Proud to keep on protecting – no matter the false allegations in the U.S. media.

Hi folks!

I doubt you’ll have missed the unrelenting negative news coverage about KL of late. The most recent accusation is that alleged Russian hackers and the hidden hand of the Kremlin have somehow used our products to spy on American users and pilfer their secrets.

The media attacks have been intense, fierce and persistent – so much so that we’ve had to lay low for a while to catch our breath and work out what on earth this is all about. But now, since nearly a week has passed without any significant flak coming our way, I’ve been able to take the time to sit down and put fingertips to keyboard and assess the situation as objectively as I can. And I’d best do it quickly, since the respite may be short.

So, again… What exactly is going on here?

Clearly we’re doing something right. And we want to continue doing it better – in the ongoing fight against cybercrime

First up, let’s keep in mind that concerns about KL, given its origins, are not new. We recognize that some people think ‘Russian cybersecurity company’ are three words that shouldn’t be in the same sentence, especially these days. Still, the motivations behind recent reports, while intriguing, cannot be our concern. Instead, we need to focus on doing everything possible to be as transparent as possible for our most important stakeholders: our customers and partners.

Despite today’s tense geopolitical situation, KL has continued do what it does best: focusing on protecting our customers from cyberthreats regardless of where those threats may come from. Our folks work hard every day to be the best at what they do in order to provide the best cybersecurity protection available. And independent tests and awards show that our efforts haven’t been in vain. Just this month we were awarded the top ‘Platinum Award’ as part of the first ever Gartner Peer Insights Customer Choice Awards for Endpoint Protection Platforms. To receive any industry award is a good thing; to receive one based on what customers say about us is even better. We’ve strengthened our partnership with INTERPOL to fight cybercrime even more effectively. Clearly we’re doing something right. And we want to continue doing it right… no – better – in the ongoing fight against cybercrime.

If these recent allegations in U.S. media are true, where’s the evidence?

But we know awards and accolades don’t address these recent allegations. And we all know that government scrutiny of KL will continue. The past year has seen concerns about KL change from ‘what if their technology could be a tool for cyber-espionage by nation states’ to ‘they were hacked and used as a vehicle to spy on spies’. And while it’s hard for us to keep up with the constantly evolving narrative, ask yourself one thing: ‘if these recent allegations are true, where’s the evidence?’ If there was any evidence that we’ve been knowingly involved in cyber-espionage, we’d be toast! No ifs or buts – it’d be game over: governments would take immediate, severe action, including legal moves, and that would be that. But there’s been nothing of the kind. And you have to wonder why.

Another issue is where’s the due process? The steady stream of media leaks seem intentionally designed to damage our reputation without providing us with any real opportunity to address any concerns – because action is being taken before we can engage. Some will say that the government has provided us with an administrative remedy that we can pursue, and if so we will do so. But genuine due process provides you with the opportunity to defend yourself and see the evidence against you before action is taken; it doesn’t ask you to respond once action is already underway.

We know that the allegations are very serious, and we’re taking them very seriously. And since we aren’t seeing the due process we’d expect, here, for now, let me at least put the record straight on a few technical matters that appear to have been misrepresented in the recent media reports – a few explanations of what it is our software actually does:

The functionality of our products depends entirely on the code of our applications and the records in our databases – no mysterious magic here (just like there’s no mysterious magic with all other software companies’ products). And all our products and databases are all openly accessible on public servers. All our old products and former updates – in backups. If in any of it there’s any undeclared (espionage) functionality that violates the confidentiality of data of our users – do tell us the name of the product, the name of the module, and where the suspected code is, or the number of the update and the record identifier. That’s the information we’d be ready to look at – with the utmost seriousness. If there’s no information like that in any media report with accusations aimed at us, such a report is based on known-to-be lies, or simply repeated lies and falsifications of someone else.

