The Kaspersky equation

THERE is more than one reason to harbour doubts about Eugene Kaspersky and the computer-security company that bears his name. He graduated from an institute close to the KGB and later worked for the Red Army. He has called Edward Snowden, the whistle-blower, a “traitor” for having broken his contract with his former employer, America’s National Security Agency (NSA). And, like many an executive in his industry, his regular warnings about big, emerging cyber-threats just happen to be good for drumming up business.

However, Kaspersky Lab has repeatedly impressed sceptics by exposing genuine and serious cyber-security problems. In 2010, for instance, it helped uncover Stuxnet, a computer worm designed to sabotage the Iranian nuclear programme.

On February 16th Kaspersky appeared to repeat this feat, not once, but twice. First it released a report detailing how a gang it calls Carbanak had hacked the computer systems of banks around the world. It said the gang had stolen several hundred million dollars by moving money to fake accounts and making cash machines dispense their contents. The same day the firm said it had discovered the “Equation Group”, apparently part of the NSA, which it said was able to embed spyware in computers that gives it total control over them, even after the hard disk has been erased and the operating system reinstalled.

Such revelations, as well as Mr Kaspersky’s relentless salesmanship and his company’s popular antivirus software, have turned it into one of the rare Russian firms that is successful abroad—and perhaps the country’s best-known brand after vodka and AK-47s. Founded in 1997 in Moscow, the company now has offices in 30 countries, 3,000 employees and 400m users, and had $667m in sales in 2013. Consumers generate about 60% of revenues, the rest comes from corporate customers. Kaspersky Lab says it stumbled across the Carbanak gang when it was asked by a bank to investigate why its cash machines had taken on a life of their own.

For all the firm’s expertise and commercial success, questions linger over whether the Kremlin would be able to resist exerting some control over a Russian firm in such a sensitive line of business. The company insists its home government is just another customer and that it co-operates with it no differently from the way it does with other governments. The financial information it releases is limited. It had plans to go public shortly before the global financial crisis, but now it intends to stay private (Mr Kaspersky is majority shareholder). Being private allows it to be more flexible and pursue “visionary projects”, he says.

Some computer-security firms cry wolf to attract attention; Kaspersky’s wolves have often proved to be real. Indeed, there is a thread between its two latest revelations, says Bruce Schneier, a cyber-security analyst. “Today’s top-secret programmes,” he writes, “become tomorrow’s PhD theses and next day’s hacker tools.” In other words, what the NSA does now, criminals will eventually copy.