Interview: Eugene Kaspersky

Feature by Paul Fisher

As Kaspersky Lab targets the global corporate market, its co-founder tells Paul Fisher why he thinks people are not afraid of the Russians.

As Kaspersky Lab targets the global corporate market, its co-founder tells Paul Fisher why he thinks people are not afraid of the Russians.

After three hours in the Moscow evening traffic, our press party finally arrives at the Marriott Grand, a typical example of post-communist property speculation. Situated on Tverskaya Street, Moscow's central boulevard, it's just like any other international business hotel. You feel comfortable, cossetted and safe from the outside world, wherever that might be.

Outside, Tverskaya is full of streaking BMWs, Mercedes and Bentleys, plus the occasional old AvtoVaz, all hurtling to gain advantage on the hideous gridlocks that awaits them on Moscow's outer ring roads. The cars may now mark out the owner's status, but neither Lada nor Bentley can escape the uniform layers of filth that Moscow's weather dumps on every car and building. This is not a pretty city - in the gloom you are grateful for the neon and giant video screens placed incongruously on the top of apartment blocks.

Inside, you are back in the USA. The hotel is abuzz with Russian and overseas opportunists looking to make a few dollars in Putin's version of a free market economy. American, German, British, Russian: accents and languages coagulate in the atrium.

That evening Kaspersky Lab has laid on a drinks reception for the journalists it has invited to its annual press tour. As the vodka flows, I hear from successful Kaspersky executives of how it used to be, how you didn't need to worry, how everyday and everything was the same. The future would be the same; the state would look after you.

Now life is different. There is more opportunity, but also more uncertainty. Of course it's better to be able to make money but just like in the West, the new middle classes of Russia are finding it hard to maintain their status. Good schools, housing and medical care must all be paid for. It can be exhausting. Those who work for Kaspersky Lab are lucky - they get medical insurance, a nice place to work and a feeling of belonging.

A lot of that is down to the entrepreneurial drive and personality of its head of research and technology and joint founder, Eugene Kaspersky.

A native of Novorossiysk, a Black Sea port, Eugene graduated from the Institute of Cryptography, Telecommunications and Computer Science in Moscow, after which he worked on government projects.

Now in his forties, he has only recently abandoned the long hair and ponytail of the committed geek, but not the rock star persona and charisma that cling to him. For many, he is Kaspersky Lab.

His ten-year old company was born out of a project at the Kami Information Technology Centre, which saw Kaspersky lead a team to develop anti-virus software. That project eventually led to the creation of Kaspersky Lab in 1997.

It was while at Kami that he met his wife and co-founder, Natalya, and although now divorced, she has kept her name and position of CEO. Together they own around 80 per cent of the company. In 2005 it made the Red Herring 100 Europe listing of private technology ventures worth watching. It is still worth watching.

I get to meet Kaspersky at one of the breakouts on the first day of the press tour. He may be more conventional in appearance than he used to be, but the beard, jeans and casual shirt remain. No suit here. He appears a little nervous but smiles as we sit down to talk in a Marriott bedroom converted into a meeting room.

His firm's business to date has been built on the existence of streams of viruses and effective means of killing them. Lately the industry seems to think that we should worry less about the virus threat. Kaspersky is not about to declare mission accomplished, however. Nor, according to him, is the world of cyber crime quite as easy to measure as some would have you believe.

"There are fewer traditional viruses, true," he says. "but I think the real reason is that kids are more interested in online gaming these days, plus the fact that it's getting harder to develop viruses for Windows. In the past, there were many underground internet magazines, where it was explained how to develop malicious code. Now there are far fewer."

So what about cyber crime? "Traditional criminal gangs are not yet connected with their IT counterparts. There are still two very different criminal businesses, two very different mentalities," he argues. "People who commit crime in the real world, you need ... well," he pauses, "a different attitude. Online, it's a virtual world, so it's easier to do it."

In other words, real crime needs real muscle and real guns, as opposed to wimpy geeks creaming bank details from unsuspecting web users. But this seems to contradict the intelligence emanating from the FBI and other agencies around the world that organised crime is moving into cyberspace and that criminal gangs are training young people, even putting them into college.

