A practical guide to making up a sensation.

There are many ways to make up something sensationalist in the media. One of the practical ways is to speculate and create conspiracy theories. Unfortunately, there’s a demand for such stories and they have a very good chance of making a splash.

So how can a global company with Russian roots play a part in a conspiracy theory? Well, this one is easy: there should be some devilish inner job of the Russian secret services (to produce the “I knew it!” effect). In many cases you can change the adjective “Russian” for any other to produce a similar effect. It’s a simple yet effective hands-on recipe for a sensationalist article. Exploiting paranoia is always a great tool for increasing readership.

There are questions we’ve answered a million times: what are our links with the KGB? Why do you expose cyber-campaigns by Western intelligence services? When do you plan to hire Edward Snowden? And other ones of the ‘have you stopped beating your wife?’ kind.

We’re a transparent company, so we’ve got detailed answers ready. Of course we want to dispel any speculation about our participation in any conspiracy. We’ve nothing to hide: we’re in the security business and to be successful in it you have to be open to scrutiny.

To my great regret, there are occasions when journalists publish something sensationalist without taking account obvious and/or easily obtainable facts contrary to their sensationalist claims, and produce stories that are at odds with professional ethics. And sometimes a bad tabloid journalism style finds its way into otherwise quality media publications. I’d like to comment on one such case.

The fashionable fever of looking for Kremlin-linked conspiracies this week reached some journalists at Bloomberg. Curiously, this happened not long after our investigation into the Equation Group.

It’s been a long time since I read an article so inaccurate from the get-go – literally from the title and the article’s subheading. So it came as little surprise that a large part of the rest of the article is simply false. Speculations, assumptions and unfair conclusions based on incorrect facts. In their pursuit for a sensation, the journalists turned things upside down and ignored some blatantly obvious facts.

My congratulations to the authors: they’ve scored high in bad journalism.

But that’s where the emotion stops today. Now let’s just look at the cold facts – rather, lack of them. Let me go through some of the most outrageous and twisted gaffes.

Bloomberg bullshit

I must have said this a million times, but we do not care who’s behind the cyber-campaigns we expose. There is cyber-evil and we fight it. If a customer comes and shows us a problem we investigate it. And once we take the genie out of the bottle, there’s no way we can put it back.

But since these journalists tried to attribute the cyberattacks we exposed to the countries mentioned, for some reason they forgot about our reports on Red OctoberCloudAtlas, Miniduke, CosmicDuke, Epic Turla, Penguin Turla, Black Energy 1 and 2, Agent.BTZ, and Teamspy. According to some observers, these attacks were attributed to Russian cyber-spies.

Bloomberg bullshit

The only other statement that can compete with this one in terms of frequency, silliness and falsity is: ‘AV companies write the virus themselves’.

Let me spell it out and use a few capitals: I’ve NEVER worked for the KGB.

My detailed biography has been widely distributed around the world and can be easily found online. It clearly states (I wonder if the journalists read it) that I studied mathematics at a school sponsored by they Ministry of Atomic Energy, the Ministry of Defense, the Soviet Space Agency and the KGB. After graduating, I worked for the Ministry of Defense as a software engineer for several years. But whatever… as they say, ‘never let the facts get in the way of a good story’. Right?

UPDATE:

bloomberg-lies-update

Looks like the Bloomberg journos behind the story read my post (but not in detail; otherwise they’d have taken the article down) and made a minor edit to their text. Now, I never worked for KGB but for … Russian military intelligence!

For the record: I never worked for Russian military intelligence. As I mentioned above, I worked as a software engineer at the Ministry of Defense.

Bloomberg bullshit

Is there an implication here that the ‘quickly removed by headquarters’ was to cover up some secret truth – before it got out? Maybe not. But if you do see a possible one, let me tell you what happened:

the design of the our antivirus software box with the KGB mention was developed by our Japanese partners. I learned about it only after it was printed, and asked to have it changed as it just wasn’t true, which was done.

And if there’s a further implication that the mention was removed because we were going global and recruiting ‘senior managers in the U.S. and Europe’ (with whom KGB mentions might not sit well), well then that’s not right either. We were already global. Our American, European and Asian employees (who now make up more than a third of total company’s headcount) had no say in it. Even if they did – so what? Bottom line – I never served in the KGB!

