Chronicles of a very long week.

What a week! A working week, I mean – and one that included both weekends each end of it.

It started on Saturday, September 9, and finished nine days later on Monday, September 18. It was long and it was tough – so quite typical really – and it went like this…

On the Saturday I needed to be in St. Pete – so I off I popped. As I’ve said before on these here pages, I don’t get one bit the bad rep St. Petersburg has in terms of weather. I’m sure it’s an anti-St.P rumor-based conspiracy. Why? Because when I come here the sun’s always shining and the Petersburgers are strolling about all leisurely and tanned – some even wearing shorts. It’s in Moscow where the bad weather’s at – all murky and sticky and blustery and rainy. Meanwhile in Leningrad…

When in St. Petersburg – have a Belgian craft burger ).

Read more: Good news!..

Five Years Trudging Through the Evolving Geopolitical Minefield.

[Originally published at Forbes]

“The hardest thing of all is to find a black cat in a dark room, especially if there’s no cat.”
– Ancient wisdom, commonly attributed to Confucius

For nearly five years, Kaspersky Lab has been in the line of fire from a handful of sources, which falsely report that we have covert and unethical ties to government organizations, possibly pose a threat to U.S. national security and/or our U.S. business is failing. That’s half a decade of news investigations, assumptions, hearsay, rumors, manipulations of publically available data, anonymous sources, conspiracy theories and fabrications. After five years – how much proof and concrete facts have they come up with? None. Nada. Zero. Zilch!

When politics use the news to shape facts, no one wins

And unfortunately, yesterday, a U.S. government agency sent out a directive for federal agencies telling them to stop using our products. I guess the good news is that U.S. government sales have not been a significant part of the company’s activity in North America. So, while unfortunate, we’ll continue to keep our focus on protecting our real customer base, enterprises and consumers.

Why are all these events occurring, you ask?

As I’ve stated numerous times, there is no evidence to confirm these false media reports, because Kaspersky Lab does not have inappropriate ties to any government.

In a way, I’m thankful for such an elaborate, long-term audit that’s found nothing amiss, but if anything is helping to verify my company’s commitment to transparency. As our customers and partners know firsthand, transparency and trust are the foundations of our 20-year-old business, and these guiding principles will never change, regardless of geopolitical tensions or inaccurate media representations.

Geopolitical debates don’t need truth; blame can be assigned by default without any evidence

During recent months, the heat has been cranked up several notches, as Kaspersky Lab became a talking point during U.S. Congressional hearings in which government officials express their concerns about KL’s products. But similar to sensational media reports, there’s a lack of facts or proof to validate any potential concerns, given that we haven’t done anything wrong.

In fact, I’ve repeatedly offered to meet with government officials, testify before the U.S. Congress, provide the company’s source code for an official audit and discuss any other means to help address any questions the U.S. government has about Kaspersky Lab – whatever it takes, I will do it. And I look forward to working with any agency or government officials that are interested.

And while we continue to suffer from these meritless accusations, the U.S. government continues to take actions against our products. These moves have even led to reports of a former national security expert agreeing that Kaspersky is being treated unfairly. In addition, serious concerns have been raised by some of the actions among cybersecurity experts, journalists and analysts as it violates an established transparency and due process for government contractors, breaks the presumption of innocence principle and sets up a very disturbing precedent that fuels national cyber protectionism.

So what exactly is going on? Well, it looks to me like the reason for being shunned (despite our many offers to assist) can only be one thing: geopolitical turbulence.

Whenever there are tensions at the government level, the business is always the one to suffer. But what is there to do when the selected target (my company) happens to provide the best cybersecurity products and cyberthreat research in the world? There is only option left: concentrate on the origin of the given company.

A recent article in the Washington Post sheds some light on the possible prime cause of the situation, which was being considered during the former president’s administration:

Despite a lack of evidence as to the reasons why we’re being targeted, one thing does seem to be crystal clear: we are caught in the middle of a geopolitical fight. And there will never be any evidence to prove these false accusations against us since we’re innocent; but instead you’ll just continue to see a lot of unfounded allegations, conspiracies and theories – which are alarmingly and unfortunately contagious.

As I’ve said before, it’s not popular to be Russian right now in some countries, but we cannot change our roots, and frankly, having these roots do not make us guilty.

Perhaps what’s most unsettling of all is that other cybersecurity companies from other countries may soon be in the same position as us. Geopolitical debates don’t need truth; blame can be assigned by default without any evidence.

