photo: www.computing.co.uk/
One day at work at the Soviet Ministry of Defense, software engineer Eugene Kaspersky watched the text on the screen of his computer fall apart. The orderly, regular lines across the screen were breaking into pieces, with letters and fragments falling down and landing in disorderly clumps along the bottom.
He’d never seen anything like it.
Kaspersky knew that it was a program that was running on the machine that must be doing it, but it wasn’t any program he had installed himself.
How had it gotten there, and what was it doing? His natural curiosity drove him to find out. And a legendary career in cybersecurity was launched.
Insatiable Curiosity Sparked Early Advances In Anti-Virus Detection
Kaspersky had been a math prodigy at an early age, winning prizes as early as 14 in state-sponsored contests. This brought him to the attention of the KGB, which was always interested in potential cryptologists. Consequently, Eugene got some of the finest education available in the Soviet Union on mathematics and cyphers, although he ended up working for the military rather than the KGB.
Kaspersky was an early victim of the Cascade virus, a mostly harmless infection spreading from Yugoslavia throughout Europe, playing a visual prank on those unlucky enough to catch it. In the days before widespread use of networking, that almost always meant through sharing floppy disks infected with the virus.
The great power of information technology lies in using electronic systems to automate the processing of information, accomplishing tasks at speeds no human being could match. Unfortunately, this great strength can also be applied to more nefarious deeds—it didn’t take too long before hackers were building self-replicating programs that were able to spread themselves and perform basic cracking tasks far more quickly than the hackers could themselves.
These worms and viruses were something of a curiosity on the early Internet, usually more annoying than damaging, but some IT pros at the time were able to see and understand the potential threat they could eventually represent.
Kaspersky thought about this and then proceeded to deconstruct the Cascade virus and write his own program, one that would detect and remove Cascade.
It was his entry point into the world of anti-virus software. On the side, Kaspersky would continue to collect and analyze viruses and he created and maintained a small program that would detect and remove them. He distributed it to friends and family.
When his military service ended in 1991, this left Kaspersky with the solid footing he needed to go professional with his virus-hunting. He joined Russian company KAMI and went to work on anti-virus software full-time.
Although his earliest versions could detect only around 40 viruses, he was getting into the business at exactly the right time. In 1990, the polymorphic virus was developed, using internal encryption techniques to defy common signature-detection schemes. In 1992, the Michelangelo virus became one of the first major data-destroying virus dangers, threatening to wipe out random segments of data on March 6, the artist’s birthday.
By the year 2000, viruses were endemic to the PC ecosystem, spread easily in the uncontrolled environment of a rapidly-growing internet. And Eugene Kaspersky, continuing his work with his own eponymous company in 1997, was at the leading edge of anti-virus software research.
Kaspersky Labs Becomes a Standard Bearer For Global Cybersecurity Firms
Kaspersky Labs, lead by Eugene Kaspersky’s insatiable curiosity about virus threats, became one of the few Russian firms that established itself early on as a global leader in information technology. Since many of the viruses that were emerging at the time were from former Eastern Bloc states, there were rumors that this expertise was fueled by shady transactions with hacking groups. But Kaspersky himself emerged early on as a voice for regulation and policing, warning that cyberwarfare was a threat that was still under-appreciated and encouraging proactive treaties to guard against it.
Kaspersky Labs was among the first anti-virus research firms to identify and analyze the Stuxnet and Flame worms, and to tie them back to U.S. and Israeli intelligence. They also identified a criminal hacking group specifically targeting and stealing from banks. Early on, in 1998, the company’s anti-virus product was the only one that could detect and remove the new CIH virus, a competitive advantage that lasted for three weeks and catapulted them to international notice.
Today, the anti-virus engine Kaspersky wrote is available not only in that firm’s products, but serves as the backend detection engine for products from many of the biggest security vendors, including:
- Microsoft
- Netintelligence
- Clearswift
- Checkpoint
- Juniper Networks
- FrontBridge
After Finding Success, Controversy Comes Calling For Kaspersky
A reputation as a cutting-edge cybersecurity firm cut both ways for owner Eugene Kaspersky, though. In 2011, his 20-year-old son, Ivan, was kidnapped and held ransom for $4.4 million. Although Ivan was eventually rescued by state security services, Kaspersky has since tread very carefully with personal security, traveling with a personal security detail.
In the wake of the 2016 U.S. presidential elections, when intelligence agencies found evidence of Russian meddling, Kaspersky became the focus of suspicions that he and his firm might not be a neutral player in the cybersecurity space. Kaspersky’s own background in Russian military intelligence made him suspect in some eyes, and an uptick in hiring of other former military and intelligence personnel seemed to correlate to a reduced emphasis on cyberattacks coming from Russia.
In May of 2017, Reuters reported that U.S. intelligence agencies were reviewing the use of Kaspersky Lab’s software in government systems and that the FBI had opened an active investigation into the possibility that Kaspersky products were being used to conduct illicit surveillance of government computers.
Kaspersky himself strenuously denied any such activities, labeling them as unfounded conspiracy theories. But it points to an escalation in a long-simmering game between Kaspersky and U.S. Intelligence. The company was the first to identify the Equation Group, an advanced persistent threat (APT) believed to be operated by the National Security Agency. In June of 2016, the company announced that it had found evidence of the Duqu spyware worm being used to attack its own systems. Duqu was believed to have been created by a nation-state, and likely the same one that created the Stuxnet virus used against Iran… usually presumed to be Israeli and U.S. intelligence services.
But at the same time, Kaspersky uncovered the Russia-based Poseidon Group, a conglomerate of hackers who were believed to have stolen up to $1 billion from banks since 2013. Fifty people were arrested. According to Kaspersky, his precarious position at the heart of the controversy is due to two simple reasons: “Russian software engineers are the best; unfortunately Russian cybercriminals are the best, as well.”
Many outside observers believe that simply to function in the modern Russian business environment, Kaspersky Labs must have done some back-scratching with Russian intelligence services. Information sharing, they believe, is an inevitable outcome of that relationship. Kaspersky continues to deny that he is anything other than an independent expert, but as one of the 200th wealthiest men in Russian (he is believed to be worth more than $1 billion as of 2016), suspicions are likely to remain.