Bloomberg bullshit

Just nonsense!

First, people join and leave organizations all the time. Second, we value only professional qualities in our people. Third, there’s no evidence of ‘closer’ – not even close – ties to Russia’s military or intelligence services. Must say though, I’d be really interested to find out who’s joined our top management team since 2012 who has ‘closer ties to Russia’s military or intelligence services’. I’m dying of curiosity!

Bloomberg bullshit

I do appreciate this interest in my recreational-prophylactic habits. While the reader may visualize naked male bodies in a steam room and dicussions of conspirational plans to conquer the world, the truth of the matter is quite something else. It highlights another way in which the journalists ignored our emailed comments to them to sacrifice objectivity for quirky details and stereotypes.

First, sometimes I do go to the banya (sauna) with my colleagues. It’s not impossible that there might be Russian intelligence officials visiting the same building simultaneously with me, but I don’t know them.

Second, we do fight cybercrime. And without cooperating with law enforcement agencies around the globe (including in the U.S., the UK, Japan, other European countries; INTERPOL and Europol) our battle would have been significantly less effective than it has been recreational – if not completely futile.

Official meetings sometimes do turn pretty informal, including with officers belonging to the security services of the U.S., the UK, Japan, other European countries; INTERPOL and Europol (oops, I’m repeating myself). And I consider the stories about my possible encounters with security officials in a banya an attempt to deliberately mislead readers; the journalists don’t mention that we are impartial in our fight against cybercrime, no matter where it strikes. A warning, dear readers: don’t believe everything you read!

Bloomberg bullshit

‘Gotcha, we’ve caught you! You investigate only US operations and not Russian!’

Well, this one’s real simple. FireEye did some great research, so publishing our own after theirs made no sense. We carefully read the FireEye report, warned our users and… kept on researching the Sofacy operation. BTW, our experts are still working on it, as it’s closely connected to the MiniDuke operation. But please don’t ask why FireEye didn’t announce MiniDuke! You know the answer (hint: who was the first to uncover it?).

Bloomberg bullshit

That is false statement.

We’ve launched an internal investigation, carefully examined all our archives for the last three years, and haven’t found such an email. Those who know Garry personally know he’s not the kind of man to write such things.

Bloomberg bullshit

Does two-year compulsory military service of 18-year old private Chekunov equal working for the KGB? Really? Dear authors, why did you miss the detail where, in the USSR, military service was obligatory for all males, and it was random which particular service you served in? Some entered the infantry, others the submarine division of the navy. Mr. Chekunov served in the Soviet Union’s Border Service for two years, and at that time the service reported to the KGB.

Bloomberg bullshit

Oh those Russians banya nights. The nerve center of all secret operations’ planning!

Actually, here, thanks are due to the authors for the PR! Our Computer Incidents Investigation Unit (CIIU) helps our clients deal with sophisticated cyber-incidents. If law enforcement agencies contact us, we help – regardless of their country. We assist with our world-class expertise any law enforcement agency to save the world from any cyber-evil.

Bloomberg bullshit

The Computer Incidents Investigation Unit (CIIU) has remote access to the personal data of our users? That is a false statement.

Next: the keyword here is ‘can’. Theoretically, any security vendor can do that. Following this logic you can imagine what nasty things Facebook, Google or Microsoft can theoretically do. Theoretically, authors of an article can stick to facts.

The reality, however, is that I’ve no reason to risk my 700mln$ business. Everything we do and can do is stated in the End-User License Agreement (EULA). Moreover, we reveal our source code to large customers and governments. If you have any fears about backdoors – come and check. Seriously. Referring to a theory is an allegation unworthy of a respectable publication.

Bloomberg bullshit

This part explains a lot. Some folks who get fired have a chip on their shoulder. Human nature. It’s common. They have some media contacts – they fancy getting their ‘revenge’. Same old!