Let’s take a look at the even bigger picture — these reckless actions can negatively impact global cybersecurity by limiting competition, slowing down technology innovations and ruining the industry and law enforcement agency cooperation required to catch the bad guys.

For several years, the landscape has become even more treacherous for companies caught in the minefield of geopolitics, and as a result, different businesses have become unwitting pawns in the game of high-level geopolitical chess. Australia bans China, the U.S. bans Russia, Russia bans the U.S., China bans everyone…sometimes I can’t believe my eyes when I read what’s going on in the 21st century. Why are countries ceasing to cooperate in the fight against the common cybercriminal enemy?

Tackling cybercriminals is possible only if we – the good guys – can overcome national boundaries, just as the cybercriminals do. Only joint efforts by law enforcement agencies of different countries can lead to success, and during recent years, thanks to such cooperation many cyber-villains have been put behind bars. That’s why we legally cooperate with cyber-police of different countries, and also international organizations like INTERPOL and Europol. Without cooperation, there won’t be any coordinated actions against cybercrime; consequently, there’s impunity for the cybercriminals and cyberattacks continue to thrive. People, businesses and economies all suffer.

I see how the fragile foundations of international cooperation in cybersecurity are splitting at the seams. Relationships between some countries are being pushed back 15 years. It’s not clear when the seemingly interminable geopolitical storm will pass, or how long it will take to reestablish good working relationships.

Who will win from the Balkanization of the security industry? Yes, that was a rhetorical question.

In any situation, it’s possible to find the positive. Thanks to this long-winded geopolitical storm, we’ve become more transparent than any other cybersecurity company in the industry. We’ve rallied around our company cause like never before, and our employees continue to stand with their heads held high knowing we will prevail in the end.

Despite the challenges, we continue to protect our users around the globe from any cyberthreat there is, regardless of its origin or intention. Now let me get back to work – there’s always much to do when saving the world from cyberthreats.

Politics is a dirty sport, sad to see it shape #cybersecurity. @e_kaspersky comments on recent DHS directiveTweet

Separating The Facts From The Assumptions.

[originally published at Forbes]

I was both astonished and, more so, frustrated by the recent op-ed by U.S. Senator Jeanne Shaheen in the NYT. It is not only damaging the reputation and livelihood of the 300-plus Kaspersky Lab employees in the United States, but also detracting from valid concerns about the ability of different nations to engage in cyberespionage and to direct digitally enabled attacks against critical infrastructure.

But I won’t argue almost every point in the piece here; you can see our post in which we explain how the ‘facts’ in it are anything but accurate.

I want to tell you another story here. A story of our interconnected world  – where geopolitical fears are not driving trade wars or aggressive protectionism. In this world, we have the opportunity to choose not just American, Russian, Chinese or Japanese – we can choose the best. Or the worst. Or proudly choose domestic. But we have the right to choose. And that is a cornerstone of modern democratic society – freedom of choice. And it’s a cornerstone of U.S. economic dominance. Customers all around the world can choose the best operating systems, the best smartphones, and the best software. And almost always, it’s an American product. And people choose it not because of its origin or because the government told them to, but because they want to. Look at the top-10 largest companies based on market value. Eight are American, two Chinese. Do you think they’d be doing so well if governments around the world banned them?

Are we now banning companies based on its origin? Is it really the path we go on now? Imagine just how easy it is for any other country to exclude, for example, Microsoft, Oracle, SAP, Hitachi from governmental contracts based on allegations and speculations, without evidence saying “They’re a potential threat…; we’re very concerned about them [foreign software developers] and the security of our country!”

Also, information security is a different challenge all together. To be the most effective, the cybersecurity community needs to work side-by-side with industries and governments to actively fight cybercriminals and cyberterrorists. Given that these attackers don’t respect geopolitical borders, working together, versus isolation, is the key to making significant steps in the fight against cyberattacks. Unfortunately, misinformation and inaccurate perceptions are driving forward a dangerous agenda that may impact global cybersecurity, as origin may start dictating what technology is used instead of being able to choose the best solutions and experts available.

Internet balkanization is already here. More and more countries developing protectionist legislation making it harder and harder for global companies to cooperate and share data. Trust between countries, companies and customers is corrupted. CEOs of well-known companies warn against such policies. “The biggest barriers I think that we see are not around engineering. It is around regulation. It is around protectionism. It is around trust, or lack thereof. It’s around policies and procedures,” says Xerox Chairman and CEO Ursula Burns. Apple CEO Tim Cook also praised globalization as generally “great for the world” and cautioned against isolationism.