Kaspersky remains to be convinced. "We don't have exact information that these two worlds are connected. Maybe in the future they will be, but when, I don't know. And anyway, you don't need much technical training to socially engineer people to click a link or open their attachment," he claims. "It's more important to know how to enter the computer without user knowledge, without any notifications, without any questions, and sometimes they use very sophisticated tricks."

He gives as an example of how, in 2005, a ransomware Trojan worked not because of its technical mastery but thanks to the fallibility of human beings. The Trojan was developed in the Ukraine and encrypted data on a victim's PC, which could only be unlocked after the ransom had been paid to the developer.

"For a year we had no idea how the Trojan was downloaded and got into computers. Then, we discovered that the developer sent the Trojan to people registered on the Russian jobsite, By exploiting the fact that these people didn't want the fact they were looking for a new job divulged to their current employer, they were easy prey," he says.

And social engineering can happen to the best of us, even graduates of one of Moscow's finest technical institutes. "I almost visited an infected web page after I got a message that told me to find out what people had written about me. So it's not just people who have no security awareness. It's possible to cheat anybody".

So if we are wrong, or at least overreacting to theories about what organised crime is doing in cyberspace, does Kaspersky think the hype should be exposed? After all, the activities of the bad guys is actually good for business.

"It's a double-edged sword. The hype helps us educate people and make them pay more attention to security but, on the other hand, we do have to explain that sometimes the news is wrong," he replies.

"Like the rumour that hackers were going to release 100,000 new viruses at the stroke of midnight on New Year's Eve 1999. There was a panic, and even some of the virus companies took on extra staff for the night to deal with the alleged threat. I always thought that it was just hype, and I was right," he says, folding his arms to make the point. He was probably right about Y2K too, but that's another story.

Kaspersky Lab has done well to get where it is, but it is a Russian company and, for better or worse, some in the West have certain views about doing business with Russians. A Russian anti-virus company may find it especially hard to pursue its ambitious targets for growth. However, Kaspersky has done it all.

"That was true five or seven years ago, when we started to enter the European market, and there was quite a lot of suspicion: 'It's a Russian IT company, worse; it's a Russian IT security company,"' Kaspersky says, seemingly enjoying recalling the scenario.

"I remember the first press tour in London, in 1999. Many journalists were implying the same thing; 'what the hell is a Russian company doing in Great Britain? Do you seriously think you can be successful here?' And now that's not a problem at all."

At least not for mainstream business, although Kaspersky would be surprised to land contracts with the Ministry of Defence or NHS anytime soon. And what about the US market? With relations between the United States and Putin's increasingly assertive Russia starting to creep back to Cold War levels of non-cooperation and mistrust, this might be more of a challenge than Western Europe has been.

"Yes, but it's not because we are Russian per se. It's just the same as in Russia," he claims. "The Russian government and military don't want to depend on technologies developed outside of their country, either."

But US business is patriotic too, and Kaspersky Lab will find itself up against the American giants on its home turf. "No problem," is the confident reply. "In the United States, we are focused on the SMB market. The customers are interested in the solution, and they don't pay too much attention to where it comes from."

Kaspersky's personal take on geopolitics is interesting. According to him, the Cold War is far behind us. Certainly the first one is, although some commentators may well be wondering into what kind of era the US missile defence system and Putin's willingness to use energy as a weapon against Russia's neighbours is taking us.

"Russia is being developed as a capitalistic country," Kaspersky says. "It's probably the most capitalistic country in Europe." With a Bentley showroom just outside Red Square, he may have a point. His views on other European countries is intriguing - Sweden: "mostly communist"; France: "socialistic"; and Great Britain: "partly socialist".

So in the rampant, regulation-free market that is modern Russia, Kaspersky Lab intends on expansion into the Middle East, India and Pacific countries, as well as Latin America. And it's the global corporate market the company is aiming for. To get there, it will follow the same path pioneered in its home market.

"In Russia we are very strong in the corporate market, but we started with a home product, moved on to SMEs, then to corporates," the firm's co-founder explains. "I think we'll have the same success in other countries. We are going to remain a technological leader, developing the highest-quality protection, and the BMW of the anti-virus market."

He breaks off at this point. Perhaps thinking of my British roots, or maybe even that symbolic Red Square. "Sorry, the Bentley of the anti-virus market," he smiles. I smile back, and then remember that Bentley is owned by the Volkswagen group.