I am just worried about how respected media put their reputation on the line based on speculation. As a result we have a perfect example of a sensationalist headline:

Bloomberg bullshit

The result of the investigative journalism revealed these REAL facts:

  • I go to banya;
  • We hire and fire employees; employees leave of their own accord;
  • 60% of our employees are Russians;
  • Our Chief Legal Officer served in the Border Control when he was 18 and at that time the service was a part of the KGB.

 
Mysterious covert data which proves I’m a KGB spy?! This world-famous news agency undertook a huge investigation – believe me, it was impressive! During the fact checking they asked very detailed, probing questions, yet all they came up with were… unproved allegations. Do you know why?

Because there’s nothing there to find.

It’s very hard for a company with Russian roots to become successful in the  U.S., European and other markets. Nobody trusts us – by default. Our only strategy is to be 1000% transparent and honest. It took years to explain who we are. Many people attempted to find ‘dirt’ on us – and failed. Because we’ve nothing to hide.

Actually, I’d like to thank Bloomberg and all the journalists behind this story! Much like our antivirus often does, they performed a full system scan –and found nothing. It’s like a halal or kosher stamp – check! External audit successfully passed.

‘The hardest thing of all is to find a black cat in a dark room, especially if there’s no cat.”

.@e_kaspersky responds to Bloomberg’s allegations in connection with Russian LETweet

So, tell me, what do you think of this whole story:

READ COMMENTS 29
Comments 29 Leave a note

Bill Pytlovany

I haven’t always had the best experience with potential Russian customers but many have become great friends and supporters.

My first contact with Kaspersky Labs was looking for help after my former app WinPatrol was flagged and was a false positive. I needed immediate help since it was a new release generating tens of thousands of downloads & far too many emails. Kaspersky was also #1 in licensing their signature files to other AV companies. In less than 24 hours the signature file was updated and within another day their customers were updated so the false positive went away.

I wish I could discuss details of my last contact. I can only say that Kaspersky was the only company willing to take a major risk to “do the right thing.” They earned my respect.

Bill Pytlovany
BillP Studios

24
Reply to conversation

SoloID

Read the Bloomberg article… left me with a feeling like, so where are the facts?
Implying al sorts of “dark” secret stuff is easy but what is the real goal of Bloomberg here?
Because there must be a a hidden agenda connected to that Bloomberg article …right!?

Support given… :)

10
Reply to conversation

Uriel Fanelli

And they don’t mentioned your tip. Which of course you dress in the sauna, too. (This is how KGB spies are getting each other in the steam: they dress a tip as a sign). But, this is not the very point. The very point is: according with italian secret services, your tip is the wrong color. Which is an issue. Sorry, sir , there at KGB you have no taste for tips. We can tolerate casual Fridays, but during office times, please, use proper tips.

Using the tips you dress, especially into saunas, makes you WAY more threatening , at least in Milan. Good spies uses only Marinella’s ties.

Uriel

P.S: in the future, I suggest you to make fun of them. Is the best strategy. Ask your italian office for consulting if needed: we can make fun of e-ve-ry-thi-ng. Is about genetics, dude.

5
Reply to conversation

Micha

Thank you for not posting pictures of you in the banya.

31
Reply to conversation

Telmo

Regardless of the badly investigated ‘shocking’ news, you have my respect and admiration as a businessman and entrepreneur, as to me, you are responsible for the most innovative and successful security products available to date.

My hat off to you, sir. ;)

9
Reply to conversation

BanyaBabe

How come all of your researchers are Russian? Does your company not trust Americans to work for Kaspersky. Seems a bit discriminatory. Honest question deserves and honest answer.

1
Reply to conversation

Eugene Kaspersky

http://www.kaspersky.com/about/security_experts

32
Reply to conversation

ner0

The poll’s results were somewhat surprising, people should understand once and for all that sarcasm doesn’t get through on the internet.

I’m also surprised there’s no mention of vodka or ushankas anywhere in Bloomberg’s article.
To be honest, that’s the main reason why I thought their article was not well researched.

1
Reply to conversation

Brian Dell

“I studied mathematics at a school sponsored by the Ministry of Atomic Energy, the Ministry of Defense, the Soviet Space Agency and the KGB.”

Because the KGB Graduate School has as much to do with the Space Agency as the KGB? “1000 percent transparent and honest” would mean calling it what it is.