How our products work is determined exclusively by the logic of the algorithms in the program modules and contents of our databases. The last time we conducted a full audit of the source code of our products and database records was in spring-summer of 2015 since our own network had been compromised by the Duqu 2 espionage malware. And we found zero bugs, zero backdoors – not in our products, not in our databases, not in our updates. We’re conducting a similar audit right now. And we’re inviting external expert IT-security observers too. And I’m absolutely certain nothing untoward will be found.

Yes, our products do conduct deep scanning of a computer and its files (as does all software in the ‘utility’ category). We do test files for the presence of malicious code. We do specially track and evaluate suspicious behavior of unknown objects in a system. And yes, we do – in full accordance with declared functionality and industry standards – send data on such objects to the cloud for further analysis (if the user has decided to go for this option). And this is how any antivirus worth its salt works. Any why? It’s all for one purpose: a finely-tuned, fully-optimized ability to do nothing but catch malware, neutralize it, and so protect our users. And we happen to be the best in the world at it. Our mission is to protect our users and their data. Surveillance, snooping, spying, eavesdropping… all that is done by espionage agencies (which we occasionally catch out and tell the world about), not us.

The main priority of our company is the protection of our users from all types of cyberthreats, no matter their origin.

In the cyberworld, evidence usually means the names of the respective modules, location of the code, and its disassembler (or its part). Indeed, it’s details like these that make up the main findings in our expert reports on the world’s most complex cyber-incidents (more on those – here).

Again, we remain absolutely committed to the protection of our users, and we work hard every day to do it better than anyone else. We’ve asked those with any relevant information to share it with us so we can do everything possible to fulfill our mission. Buy one of our boxed products in the nearest supermarket or an online version – analyze it, decompile it, and let us hear your findings! But we know we can’t wait for folks to come to us. Therefore, we’ll do everything we can to respond to the stated concerns by being fully transparent about our efforts and our findings. Our customers deserve nothing less.

In closing, I once again declare:

The main priority of our company is the protection of our users from all types of cyberthreats, no matter their origin. We do this better than anyone else. And that’s nothing to be ashamed of – only proud of.

Sincerely yours,

Kaspersky Lab’s CEO @e_kaspersky addresses recent false allegations in U.S. mediaTweet
Comments 10 Leave a note

    Michael Mayo

    The attacks on Kaspersky Labs is shocking and all of the falsifications and manifestations of lies regarding the application must be stopped.

    The New York Times in particular have been one such attacker who should by all means face court action and their so-called evidence subpoenaed by a court.

    I have used Kaspersky Labs for over a decade and it is by far the best product for securing a computer.

    It is important for me being a software innovator to ensure my computers are secure, Kaspersky Labs is the true definition of security.

    Keep up the good work Kaspersky Labs and you too Mr Kaspersky, without your innovations we would not have an internet as secure as it is.

    Just for your information Mr Kaspersky, i’m looking to approach Kaspersky Labs in the not so distant future regarding a new end-to-end encryption software called Quantum Cryptographic Holography, it is currently being verified by Joe Shenouda one of the worlds leading cyber-security professionals. Kaspersky Labs will have first refusal of this software as i truely believe in Kaspersky Labs to be the most professional company to present QCH to.

    Kindest regards,

    Michael M.


    If you think they do not have evidence, why aren’t you taking them to courts and suing them ?

    Brian Sewart

    Sounds to me like the only one with a view to properly diagnose the allegations and not rush into knee-jerk actions is Kaspersky.

    @Sandler.. I am sure KL legal folks are all over this, but will announce anything when appropriate. Do you think a company wants a lengthy drawn out court battle when it has other more important things to do. Doing so as a simple statement of innocence is really not a great spend of time and money. I am a firm believer in the accuser providing evidence, not the accused.

    Surely code must have been analysed six ways to Sunday, so where is the evidence?


    Here we go: Sandler, another conspiracy theory addict…


    Hi Sandler, do you think that the combination of ‘Freedom of Speech’ plus ‘presumption of guilt’ will not work on the USA?
    This is a hardly combination, isn’t it?

