Russian computer security biz Kaspersky Lab is working closely with Russia's intelligence services and gathering information on its customers, it has been claimed.
An exposé, published by Bloomberg, details allegations that since 2012 Kaspersky has been replacing senior management staff with those close to the Russian Federal Security Service of the Russian Federation (FSB). Six current and former employees of Kaspersky said the software firm is providing information to Russian spy hive the FSB to help it in criminal investigations.
In a statement to El Reg, Kaspersky Lab points out that it works with law enforcement around the world, so long as requests are legal under local and international laws. It also said users can opt out of sending information back to the company if they wish.
Two sources told Bloomberg that chief business officer Garry Kondakov sent an email saying that the company’s top jobs were for Russians only, and that board meetings are now held using Russian rather than English, as they had once been. Kaspersky Lab says the email never existed.
Eugene Kaspersky, founder of the eponymous software firm, was educated at a school bankrolled by the Russian Ministry of Defense and the KGB (now the FSB Academy), and reportedly has a regular weekly sauna (banya) with Russian intelligence officials. Banya spots are a traditional meeting place for Russians, and Kaspersky says there is nothing sinister about the steamy sessions.
"This is a false statement. Eugene Kaspersky has never had 'intelligence officials' in banya. Or, at least, he didn’t know they were there. Many other people, including Kaspersky Lab employees from other countries, were/are frequent visitors to banya," rebutted the firm.
Three sources claim that the firm's chief legal officer Igor Chekunov, another regular at the banya sessions, is the main point of contact with the FSB, and manages a team of ten staffers who help the security service with investigations.
"Kaspersky Lab’s Computer Incidents Investigation Department was introduced in May 2013," the firm said.
"Its responsibilities include rapidly responding to computer incidents in order to disrupt malicious programs, providing threat intelligence services and the investigation of computer incidents, as well training for law enforcement agencies and private companies."
Kaspersky Lab has published a series of reports this year into a family of hacking tools dubbed Equation, claiming they bear the hallmarks of being built and run by America's spy-nerds, the NSA.
The firm has also published similar findings on suspected state spyware that might have come from Western governments and it is this that has provoked the report, Eugene said.
It's not as though the US has clean hands in all of this. The CIA has funded the development of security software firms like FireEye, Veracode, and Hytrust though its In-Q-Tel investment fund, and American firms have been noticeably silent when it comes to investigating suspected US state-sponsored malware. ®