No less important is the fact that the main beneficiaries of internet balkanization are cybercriminals. “US citizens lost over two billion personal records…over 100 million Americans had their medical records stolen,” according to Steve Langan, chief executive at Hiscox Insurance. Moreover, we are ready to support U.S. law enforcement agencies in the fight against cybercrime, in particular with the fight against Russian cybercrime. We have many cybersecurity experts based in Russia who are often the first to detect and protect from the threats coming from the cradle of cybercrime. They did it two years ago with Carbanak, one of the biggest cyber gangs in history. They did it earlier this year when we announced our research on Lazarus, the North Korean hacking group attacking many victims around the world, including Sony Pictures. We want to help, but unfortunately the current geopolitical turbulence and recent allegations do not help us in protecting America.

Are we returning to the days of McCarthyism? When did it become OK to declare a company is guilty without one shred of public evidence? In addition, while the U.S. has talented cybersecurity experts, smart people, who are dedicated to fighting cybercriminals, are born and educated all around the world. If the most sophisticated cyber threats are coming from countries outside of the U.S., don’t you think using cyberthreat data and technologies from experts located in those countries might be the most effective at protecting your valuable data, especially given that they are fighting against those local threat actors every day?

It is time to separate geopolitics from cybersecurity. We need to work together globally. Kaspersky Lab has good relationships and regularly helps law enforcement agencies all over the world fight cybercrime, and we hope the U.S. will also consider learning more about us, and who we truly are, versus the rhetoric and false assumptions. We’re ready to demonstrate that we have nothing to hide, and that we only want to help defeat cybercriminals and prevent cyberattacks.

With that said, I previously offered to meet with Senators, Representatives, Committees, and federal agencies, publicly or privately, to answer any questions regarding my company or me. The offer still stands.

KL AV for Free. Secure the Whole World Will Be.

Hi folks!

I’ve some fantastic, earth-shattering-saving news: we’re announcing the global launch of Kaspersky Free, which, as you may have guessed by the title, is completely free-of-charge! Oh my giveaway!

We’ve been working on this release for a good year-and-a-half, with pilot versions in a few regions, research, analysis, tweaks and the rest of it, and out of all which we deduced the following:

  • The free antivirus won’t be competing with our paid-for versions. In our paid-for versions there are many extra features, like: Parental Control, Online Payment Protection, and Secure Connection (VPN), which easily justify the ~$50 for premium protection.
  • There are a lot of users who don’t have the ~$50 to spend on premium protection; therefore, they install traditional freebies (which have more holes than Swiss cheese for malware to slip through) or they even rely on Windows Defender (ye gods!).
  • An increase in the number of installations of Kaspersky Free will positively affect the quality of protection of all users, since the big-data-bases will have more numbers to work with to better hone the machine learning.

And based on those three deductions we realized we had to do one thing, and fast: roll out a KL freebie all over the planet!

Read on: Global launch plan…

How Bloomberg Just Edited an Agricultural Newspaper.

History tends to repeats itself, its lessons not having been learned.

Sometimes the new does start to resemble the dystopian visions of the future of old, which our parents, grandparents and great-grandparents had nightmares about and/or read about in the caustic satirical works of the day. O tempora, o mores: nightmares, satire and dystopia – sure, they’re becoming reality, but guess where in particular – in journalism.

More than 85 percent of the company’s revenue comes from outside of Russia, so why would we ever put all of that at risk?

Since childhood there’s been a story I’ve never been able to forget – and wouldn’t want to. It’s Mark Twain’s short tale called How I Edited an Agricultural Paper (Once). Remember it? If you’ve read it’s a  silly question – it’s impossible to forget. Not read it? Spend five minutes doing so now. Why? Well… it’ll save me having to explain something of importance and… you’ll never forget it! Though written nearly 150 years ago, it will open your eyes to the levels of competency, the motivations and the methods applied by a handful of modern-day headline-chasing journalists. And after that prestigious intro to today’s topic, we’ll go through Bloomberg’s latest fictional tale and dissect some of its false accusations, much as we did with its earlier volley of banya journalism.

Inaccuracy One.

To get a turnip It is better to send a boy up and let him shake the tree.

Just as a fish rots from the head down, so too here – the rot set in with the article’s heading:

Here, folks, we have: lies, with a sprinkling of manipulated information based on misconstrued facts to serve an agenda. Yes, seriously!

Read on: When geopilitics kill common sense…

Keeping Cybersecurity Separate from Geopolitics.

Last week, Kaspersky Lab was in the spotlight again in another ‘sensational’ news stream.

