What Wired Is Not Telling You – a Response to Noah Shachtman’s Article in Wired Magazine

This is a very unusual post. It’s not about cyber-crime, malware, our latest business achievements or my latest long journey around the globe. It’s about truth and facts, and the importance of not hiding certain facts while revealing others.

For sure I was surprised to read such an article from a journalist who, up until Monday, always seemed to maintain the highest of professional and ethical standards. And it goes without saying that, on behalf of my company and our 2400+ employees around the world, I have to object to Mr. Shachtman’s litany of inferences, opinions, omissions and errors.

We first got to know Mr. Shachtman early last fall, and then invited him to our headquarters in Moscow. After several meetings with me and our team members, during which we discussed many different current issues related to the security field, it appears Noah Shachtman thought that he was ready to tell the world the “truth” about Kaspersky Lab and me personally, and decided to produce an article for Wired Magazine. And he got off to a great start (the way he described me after practically 72 hours on planes (Cancun-Munich-Cancun) just to be there for the opening of the event was all very true – and to me very amusing). But unfortunately Mr. Shachtman forgot to include essential components such as key facts, independent international experts’ opinions, and independent marketing research agencies’ data. Not only did he forget to check his facts, in some cases he wrote almost the opposite of what I actually said in my numerous interviews with him over the past seven months.

I hope Noah tried to do his best and had no hidden agenda. But he unfortunately failed to present to you the whole truth. So I’ve decided to help him out.

Thus, let me give you the information that Noah decided to hide from you:

Kaspersky Lab is a private international company that registered its holding in Great Britain in 2006. This means that our financial reporting is transparent and freely available to anyone. I think we can all agree that Her Majesty’s laws are strong and respected worldwide. Our affairs there have nothing to do with the Kremlin. This is the first time I’ve seen this major stretch to try and link our business with the Russian government.

All three of the world’s leading security companies – Symantec, McAfee/Intel, and Kaspersky Lab – work with law enforcement bodies worldwide to help fight cyber-crime. The ITU, CET, FBI, FSB, U.S. Secret Service… we all have a duty to help them solve criminal cases. Remember “Raiders of the Lost Ark” with Indiana Jones? He was a archeologist – the best on the planet. And that’s why the U.S. military came to him for help; they knew nothing about history or mythology. Well it’s the same for what we do for governments worldwide today – we provide EXPERTISE. Nothing more.

Without the expertise of security professionals, successful law enforcement operations would be an unattainable dream. When cyber-crime cases are domestic, IT Security companies work with their law enforcement agencies to assist in investigations. When they’re international, they work with appropriate law enforcement authorities of the affected countries to abide by legal policies and federal jurisdictions. This cooperation is crucial in helping stop cyber-crime around the world, and we are proud to be a part of this process.

We were the first to reveal Flame – and we are very proud of the fact. No IT Security company would remain silent on the discovery of a cyber-weapon, no matter who the author might be. Among the most well-known large computer security companies, two are U.S.-based – Symantec and McAfee. Symantec wrote one of the most comprehensive papers on Stuxnet – “the US-Israeli worm that wrecked nearly a thousand Iranian centrifuges and became the world’s first openly acknowledged cyberweapon,” as Noah described it in his article. In addition, Symantec was the first to write about Duqu, which has been widely referred to as Stuxnet’s cousin. Along with Symantec, McAfee published several research posts about both Stuxnet and Duqu, reporting on the incident and noting, in the case of Duqu, that its research team, in addition to many other vendors, were alerted to the unknown malware and began actively monitoring and responding to the threat. Following Noah’s logic, both U.S. companies may be considered to have been foiling US spies as well. However, the logic of the IT Security industry is to focus on keeping customers safe – regardless of their origin, or the origin of the malware.

As you all know, I’m an active blogger and engage in plenty of social media. I have an active presence on Facebook, Twitter, Flickr, Google+, YouTube, LinkedIn and LiveJournal. I’m an active supporter of the possibilities social networking brings to open communication and dialogue. I constantly stress that social networks can be used for positive things, and would never wish this medium to be shut down or censored. Besides, I personally am open to all kinds of questions and dialogue. As is Kaspersky Lab as a whole. If you want to know something – anything, just ask: we’ve nothing to hide.

As to Russian elections and DDoS attacks on certain (mostly opposition) websites, Noah regrettably gave a totally false account of the situation. I explained what was really happening at that time to the Russian audience of the Ekho Moskvy radio station, in addition to posting the same explanation on my blog. Early on, we didn’t see any DDoS attacks occurring, but we asked any possible victims of attacks to contact us so we could assist in investigations. After my blogpost some possible victims did contact us, and after analyzing all the data we discovered that some were indeed attacked. However, we found that not all of the attacks were DDoS-based. As an example, Kommersant.ru’s IT director, German Mitrofanov, told Gazeta.ru that they experienced a technical problem instead of a DDoS. In addition, our team of experts continued to monitor the DDoS and technical attacks around election time, and posted its findings in March 2012.

And finally, the very mission of our company is to fight cyber-crime all around the world – together with our colleagues in the industry. We don’t do it just because it happens to be our business; we also do it because we believe that protecting the world from malware is critically important and will continue to allow us to live in a better, safer, more open and effective society. It’s our underlying principle by which we stand firmly and always will.

In all, there are dozens of misquotes, unsourced comments, personal judgments based on mere opinion – or prejudice – and factual mistakes in the article. Not to mention an overall negative undertone that permeates the whole article.

Finally, on a very personal note. With regard to when my son was kidnapped… Every parent would understand my feelings and intent when I’d say to Noah Shachtman that only tabloids dare speculate on serious family misfortunes. Doing so would be punching below the belt even for a most scandalously unethical rag of a publication. But for Wired to sink so low – that’s a clear downgrade of the publication’s stature.

Noah Shachtman wants to believe that I’m a spy and Kremlin team member, and that I use my son as bait… I guess this could only be due to cold-war paranoia. I honestly can’t think what else it could be. The reality however is much more mundane – I’m just a man who’s “here to save the world”.

And this is what Noah Shachtman failed to tell you.