    Mark Stopkey

    Eugene, you have our support. This is nothing built media speculation because they are board and need something to do. Unfortunately KL was caught in the crosshairs. When I went looking for a complete security suite, I will admit I at first had my reservations. But, you have to trust someone and that someone I chose was KL.


    I am an American who does IT consulting, and has been using, and recommending Kaspersky for about 10 years now to all my clients. I think the product is very good at what it does. I do agree that the recent political rhetoric about the software and company are absolutely uncalled for. However, I can fully understand where anyone who questions the software\company is coming from. Let’s face it…the Russian government (granted, as well as the American government) is not exactly the most trustworthy entity in the world. It has been proven the country is responsible for meddling in the foreign affairs of numerous countries across the globe for years now. Putin, is in my opinion a “monster” that will stop at nothing to expand his power and influence on the world to benefit his own agenda. With that being said, I can very easily imagine a scenario where Russian government would use whatever means necessary to strong arm, threaten, and intimidate an organization such as K.L. into forcing them to implement such practices that would spy and report findings on users in America and other countries for his personal\political gain. I have no doubt that K.L. is an ethical company. But, when your headquarters is located in a country, run by what many would consider to be a dictator, anything and everything is possible. I have not really followed the media comments about Kaspersky, but I personally without any external persuasion also have had the same thoughts about the integrity of K.L. due to the possible influence of the Russian government. For these reasons when the Kaspersky license files for my clients expire in the upcoming year I will be moving them to another product. It is much better to be safe than sorry.


    Honestly if you were really that concerned about your clients then you would not wait until the K.L. license files expired before switching your clients over from K.L. to another product. Granted, it is also worth noting you did not say which product you would be switching to; but I guess it does not matter if you are so biased on a products’ country/location of origin. With that bias/logic you probably should not own anything that has any parts made from China or the USA or… wow I guess anyone other than yourself that’s made from scratch. Oh, but just like your (so far at least) unfounded bias, that would be a terrible idea too.
    Basically, the bottom line is that a product’s country/location of origin does not matter. What really matters is a product’s ability to fulfill a need/requirement while maintaining confidentiality, availability and integrity; if all those are sound then there should be no reason to mistrust the product. And if you are an American as you say, then you know the justice system is “innocent until proven guilty”. So, unless there is hard evidence provided that proves the above has been compromised then there is no reason to say “better to be safe than sorry”. If you have done your job correctly, staying up-to-date, following best practices with security in layers (including physical security), have regular secure backups being done as well as internal and external audits, and have an actionable plan to follow in case an incident actually does (and at some point most likely will) occur then you are already about as “safe” as safe gets out in cyber world today.


    The extreme defensiveness of this post betrays the legitimate concerns that the Global Transparency Initiative is trying to solve. You can point to the “media bias” all you want, but these concerns are broadly shared with anyone who has an understanding of how cybersecurity software operates and pointing figures at political motivation, sadly, sounds more like a Trump-defender post than anything I’d expect from a solid cyber-security entity looking to keep “trust”.

    Even the very best software is imperfect, and especially one that operates at the low level that in-memory anti-virus software supports; especially one that allows for device/filesystem hashing/fingerprinting, sampling functions for malware from remote clients, and an auto-update process to basically push whatever profiles are desired for said processes.

    Even Symantec, McCaffee and Microsoft have been accused of enabling espionage; and the Global Transparency Initiative seemed well calibrated to recognize concerns and address them with stakeholders.

    This post on the other hand… appears more to be red meat for anti-media, pro-Russia trolls. Nice try, but it’s not just ‘anti-Russian American media’.

    Here’s a more balanced perspective:

    Doesn’t Matter

    Agree with TechGuyJ… no one in the US knows what actual control Putin has over this RUSSIAN company. Maybe if they diversified and moved their base of operations to Switzerland, for example, that would help with their transparency. Based in Russia = automatic, enduring credibility issues.

Leave a note