How Bloomberg Just Edited an Agricultural Newspaper.

History tends to repeats itself, its lessons not having been learned.

Sometimes the new does start to resemble the dystopian visions of the future of old, which our parents, grandparents and great-grandparents had nightmares about and/or read about in the caustic satirical works of the day. O tempora, o mores: nightmares, satire and dystopia – sure, they’re becoming reality, but guess where in particular – in journalism.

Since childhood there’s been a story I’ve never been able to forget – and wouldn’t want to. It’s Mark Twain’s short tale called How I Edited an Agricultural Paper (Once). Remember it? If you’ve read it’s a  silly question – it’s impossible to forget. Not read it? Spend five minutes doing so now. Why? Well… it’ll save me having to explain something of importance and… you’ll never forget it! Though written nearly 150 years ago, it will open your eyes to the levels of competency, the motivations and the methods applied by a handful of modern-day headline-chasing journalists. And after that prestigious intro to today’s topic, we’ll go through Bloomberg’s latest fictional tale and dissect some of its false accusations, much as we did with its earlier volley of banya journalism.

Inaccuracy One.

To get a turnip It is better to send a boy up and let him shake the tree.

Just as a fish rots from the head down, so too here – the rot set in with the article’s heading:

Here, folks, we have: lies, with a sprinkling of manipulated information based on misconstrued facts to serve an agenda. Yes, seriously!

We don’t have ties to any government–ties suggest we are conducting inappropriate activities or operations when that is clearly not the case. We work with cyber-police-forces, which is verifiably and exhaustively documented in publicly available sources (example), and, incidentally, for what we (and industry partners) received the prestigious SC Awards Europe Editor’s Choice Award for recently.  We provide technical expertise on cyberattacks–anything else which may go into the possible meaning of the word ‘intelligence’ remains strictly outside the bounds of our professional capacity as cybersecurity experts.

Inaccuracy Two.

“Turnips should never be pulled [out of the ground], it injures them.”

KGB officer?

More inaccurate representations for their agenda!

Just like millions of other young people Private Chekunov underwent obligatory two-year military service in the Soviet Union’s Border Service, which at the time was a subordinate to the KGB. Igor has never been a KGB officer and hasn’t had any ties with this service since then.

Inaccuracy Three.

“The guano is a fine bird, but great care is necessary in rearing it.” 

Bloomberg states that it received from anonymous banya sources certain emails in which I basically admit everything. Bloomberg even states the following:

This is getting repetitive (already; there are another six misrepresentations to come!). Apologies…

We weren’t shown any emails, so we certainly didn’t confirm them as authentic.

Still, we were curious. So we dug through our email archives. And did find an email, which could be the one Bloomberg is referring to. In it there is the word ‘Lubyanka’, by which is meant the Russian cyber-police. But, alas, the journalists didn’t have time to check the meaning of ‘Lubyanka’ and instead reference is as the FSB in this context; they were too busy creating an agricultural press sensation!

Inaccuracy Four. 

“The farmer should begin setting out his cornstalks and planting his buckwheat cakes in July instead of August.”

Here we go again:

Lies!

Developing a product entails detailed research of potential market demand and meetings with customers, partners, analysts and government bodies. Before the launch of Kaspersky DDoS Protection we spent a long time surveying lots of organizations regarding the necessity and desired functionality of such a product. Naturally the surveying included that of the Russian cyber-police, which had more reason than anyone to express concern about DDoS attacks (see point 7). For the record, once more, let me plainly state we NEVER received a request from the Russian government, or any affiliated organization, to create or participate in ANY secret projects, including one for anti-DDoS protection.

Inaccuracy Five.

“Concerning the pumpkin. This berry is a favorite with the natives of the interior of New England.” 

Among the many technical goofs contained in the article, one that is an all-out flub-clanger-blooper is as follows:

Wrong.

First, sensors are installed outside the perimeter of a corporate network – if at all (see next point).

Second, customers can go without the sensors if they wish. Sensors are just used to detect anomalies and automatically switch traffic to regional cleaning centers (situated in the Netherlands, Germany and Russia – depending on where the customer is located).

Third, sensors analyze only metadata and don’t have the capability of modifying content. The risk of a privacy breach is zero.

And finally, fourth: despite the fact that Kaspersky DDoS Protection is one of the most technologically advanced products on the market, sensors aren’t a feature unique to it. This technology is used by many other developers.

Inaccuracy Six.

“The gourd and one or two varieties of the squash … are the only esculents of the orange family that will thrive in the North [besides the pumpkin].”

Lies!

I simply can’t believe there wasn’t, say, a student nearby who could explain the meaning of this term.

The article inaccurately attributes the countermeasures referenced to be for the government, when the information being discussed was actually referencing the types of active measures needed for strong DDoS-protection for customers, such as the DDoS intelligence system, which alerts that there is an emerging DDoS-attack against a customer through monitoring the activity of DDoS botnets.

