Kaspersky neutral stance in doubt as it shields Kremlin

Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.

The company insists that they ‘never provide any law enforcement or government organization with access to user data or the company's infrastructure.”

Attempt to stay neutral

Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cybersecurity community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.

"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.

Eugene Kaspersky
Eugene Kaspersky. Image from Shutterstock

Kaspersky's vague language, however, infuriated many pro-Ukrainians as he tried to downplay Putin's role by calling Russia’s invasion a “situation in Ukraine.”

Kaspersky, being a well-recognized brand worldwide, has always been haunted by its origins and put efforts to shake ties to the Russian government, including moving its core infrastructure from Russia to Switzerland and unsuccessfully suing the US government for its decision to ban the use of Kaspersky Lab within the US government.

The company emphasizes that it does not share any user data with law enforcement. However, a closer look at Kaspersky's activities exposes its close business ties with key players in Putin's Russia.

Aiding Kremlin

Cybernews senior information security researcher Mantas Sasnauskas ran a few simple commands (nslookup and traceroute) and discovered that the IP address behind the mil.ru (the Russian Ministry of Defence) belongs to Kaspersky labs. While this can mean many different things, researchers speculate that Kaspersky might have some contract where the Russian government hosts their front-facing servers or the Internet through them.

It is also worth noting that many high-value domains for the Russian government oiling its propaganda machine, such as state-owned news agency TASS, state-owned TV network Russia Today, and GazpromBank, are protected by Kaspersky Labs.

TASS and RT, among others, play an instrumental role in Putin's propaganda, and tech giants, following requests from many governments, have already restricted their access in many countries, including Ukraine, and made it impossible for them to earn money on their platforms.

Since Russia Today and TASS are spreading Russia's government propaganda and censoring what is happening in Ukraine, it makes Kaspersky's Twitter announcement that they're neutral in this war obsolete, as they are helping the propaganda machine to stay alive,

Sasnauskas said.

We reached out to Kaspersky Labs to learn more about the kind of cooperation it has with the Russian government and whether that makes its clients vulnerable.

"mil.ru is not hosted on Kaspersky infrastructure," Kaspersky told Cybernews in an email. It further reads that Kaspersky DDoS (distributed-denial-of-service) Protection “has been protecting the resources of the Russian Ministry of Defense for several years as well as a variety of customers across industries such as transportation, media, retail, technology, etc.”

The Russian Ministry of Defence has been one of the primary targets for pro-Ukrainian cyber activists in countless attempts to take its website down and leak its data.

Below is the full Kasperky's statement on its services for the Russian Ministry of Defence:

"The resources of this organization are protected according to the scheme of traffic redirection with reverse proxying: in order to put a resource on the Internet, the address of the proxy server of Kaspersky is used, to which the DNS A resource record points. "A" stands for "Address", it is one of the main DNS records that is used to transform domain names into IP addresses. For example, at the moment, such an entry for mil.ru points to the address – which is the address of the Kaspersky DDoS Protection proxy server. The real address of the resource in such a scheme is hidden from users on the Internet, their requests are received by the Kaspersky proxy server, which already redirects them further to the real address of the resource, and the responses from it are sent to the client in the same way, through the proxy. Thus, the Kaspersky solution infrastructure deals exclusively with redirecting requests, pre-filtering them from spurious traffic and hiding the real address of the resource behind it. This is how all the resources protected under the reverse proxy scheme: not only by our solution but by those of any other companies which use a similar traffic redirection scheme. The Kaspersky DDoS Protection solution does not modify either requests to protected resources or responses from them to clients, but only filters them from attacks, the resource management is entirely carried out on the customer's side without the participation of Kaspersky." [original wording and punctuation are kept.]

The company also highlighted that users' security and privacy are its key priority. It never provides “any law enforcement or government organization with access to user data or the company's infrastructure.”

It further noted that it is not obliged to provide any information and that two external organizations have audited the security and integrity of its data services and engineering practices.