3
Reply to conversation

Che

Mathematics is a universal science and the ultimate nature’s language of exploration, innovation and progress. It has no borders and does not belong to a single institute, authority or organization. Every attempt to marry studying math in a state-sponsored school to spy games is illogical as math is limitless. It is fair to listen to both sides of the story and if in doubt – ask questions and stick to the facts and logic. And the fact is – Eugene’s alma mater was not called “a KGB school”, but a “school for children gifted in math”. All gifted kids despite of the country of origin choose their own future. Some become scientists, some join NSA/KGB/MOSSAD/MI5/MI6 etc., some become cybercriminals and use their math for evil. Eugene chose to be a cybersecurity expert who fights the good fight. I personally don’t care where he studied math and cryptography. But I do care and like how he uses it.

6
Reply to conversation

Valdis

Bloomberg’s article more worthy of a bad Friday afternoon at the Daily Mail than a serious newswire.

4
Reply to conversation

observer

Until there is clarity on the legal aspects of network warfare, independent actors trying to be good at what they do are going to keep getting caught in the crossfire.

Since these weapons do no appear to carry any military insignia, their discovery places one in the legal no-man’s land of dirty bombs and sawed-off shotguns.

For now, all we have to go on is that they are open-source and so not subject to any kind of treaty framework.. therefore their state origin is irrelevant, they are in the public domain now.. for every company like Kaspersky trying to do things openly, there are thousands taking the source code and API’s and quietly working to import these things into their own platforms.

As for banya night, sounds way better than some stuffy office building in Maryland.. especially if there’s Russian girls to bring drinks.

0
Reply to conversation

xxxxxxxxx

I am the one who found out that the equation group created fanny from a British government server not Kaspersky they have me chained to their command and control servers and and are spying on me they caused a conflict with Dropbox and kept sending all of the videos I watched all of my weblinks,and malware to everyone who has a Dropbox account your company got me a shitload of common clause violations and dmca complaints when I tried to contact your company I got a phone number for some lady in NY then I found another number and it transferred me to India and then I was transferred to a Russian message witch I couldn’t understand and It would not let me speak to a real person I tried to email and they rejected it. so if you ever come to my country and don’t have permission from the white house and the cia I will cut your throat you need to stop lying my government knows what is going on remember don’t ever set foot in my country without written permission from both the administration and the central intelligence agency release me from your server or I will harm any one who is a part of your company that I can find I can easily destroy all electronic mail transmissions security and I will attack your company servers along with your government’s servers your fucking command and control server is right across the street from the capital building in Moscow and right down the street from some kgb offices. My Google maps can see through the attempts of the Russian government to shroud your country

5
Reply to conversation

Cat of Mysteries

Research shows these comments directed towards you say more about the people saying them than they do about you.

0
Reply to conversation

Larry Arnold

Has anyone forgotten this is a Global Market? No matter where you live and whatever security software you use you are being monitored and sometimes for good reason. How many use Google Search? Just what I thought. Yep Google tracks and records every keystroke you make. So tell me where on this planet are people not being tracked and monitored? The answer is simple isn’t it? Thank you Eugene Kaspersky for being upfront and honest and providing us with one of the best (if not the best) security platforms in the market today.

4
Reply to conversation

Mazkund

Bloomberg is a virus.

2
Reply to conversation

Just the facts, ma’am

One interesting think about this poorly done article is that it references another article in Wired magazine which is also full of innuendo and few facts by a writer Noah. Digging a little deeper to see what Noah’s agenda might be…he has spent most of his career working for McAfee (a Kaspersky competitor) and helping them with US Army bids. Gee, does anyone think that gives him an agenda for what he wrote?

5
Reply to conversation

Joshua

It seems that is almost all Americanized / Westernized news is much good at anymore: Selling sensation to the highest bidder. (This is especially true if you spice it up with some fear or conspiracy.) Any truth can be spun out of small alterations to our lens of perception.

Unfortunately, few that take the time to blindly believe these things, will spend enough time to read Mr. Kaspersky’s rebuttal. Many of those will only find more ways to spin it to defend their own belief, despite whatever evidence he defends himself with. I only suggest he “rolls with the punches” and not feel the need to be on the defensive. I encourage instead he use the increased publicity to his benefit by picking a few key points he wants to get across. They want Mr. Kaspersky on the defensive as it’s easier to paint him a demon.