I say ‘again’ as this isn’t the first time we’ve been faced with allegations, ungrounded speculation and all sorts of other made-up things since the change of the geopolitical situation a few years ago. With the U.S. and Russia at odds, somehow, my company, its innovative and proven products as well as our amazing employees are repeatedly being defamed, given that I started the company in Russia 20 years ago. While this wasn’t really a problem before, I get it– it’s definitely not popular to be Russian right now in some countries.

For some reason the assumption continues to resonate that since we’re Russian, we must also be tied to the Russian government. But really, as a global company, does anyone seriously think we could survive this long if we were a pawn of ANY government? Our whole business is based on one thing – besides expertise – and that’s trust. Would we really risk our whole business by undermining our trustworthiness?

Especially given that the best non-Kaspersky Lab security researchers (hackers) are constantly scouring our code/products to find and report vulnerabilities. In fact, we even have a public bug bounty program, where we pay researchers to examine our products and search for any issues or possible security concerns. If there was anything suspicious or nefarious to find, they would have publicly shouted it to the roof tops by now.

Read on: Five destructive repercussions of a technology sanctions game…

At Last – Not All So Quiet on the Antitrust Front.

Last fall, in our domestic market we turned to the Federal Antimonopoly Service with a complaint against Microsoft regarding its anti-trust legislation violations.

Despite the long silence on the airwaves, the matter was in fact slowly but surely being addressed. And don’t pay any attention to inaccurate reports about not filing similar claims with the EU Commission: that was off the back of an interview I gave in Germany in which it looks like a fact or two went astray – perhaps lost in translation. We are definitely not planning on ‘temporarily backing off’ filing our competition complaint with the EU Commission.

And anyway, instead of reading reports it’s always better hearing it from the horse’s mouth, as they say… So here I am with real news and confirmed details and plans that I can share at the moment compromising neither ethical nor legal norms.

Ok. Let’s begin…

Microsoft took a two-pronged approach: (i) formal denials; (ii) specific practical steps to address the antitrust demands

First off, as was expected, Microsoft disagrees with our claims. ‘We did not create conditions…’, ‘we have not infringed…’, and even: ‘we do not dominate…’ But facts are stubborn things, and despite the formal denials, Microsoft has, in fact, taken a few crucial steps toward rectifying the situation. And it looks like our actions might have helped encourage Microsoft to do so. Of course, there’s still more that needs to be done, but this is at least a good start toward ensuring that consumers have the chance to choose the best cybersecurity solution for them specifically.

It appears Microsoft took a two-pronged approach: (i) formal denials (which is logical); and (ii) specific (although small) practical steps to meet both users and independent software developers half-way.

I’ll leave out the formal denials here, but in this post I want to tell you a bit about those ‘practical steps’ that were recently taken by Microsoft. Let’s have a look at three notable examples thereof:

Example No. 1: The Alarming Windows Defender PC Status Page.

One of the claims we made against Microsoft regarded the misleading Windows Defender PC status page, pictured below:

The good news is that Microsoft has changed the previously displayed status page in a recent update, addressing several of the confusing and misleading elements we described.

So, what was the original status page for and what were our objections?

Read on: the right direction…

Cyber-Forecast: 2017.

Such is the way Homo Sapiens are: we’re constantly – even recklessly – looking to the future to try and work out what it might hold for us. Many say we should all live in the present – after all, the future never comes – but, well, that doesn’t work for everyone, and most of us do need to make at least some plans for our futures.

But there are different approaches to looking ahead.

There’s belief in fate, pure guessing, flipping a coin, and so on. There’s also not thinking about the future at all. But there’s a far superior, science-based approach too. This is doing the eastern spirituality thing a bit – not quite being in the present but carefully analyzing the present instead – to be able to predict the future as accurately as possible. And this is exactly what is done to predict the cyber-future; in particular – the security of the cyber-future. And that’s what we do – little by little every day, but also broadly and deeply and especially – and merrily – every year, when we bring together the world’s cybersecurity elite for a week-long pow-wow in a tropical seaside resort, which pow-wow we call the Security Analyst Summit (SAS):

Oops – wrong vid. Here u go…:

Dough! Nope. This one:

I don’t know quite how it’s done but every single year SAS just gets better. I mean, it’s always been GReAT, but the GReATness just keeps going up and up: more experts, better quality content, better and more original ideas, slicker, cooler, and more and more world scoops and exclusive material.

