cyber attacks--but sending employees out alongside government officials and police on physical raids is unusual.
Bloomberg said it received leaked emails from 2009 in which Kaspersky Lab CEO Eugene Kaspersky discussed the program with senior staff. Kaspersky (the man) summarized the project in one of the emails: "The project includes both technology to protect against attacks (filters) as well as interaction with the hosters (‘spreading’ of sacrifice) and active countermeasures (about which, we keep quiet) and so on." Bloomberg said Kaspersky Lab confirmed the emails' legitimacy; the company has disputed that claim and said the emails were never shown to it.
Kaspersky Lab published a response to the report that starts with:
“Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.
"In the internal communications referenced within the recent article, the facts are once again either being misinterpreted or manipulated to fit the agenda of certain individuals desperately wanting there to be inappropriate ties between the company, its CEO and the Russian government, but no matter what communication they claim to have, the facts clearly remain there is no evidence because no such inappropriate ties exist.”
Perhaps an even more interesting aspect of Bloomberg's report is the claim that Kaspersky Lab wanted to make these tools available to the private sector. One of the most pressing questions in the cybersecurity space is when it's appropriate to "hack the hackers." Responding to attacks is no easy feat--they're often hard to attribute to any particular group. Many are conducted by nation-state actors, which limits companies' ability to respond, and many companies don't have the skills required to "hack back" when they suffer a cyber attack.
Having a Russian security company with reported connections to the FSB assist with those attacks would only further muddy the waters. Yet it could still appeal to businesses that want to be more proactive in their cybersecurity. (The best defense is a good offense, etc.) Right now it can be hard to punish cyber attackers, which makes conducting hacks a relatively low-risk prospect. Questions about the morality and legality of hacking the hackers aside, responding with attacks of their own could deter other efforts, and that could be good for companies' bottom lines.
Kaspersky Lab also addressed those claims in its statement:
Hacking back is illegal, and Kaspersky Lab has never been involved in such activities; and instead we are actively participating in joint shut-down of botnets led by law enforcements of several countries where the company provides technical knowledge (for example: https://www.interpol.int/News-and-media/News/2015/N2015-038).
This isn't the first time Kaspersky Lab's ties to the Russian government have been questioned, and it almost certainly won't be the last. The Associated Press reported in May that the FBI is currently investigating the company's relationship with the FSB and other intelligence agencies. (Kaspersky Lab denied the allegations and said that it will assist with the investigations.) Other reports have claimed that the antivirus company regularly hires people from the Russian government, which could indicate a close relationship with its staffers' former employers.