Plus, even if we start with the assumption its all true; it only seems all the more reason to work together. It’s all about the presentation. ~ Joshua

1
Reply to conversation

Larry Arnold

Edward Snowden was mentioned at the beginning of topic but not elaborated on by you Eugene. Please present your thoughts. It might benefit your position on these issues. Thank you

0
Reply to conversation

Larry Arnold

Beyond the report of hiring Snowden (which is absurd) I would like to hear your thoughts on his exile in Russia. We here in the US have concerns about him being protected and not turned over considering his breach of security. Could you please comment on this topic?

0
Reply to conversation

Dusko

You are completely misinformed.

0
Reply to conversation

Larry Arnold

After thinking about the Snowden issue it is not a good idea to ask or expect Eugene to even comment. That is a political issue and should be kept separate from someone trying to run a private business. I would have removed the post but don’t see a way to do that. Anyway my sincere apology to Eugene.

0
Reply to conversation

John

Thank you Eugene, you make great points!

I am becoming increasingly aware on a daily basis that my once adored security news media outlets are becoming less and less trustworthy.

I try really hard to stick to facts only:

Good News:
Firefox v.31 released HORRAY!!

Sensationalized News:
Vulnerability may have been undiscovered for 4 years

The good news is fact (Mozilla released a new version of Firefox). The bad news is an attempt to get people upset about something when a vulnerability is by definition not publicly known usually and not always very easy to fix.

I try to seek wisdom from others much older than me and its no wonder that my parents stopped reading and watching the news a long, long time ago. I should follow suit here and maybe keep reading your blog so I can enjoy the lovely pics you upload often!

Thank you Eugene,
Keep fighting the good fight!

0
Reply to conversation

Rhonda Lea Kirk Fries

I’ll be honest–I’ve never used your antivirus, because I’m quite fond of one of your foreign competitors (ESET). The Bloomberg article, however, almost tempted me to switch in protest.

What a load of horse puckey.

Kaspersky was a trusted name in AV long before the media and corporate interests realized the potential of the internet (more’s the pity they figured it out), and I can’t even fathom the depth of stupidity that inspired this article.

Just keep doing what you do, because the internet would be far worse than it has already become without you.

1
Reply to conversation

Reg_edit

From the the comments by a handful in this article, and the surprise poll, some people will believe what they want to believe.

Politicians and their flunkies (some journalists) have a vested interest in making scapegoats of other tribes.
It is a travesty that the Russian people were plundered by the Czars for generations and then the pendulum swung the other way for too many decades.
What was inflicted on the Russian people was not by their choice, it was never democratic.

For Bloomberg to single out one person as a threat is very immature.
Scapegoating others is a diversion from looking at and acknowledging our own behaviour

I choose to support Eugene because I bothered to read the links and did some homework of my own over the past 3 days. Until otherwise I trust him :)
A Kaspersky user for 8 days (a Bitdefender refugee). So what does that make me?

1
Reply to conversation

Eugene Kaspersky

Thanks for your support!

1
Reply to conversation

Tim Cunningham

I’ve used your products for years and am highly satisfied. As someone whose family background is the news business, I’m also impressed by your response to this high innuendo low fact article. Keep up the good fight and illegitimus non carborundum!

1
Reply to conversation

No BS

I personally don’t care whether the allegations are true or not (although Eugene seems legit). Kaspersky Lab’s products have been proven to be best in class and that’s what I pay for. Keep up the good work!

0
Reply to conversation

Melvyn Black

So, once the RUMINT found out that your were about to publish the results of your research, did anyone like the FBI or NSA try to bang on your door and stop you with a million dollar bribe or anything?

Given your well know sense of honor, few in the know would think it would have made a difference.

So, if Mr. Snowden had walked up to you and said “Here is the unreleased source code for $2M worth of BC”, would it be your patriotic duty to take it and share it?

Feel free to discuss with me offline if this is to confronting.

-Mel

0
Reply to conversation
Leave a note