Hacking back is illegal, and Kaspersky Lab has never been involved in such activities; and instead we are actively participating in joint shut-down of botnets led by law enforcements of several countries where the company provides technical knowledge (example).

More on Kaspersky DDoS Protection – here, and on the DDoS phenomenon – here.

Inaccuracy Seven.

“Now, as the warm weather approaches, and the ganders begin to spawn.” 

Those crazy guys misinterpreting (maybe on purpose) the truth once again…

Lies!

If anyone’s kicking in cybercriminals’ doors it’s the cyber-police, in accordance with the respective national laws, not us. Our expertise – also in accordance with the respective national laws – is to provide evidence and proof as well as conduct expert examinations for law enforcement and the court.

What’s important for everyone to know is that concerning raids and/or physically catching cybercriminals, we might ride along to examine any digital evidence found, but that is the extent of our participation, and we do not track hackers’ locations.

Inaccuracy Eight.

“It is now generally conceded that the pumpkin as a shade tree is a failure.” 

Scoop! Bloomberg’s gone and done it! The con of the century has been uncovered by their reporters! For they’ve found out that supposedly “200 million users” around the world aren’t aware that they’ve got secretly-installed Russian spy technologies inside their kit! 

Lies!

First, our tech partners publically inform customers about the technological details of their IT solutions. Here are a couple of examples: ZyXEL and Juniper Networks.

Second, ‘200 million’ is a vastly inflated figure so as to inject a dose of FUD. Actually, OEM takes up just ~3.5% of our revenues (figure for 2016).

Inaccuracy Nine. 

“Cows [have a] moulting season.”

Bloomberg states we don’t tell users about the real functionality of Kaspersky DDoS Protection:

Misinterpretation!

The complete description of all functions, details and extra services of Kaspersky DDoS Protection are openly available on our website, and can be additionally explained at optional training sessions for our customers and partners.

Oh and as far as keeping it quiet, it’s clear that no high-tech company wants any of the technology specifics leaving the office… Duh, if the capabilities leaked out, attackers could learn how to bypass the measures, and I didn’t want competitors to copy it before our product could be launched.

Stop!

I think I’ll stop at nine refuted inaccuracies.

Almost every sentence in the article contains a lie, fake evidence, erroneous interpretations, unsupported assertions or endless technical ignorance. In essence, all the material is just one big made-to-order smear campaign. It’s a monstrous lack of commitment to journalism principles of seeking out the truth even if it doesn’t fit with your planned article narrative and possible political bias in support of current geopolitical rhetoric.

And even if we shed the conspiratorial stuff from the article, there still remains a curious motive…

I quote some key passages from the Bloomberg podcast:

• “It’s an investigation that we’ve been working on for about two years now.” (2:01);
• “Now, none of this is meant to suggest that Kaspersky has actually used its connections with the Russian government for malicious purposes. We do not have any basis for believing that.” (3:02);
• “I don’t think there’s a tech company in the world that can just refuse to cooperate with its own government.” (7:01);
• “It wouldn’t be surprising at all to people in the industry if Kaspersky Lab had to keep some amount of contact with the Russian government…complying with legal requests for information and that kind of thing. Those sorts of requests are very routine and happen here in the U.S. too.” (7:19);
• “…although we don’t have evidence that the company tried to do this [install backdoors in its products].” (15:46);
• “Let’s be super clear here: this is all very hypothetical, there’s absolutely no evidence that Kaspersky is misusing its access. That’s right, it’s just its potential that’s getting officials worried.” (16:56).

So, they even admit it themselves, albeit in a podcast (skipped by most): zero evidence, a geopolitical storm, and rights infringed based on country of origin. So with this knowledge, explain to me again why they wrote the article bashing my company?

9 false facts (to name a few) in the Bloomberg story about @kasperskyTweet

Let’s wrap it up for today

Well ladies and gentlemen, I’m not certain what has led to this almost daily attack on my company.

Maybe these people are genuinely concerned, and if so, I hope they’ll stop making assumptions and misconstruing information to try to make it fit in with their inherent desire to believe we’re bad simply because the company was started in Russia by a Russian. More than 85 percent of the company’s revenue comes from outside of Russia, so why would we ever put all of that at risk to simply give one government access to information no government should be allowed to get from a technology company?

If you really stop and think about it, you have to know, logically, that it doesn’t make any sense…I cannot stop the difficulties and tensions between countries, but that shouldn’t matter. I’m not here to sell or debate political agendas, I’m here to save the world from cyberthreats. That’s it!

Who knows what’s driving a handful of reporters to seem to focus on us so intently instead of on real stories, but I cannot change the perceptions of individuals who ignore logic, and follow a trend believing it’s OK to print anything that sounds fascinating (even if it’s far from the truth), to create better headlines.

What I can do is continue to protect businesses, governments and people from cyberthreats, and I truly hope the US government will take me up on my offer to audit our source code, meet with me to answer any questions they may have or any other steps needed to convince them we have no malicious intentions. I think once these first steps are taken, it will help resolve their concerns, and my company will finally be allowed to operate without this black cloud of suspicion overhead.