:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/74BQEJDJVOCZDTVTXL3TL7XLJQ.jpg)
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
Russian security expert Eugene Kaspersky describes himself on his Twitter profile as "mainly on the road".
And sure enough, in a seemingly endless roadshow "talking about security issues", he was in Colombia last week. This week, it's Dublin, before he zigzags onwards to Abu Dhabi, Canberra, Singapore, the US and Japan. He rattles off a few more cities and grins.
Kaspersky, one of the wealthiest businessmen in Russia, built a security empire initially battling inbox and PC viruses and malware for consumers and businesses. But, as the threats multiplied and grew more complex, his namesake company Kaspersky Lab has moved into blocking cyberespionage, cybercrime, and other cyber-nasty woes of modern online life.
Now he has his eye on a new market: protecting critical infrastructure from cyber-terrorists and cyberwarfare. After all, it might be a government, rather than hackers, cybercriminals or other online bad guys, wanting to take down a critical service.
“It’s a very new business for us,” he says in his strong Russian accent. “And!” He pauses, grins again, leaning forward as if to reveal a confidence: “There are almost no competitors.”
There weren't that many either when he first became fascinated with the earliest internet viruses in the 1980s. Kaspersky had graduated from the Institute of Cryptography, Telecommunications, and Computer Science in Moscow in 1987 – having been accepted at 16 – and reportedly got his first virus on his own PC in 1989.
Antivirus products
From that point on, he was intrigued with figuring out the minutiae of how viruses worked. Eventually, he left his position as an intelligence officer in the Soviet army, ultimately setting up Kaspersky Lab with now-ex wife Natalia in 1997.
The company has grown to be a giant in the area of security, one of the top four globally. It’s a curious example of how much the post-Cold War world has changed: a Russian company, founded by an ex-intelligence officer, widely trusted to protect the computers of (among others) millions of US citizens and businesses.
Kaspersky code is embedded in the products of other technology companies’ products, too, stretching its actual customer base well beyond its millions of retail sales of antivirus products under the Kaspersky Lab name.
The company has, as Kaspersky indicates, moved beyond antivirus though. In 2010, it revealed the existence of an American-Israeli bit of computer spyware that Kaspersky Lab dubbed "Flame". The Washington Post revealed Flame was a malware program jointly developed by the US and Israeli governments to infiltrate PCs in Iran to map and monitor its nuclear capabilities.
It was a companion to "Stuxnet", the sophisticated US-Israeli worm that, only weeks earlier, the New York Times had said was being used to infiltrate Iran's uranium enrichment programme, causing centrifuges to malfunction.
Kaspersky says there are other likely examples of state-supported cyberespionage and cyberattacks on infrastructure – an attack on a Korean financial organisation, a cyberassault on Estonia, and just last week, perhaps, a digital assault on an Israeli transport system.
"I'm very sure many nations have these cyberweapons. Definitely the US and Israel, who were behind Stuxnet, if you trust what the media say. Many others have cyber divisions within the military. The UK, Spain, Russia, India, China, etc, but they don't report what they do. [But] I'm pretty sure they have these cyberweapons, and that they will be used."
Terrorists and criminals
That governments will use malevolent code to disrupt communications, gather or destroy data, and damage physical infrastructure is bad enough. What really worries him is that terrorists, criminals, even the Mafia, could get hold of the code, reverse-engineer it (determine how to build a program by picking apart how it works) and use it in even more nefarious ways, such as to control a warhead.
“Cybercriminals are already learning from the use of cyberespionage,” he says. He has thought through some possible scenarios of what could be done that are so awful that he won’t even talk about them, in case it gets terrorists thinking, he says.
Kaspersky has launched a campaign on the issue, asking world governments to support a treaty to ban the use of cyberweapons. That’s in part, why he is on the road so often. While in Dublin, alongside business matters, he’ll talk about the issue to technicians and executives, to a general audience at the Web Summit, and to the Government.
On the other hand, he adopts a more neutral position on the surveillance revelations that have come from whistleblower Edward Snowden (a rumour went around Twitter that Kaspersky Lab had hired Snowden, which Kaspersky swiftly denied).
“I’m not a judge to say what’s good, what’s bad, what’s worse,” he says. Maybe such programmes help prevent terrorist attacks, he says. “And nations – they are always watching what is going on in other nations. But I think watching the national leaders – that’s not a good idea.”
Collecting data from social media, on the other hand – well, people have chosen to share information, he says. He doesn’t think the next generation of “digital native” children will be bothered by that kind of scrutiny.
“But private data – I think governments [should] watch that only if they have permission from the courts. It’s a really interesting discussion about Snowden, what’s right – but I don’t know.”
'I hate them!'
He's in quite jovial form, though, having just had the well-known "patent troll" company Lodsys abandon a US court case in which it claimed Kaspersky Lab owed payments for patents it owned.
“I hate them!” he says of patent trolls. “If my company was paying to patent trolls, I could not respect myself. They’re bad guys. It’s not my game to have negotiations with bad guys.”
What’s most surprised him in the 30 years he has been working in computer security?
"Soviet Union disappeared," he says with a long belly laugh. More seriously, a few things: discovering computer malware could be used to attack online banking; that a few years later malware could be used for espionage, to look at computer files, or secretly turn on PC microphones; the development of sophisticated cybercrime; and finally, the arrival of cyberweapons and, potentially, cyberwar and cyberterrorism.
Some of these things were predicted, including by himself, he says. Cyberterrorism? He was thinking about it well before it was openly discussed, but he wouldn’t say anything in case it got the wrong people thinking, he insists.
Then he laughs again. "Hollywood, 2007. Die Hard 4." The plot revolved around cyberterrorism.
“I called my guys and said, ‘okay, now we can talk about cyberterrorism’.”
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/RBGXVH6RTVEOLLUNMVD4D3FCOE.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/DIEOJSILNXVEW3P5DOPVVYQOYE.jpg)
:quality(70):focal(928x575:938x585)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/RXEDHO7AYBH3TKPEB7KTVPMXTE.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/23VJOXA7VTILUSOJAKTXRVVTRI.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/SZYQ3WCTQJC3HBA6YYL44NQBIU.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/BSV37UJE7RDFNHZIHYGFU4DK4A.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/XXHQSOO2BPKZWF3CDI6T6RNV5E.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/RMOLEXWL2P2WGQ7NDBSRL6ZSJM.jpg)