"Kaspersky works with the authorities in the best interests of international cybersecurity, providing technical consultations or expert analysis of malicious programs to support cybercrime investigations and in accordance with applicable laws."

Kaspersky also pointed us to its Transparency report detailing how the company responds to requests from authorities.

More from Cybernews:

The ingredients for ransomware attack in space are here - interview

Ukraine's tech diaspora to cybersecurity firms: drop Russian clients

Cybersecurity needs to improve if IoT is to thrive

Insurance giant AON hacked

Conti leaks: pro-Ukrainian member exposed more gang’s chats and Trickbot’s source code

Ransomware gang starts leaking Nvidia's internal data

Subscribe to our newsletter


prefix 2 years ago
I might believe that they're neutral, but what could Eugene do when the FSB put a gun on his head? What are the company stance when their office is raided? The only way Kaspersky can be trusted is when they're GTFO from Russia.
prefix 2 years ago
I've been a loyal Kaspersky customer for 10+ years, and I'm now switching to Bitdefender. Eugene is a billionaire living in Moscow, Russia. His taxes are paying for the Putin war machine. Not helped by his prior dealings with the Russian military and KGB-sponsored technical college. He also refuses to denounce the war with Ukraine, calling it a mere 'situation'.
prefix 2 years ago
One would be insane to trust Kaspersky in the current trajectory the world is heading. Even though they might want to be neutral, one can't trust a security company that resides in an extremely repressive state. Even if they're inherently neutral in their hearts and minds, what stops Kremlin from forcing them to cooperate? One can also ask what stops Russian intelligence services from infiltrating the company which shouldn't be completely impossible when their headquarters lies in Moscow.
It's a shame, but when it comes to security you just can't take such risks.
prefix 2 years ago
I too have removed all Kaspersky software from 10 devices. Everybody please do the same.. Show support for Ukraine!
Jaxon Freeman
prefix 2 years ago
As an IT professional I have used and provided Kaspersky to end users... hundreds of times. No more. I don't really care what the company says, they can no longer be trusted. Period. Everyone needs to cancel and remove their software immediately.
Stephen Raines.
prefix 2 years ago
Likewise! After 10 years + of using Kaspersky I removed it completely on 4th March. Even though I had purchsed new subscriptions in advance. I had always been happy with the product after having two previous infections whilst running Norton. I have switched to Bitdefender + VPN. It's similar dashboard to Kaspersky but seems more user friendly. It was a little frustrating to navigate at first for set up, but I am happy because it found 3 trojans lurking in a programe on my computer for years which Kaspersky never detected. I like others made this decision because I no longer trust in any obligarch associated with the Russian Government suppressing it's people and invading Ukraine.
Mark Read
prefix 2 years ago
I have been a long standing user of Kaspersky, however I can't justify using this software in the current climate and have recently cancelled my subscription, my account and switched to Bitdefender. I am glad others are also choosing to cancel. It is the right thing to do.
prefix 2 years ago
I have cancelled my kaspersky subscription and will never renew it.
Why would i use a Russian organisation and effectively support Putin.
prefix 2 years ago
Come on guys. I want this to end more than you do (family on the area), and I condemn Putin for it. The Russian people have no control over this, of you think they do, you are severely uninformed. I have no bad will towards Kaspersky either.
prefix 2 years ago
As a small business providing IT solutions for customers in the West Midlands, UK, we no longer provide or support Kaspersky software products. A number of our customers have switched using alternative Antivirus solutions.
Richard D Taken
prefix 2 years ago
I have just cancelled my subscription to Kaspersky, after many years of cover. I wish to make a personal stand against Russia and Kaspersky. Kaspersky needs to make a stand about the invasion of Ukraine. They need to condemn the unprovoked invasion by Putin and the Russian army.
prefix 2 years ago
I too have cancelled my subscription due to the Ukrain invasion and war crimes commited by Putin. Please join us.
prefix 2 years ago
And this is why I deleted Kaspersky from all my devices the other day. I'd prefer an unprotected device than a drone of the Russian propaganda.
Leave a Reply

Your email address will not be published. Required fields are markedmarked