And it’s exclusive material that I’ll be writing about in this here post. Specifically, my Top-5 favorite presentations from SAS-2017. I’m not saying the others were no good or just so-so, it’s just I wasn’t physically able to see them all as they were running simultaneously in different halls. Also – everyone has their own taste; well here’s a guide to mine!…

Off we go!…

Read on: A Maze for a Penguin Under the Moonlight…

+1 Enterprise Intelligence Service: Introducing Our Cyberthreat X-Ray!

Human beings are a curious lot. It’s in their nature to try and get to the ‘whys’ and ‘hows’ of everything and anything. And this applies in cybersecurity too; in fact – doubly so: getting to the ‘whys’ and ‘hows’ of cyberthreats is the very basis upon which cybersecurity is built; thus, upon which KL is built.

Getting to the ‘whys’ and ‘hows’ for us means meticulously taking apart every cyberattack into its respective constituent pieces, analyzing it all and, if necessary, developing specific protection against it. And it’s always better to do this proactively, based on the mistakes of others, and not waiting until what we protect is attacked.

To solve this challenging task we’ve a slew of intelligence services for enterprises. In this collection of cyber-precision-tools there’s staff training, security intelligence services to come up with detailed information about discovered attacks, expert penetration-testing services, app-audits, incident investigations, and more.

Well now the ‘and more’ includes our new service – KTL (Kaspersky Threat Lookup) – the smart microscope for dissecting suspicious objects and uncovering the sources/tracking histories of cyberattacks, multivariate correlations, and degrees of danger for corporate infrastructure. Quite the X-ray for cyberthreats.

Actually, all our users already has the lite-version of this service. The security rating of a file can also be checked with our home products, but enterprise customers need a deeper, more thorough analysis of threats.

To begin with, KTL can be used to check not only files, but also URLs, IP addresses and domains. It can analyze objects for the hallmarks of targeted attacks, behavioral and statistical specifics, WHOIS/DNS data, file attributes, download chains, and others.

Read on: Special search engine…

StoneDrill: We’ve Found New Powerful ‘Shamoon-ish’ Wiper Malware – and It’s Serious.

If you’re a regular reader of this here blog of mine, you’ll know about our GReAT (Global Research and Analysis Team) – 40+ top-notch cybersecurity experts dotted all around the globe specializing in protecting our customers from the most sophisticated cyberthreats out there. GReATers like to compare their work to paleontology: exploring the deep web for the ‘bones’ of ‘cyber monsters’. Some may consider this an old-fashioned approach: what’s so special about analyzing the ‘bones’ of ‘creatures’ from the distant past when it’s protecting your networks from monsters that are alive now that’s key? Well, here’s a fresh story that proves that sometimes you won’t find today’s living monsters without looking at old ones…

Some of you will be aware of so-called wipers – a type of malware which, once installed on an attacked PC, completely wipes all data from it – leaving the owner of the computer with a completely clean, hardly operating piece of hardware. The most famous (and infamous) wiper is Shamoon – malware which in 2012 made a lot of noise in the Middle East by destroying data on 30,000+ endpoints at the world’s largest oil company – Saudi Aramco, and also hitting another energy  giant – Rasgas. Just imagine: 30,000+ pieces of inoperable hardware in the world’s largest  oil company…

Shamoon, Shamoon 2.0, StoneDrill, Newsbeef. The wipers are spreading across the globe

Curiously, since it’s devastating campaign against the Saudi company in 2012, little has been heard of Shamoon, until it returned in 2016 as Shamoon 2.0, with several new waves of attacks – again in the Middle East.

Since the new waves of Shamoon attacks began, we’ve been tuning our sensors to search for as many versions of this malware as possible (because, let’s face it, we don’t want ANY of our customers to EVER be struck by malware like Shamoon). And we managed to find several versions – hurray! But together with our haul of Shamooners, our nets unexpectedly caught a completely new type of wiper malware, which we’ve named StoneDrill.

The code base of StoneDrill is different to that of Shamoon, and that’s why we think it’s a completely new malware family; it also utilizes some advanced detection avoidance techniques, which Shamoon doesn’t. So it’s a new player, for sure. And one of the most unusual – and worrying – things we’ve learned about this malware is that, unlike Shamoon, StoneDrill doesn’t limit the scope of its targets to Saudi Arabia or other neighboring countries. We’ve found only two targets of this malware so far, and one of them is based in Europe.

Why is this worrying? Because this finding indicates that certain malicious actors armed with devastating cyber-tools are testing the water in regions in which previously actors of this type were rarely interested.

Read on: more wipers!…