Expansion is one thing, but you need to innovate to sustain that growth. Right now, innovation in IT is seen as emanating in California, India, Korea and Israel. Can Russia seriously be added to this list? Especially when many highly qualified people follow the IT dollars abroad.

"I hope that in a few years, Russia will be on the list of centres of innovation as well, because the government has finally understood that it's very good for business and profitable for the country," Kaspersky says. "The government has responded to the problem of Russians going abroad by developing our own centres of IT excellence, in Moscow and St Petersburg. I think they will be a success, and Russian developers who are working in Silicon Valley and elsewhere will come back."

He's confident too that those who are now abroad will bring back useful skills and invaluable experience of how western European or American companies work. "They know the standards, and they will help the new firms to educate staff on business procedures."

And Kaspersky believes that Russia, will gain an upper hand over the Chinese and Indians, who, he concedes, will achieve dominance in mainstream, mass- produced software. But when it comes to security and specialist high-end technologies, the story will be different.

"India and China will always be cheaper, but the facts are that they are not so successful at developing for the high-end. At the moment they are developing software for overseas companies, but not yet innovating software themselves," he says.

Curiously, he adds that there are several offshore programming companies in Russia and that Russian software developers, in Moscow, are better paid than in Spain or Italy and France.

Perhaps with an eye on the future and the industry shift towards risk management and less reliance on AV, Kaspersky has recently set up its InfoWatch division, currently only available in Russia. Without agreeing that this is some kind of long-term strategy, he admits that it is a departure in product and marketing strategy.

"InfoWatch is designed to deal with internal threats. Our main business until now has been to protect against external threats. Because this product is designed to protect confidential data, we customise this product for customers, because obviously they have different business procedures, different network structure, they have different databases etc," he explains. "It isn't just to protect against malicious threats; it helps stop carelessness become a problem, such as employees sending confidential data home to work on. But it's effective against malicious insiders, too. For example, one client discovered that two of its employees were stealing the customer database."

InfoWatch is a behaviour management tool. It monitors what is going on in the system; the behaviour of data, file history, who accesses a file (and who tries to), who modified it, who was going to send it outside of the company or misuse it. It can also prevent basic functions such as printing or cut and paste.

"It is not a panacea. InfoWatch is designed to protect against the casual carelessness of employees and the more malicious insiders who look to steal data. But, it's not going to stop hard-core hacker attacks," he admits. "However, for the average employee, it makes it almost impossible to misuse the confidential data.

"It's a very interesting project, this," Kaspersky adds as an afterthought, as I ask whether he gets frustrated that even today organisations don't take information security seriously and, despite investing in technology, the car is often still left unlocked.

"Actually, businesses are more and more serious about security. Ten years ago, hardly anyone had anti-virus, now everyone does. I think businesses do understand now just how aggressive the threats are."


Eugene Kaspersky is said to be a mathematical genius. But he's not the only one. For some reason, Russians are very good at maths. According to geek website, Russia comes top in a ranking of 49 nations in programming expertise, before China and the US. The UK comes in at 27, just below Iran.

While that data might be disputed, there is no doubt that Russians are highly sought after for their scientific abilities, and many bright graduates have found willing employers in Silicon Valley and beyond.

Two years ago, Lieutenant General Boris Miroshnikov of the evocatively named Department K, a Russian anti-cybercrime agency, told a conference in London that: "Everyone knows that Russians are good at maths. Our software writers are the best in the world, that's why our hackers are the best in the world."

A slightly mixed message that perplexed his audience, but Miroshnikov was tapping into a national stereotype that has a basis in fact.

Russia has produced more world chess champions than any other nation - Boris Spassky,Anatoly Karpov and Garry Kasparov (pictured) are just three of the most famous. Part of this is attributed to the old Soviet regime's policy of promoting chess as a healthy pursuit for the masses, but the sheer brilliance of those champions says something about Russian aptitude for spatial as well as strategic thinking. The current world champion, Vladimir Kramnik, is also Russian.

And where would modern journalists be without the mathematical power of Google and the genius of one of its co-founders? One Sergey Brin, a Muscovite by birth and son of a mathematician.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events