Kaspersky neutral stance in doubt as it shields Kremlin
Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.
The company insists that they ‘never provide any law enforcement or government organization with access to user data or the company's infrastructure.”
Attempt to stay neutral
Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cybersecurity community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.
"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.
Kaspersky's vague language, however, infuriated many pro-Ukrainians as he tried to downplay Putin's role by calling Russia’s invasion a “situation in Ukraine.”
Kaspersky, being a well-recognized brand worldwide, has always been haunted by its origins and put efforts to shake ties to the Russian government, including moving its core infrastructure from Russia to Switzerland and unsuccessfully suing the US government for its decision to ban the use of Kaspersky Lab within the US government.
The company emphasizes that it does not share any user data with law enforcement. However, a closer look at Kaspersky's activities exposes its close business ties with key players in Putin's Russia.
Cybernews senior information security researcher Mantas Sasnauskas ran a few simple commands (nslookup and traceroute) and discovered that the IP address behind the mil.ru (the Russian Ministry of Defence) belongs to Kaspersky labs. While this can mean many different things, researchers speculate that Kaspersky might have some contract where the Russian government hosts their front-facing servers or the Internet through them.
It is also worth noting that many high-value domains for the Russian government oiling its propaganda machine, such as state-owned news agency TASS, state-owned TV network Russia Today, and GazpromBank, are protected by Kaspersky Labs.
TASS and RT, among others, play an instrumental role in Putin's propaganda, and tech giants, following requests from many governments, have already restricted their access in many countries, including Ukraine, and made it impossible for them to earn money on their platforms.
Since Russia Today and TASS are spreading Russia's government propaganda and censoring what is happening in Ukraine, it makes Kaspersky's Twitter announcement that they're neutral in this war obsolete, as they are helping the propaganda machine to stay alive,Sasnauskas said.
We reached out to Kaspersky Labs to learn more about the kind of cooperation it has with the Russian government and whether that makes its clients vulnerable.
"mil.ru is not hosted on Kaspersky infrastructure," Kaspersky told Cybernews in an email. It further reads that Kaspersky DDoS (distributed-denial-of-service) Protection “has been protecting the resources of the Russian Ministry of Defense for several years as well as a variety of customers across industries such as transportation, media, retail, technology, etc.”
The Russian Ministry of Defence has been one of the primary targets for pro-Ukrainian cyber activists in countless attempts to take its website down and leak its data.
Below is the full Kasperky's statement on its services for the Russian Ministry of Defence:
"The resources of this organization are protected according to the scheme of traffic redirection with reverse proxying: in order to put a resource on the Internet, the address of the proxy server of Kaspersky is used, to which the DNS A resource record points. "A" stands for "Address", it is one of the main DNS records that is used to transform domain names into IP addresses. For example, at the moment, such an entry for mil.ru points to the address 220.127.116.11 – which is the address of the Kaspersky DDoS Protection proxy server. The real address of the resource in such a scheme is hidden from users on the Internet, their requests are received by the Kaspersky proxy server, which already redirects them further to the real address of the resource, and the responses from it are sent to the client in the same way, through the proxy. Thus, the Kaspersky solution infrastructure deals exclusively with redirecting requests, pre-filtering them from spurious traffic and hiding the real address of the resource behind it. This is how all the resources protected under the reverse proxy scheme: not only by our solution but by those of any other companies which use a similar traffic redirection scheme. The Kaspersky DDoS Protection solution does not modify either requests to protected resources or responses from them to clients, but only filters them from attacks, the resource management is entirely carried out on the customer's side without the participation of Kaspersky." [original wording and punctuation are kept.]
The company also highlighted that users' security and privacy are its key priority. It never provides “any law enforcement or government organization with access to user data or the company's infrastructure.”
It further noted that it is not obliged to provide any information and that two external organizations have audited the security and integrity of its data services and engineering practices.
"Kaspersky works with the authorities in the best interests of international cybersecurity, providing technical consultations or expert analysis of malicious programs to support cybercrime investigations and in accordance with applicable laws."
Kaspersky also pointed us to its Transparency report detailing how the company responds to requests from authorities.
More from Cybernews:
Subscribe to our newsletter