Is Kaspersky in Hot Water??
The Russian newspaper Kommersant recently broke news regarding the arrest of Ruslan Stoyanov, the head of Kaspersky Lab’s investigations unit. Stoyanov was arrested in December for treason allegations. It is reported Stoyanov served as a major to the cybercrime unit of Russia’s Ministry of Interior for six years prior to his employment with Kaspersky. It is unclear if he had entirely severed these ties, while working for the Moscow-based antivirus company.
ArsTechnica was provided the following statement from company officials,
“The case against this employee does not involve Kaspersky Lab,” company officials wrote in a statement issued following the report. “The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation. The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments.”
Paul Rosenzweig reported on this issue to Lawfare,
The incident raises some questions that need consideration:
- The ability of Russian CI to identify a Kaspersky employee as an American intelligence source suggests, again, that the Russian government has close operational ties with Kaspersky. In light of that, should Kaspersky be publicly identified as a Russian-controlled system by the US government?
- Do we need a risk assessment of the extent to which Kaspersky anti-virus products are used in critical American infrastructure?
Russian Loyalty?
The Moscow-based company has strong ties to the Russian government and military. This shouldn’t come as breaking news. As of 2012, the company shifted its focus considerably, after Kaspersky scotched an IPO partnership with investment firm General Atlantic. Which according to Bloomberg Businessweek, lead to an internal email being circulated stating the company’s highest positions would be held only by Russians. The company denies that the e-mail was ever sent.
Having ties to the government isn’t necessarily a bad thing; however, it depends on how these ties are used. Since this is a well-known security solution used world-wide, they have accessibility to a plethora of data. Again, it is all about how they use it.
Wait–They’re Russian Based?
You didn’t know Kaspersky was based in Moscow? It is likely many of their users don’t. To find out where your security solution is researched, developed and supported, click here.