Hi, everyone, it's a Key This Week group bringing you an update on an episode that we first broadcast last summer. It was the result of a detailed investigation into Kaspersky Lab, one of Russia's largest tech companies in the businesses relationship with the Russian government. We're going to play you an excerpt of that original episode to refresh your memory. But stick around because we'll be back after that with an update.
Like call hearing to order, like to welcome our witnesses. Today, Director of National Intelligence Dan Coates and may a group of U. S senators held the public hearing. It was about maybe the most divisive tech company that you've never heard of. Kaspersky Lab software is used by not hundreds of thousands, millions of Americans. Kaspersky Lab, that's Russia's top cyber security company. This is Marco Rubio, a Republican Senator
from Florida. He's sitting behind a wooden daist with the rest of the Senate's Intelligence Committee, and he's questioning a panel of America's most senior intelligence officials. To each of our witnesses, I would just ask, would any of you be comfortable with Cospersky Lab software on your computers have resounding no for me. No Senator, no sir, No Senator, no sir. This software from Kaspersky Lab that none of these intelligence officials want on their computers. It's not just
your run of the mill application. It's anti virus software that gets very deep access into our computers to protect us from hackers. Their software is installed all over the United States in the computers of not just US ordinary consumers, but also in the computers of banks, power plants, internet routers,
and even portions of the U. S. Government. But the Senators, once again without mentioning details, seemed to be very concerned about the ties that the company has with Russia's own government, the very government that tried to influence and hack the U. S. Presidential elections last fall. Today, I'm going to give you a peek into Kaspersky's connections with people inside Russia's intelligence services,
relationships the company has tried to keep secret. It's an investigation that we've been working on for about two years now. These are details that have never been reported on before. Hi am Akio, and I'm Jordan Robertson, and this week Undecrypted, we're going to be introducing you to Kaspersky Lab and its founder and CEO, Eugene Kaspersky in Russia. Eugene is a celebrity entrepreneur, one of the few really big names
in Moscow's tech industry. He's built a huge business across the U S and Western Europe, which together make up more than half the company sales. Kaspersky himself has publicly denied working with the Russian government, and he's offered to answer senators questions and to make the company's source code available to the US government to show that there's no cause for concern. But after listening to this episode, I think you'll understand why the US government thinks Kaspersky may
be vulnerable to Russian government influence. Now, none of this is meant to suggest that Kaspersky has actually used its connections with the Russian government for malicious purposes. We do not have any basis for believing that. But the combination of having relationships with people in Russian intelligence, as well as the ability to closely monitor large swaths of our
digital infrastructure, is making American officials nervous. Plus will please some tape that has never been aired before of using Kaspersky himself talking candidly on the record about his relationship with some Russian government officials. Stay with us. So. Eugene Kaspersky was educated at a KGB sponsored cryptography institute, and he later worked for Russian military intelligence. But the reason
he's famous is for his company, Kaspersky Lab. It was a company he started twenty years ago in the early days of anti virus security software, and it's made him a rich man. It's also made him the target of some of these congressional and intelligence community attacks. Right he's viewed at home in Russia kind of the way we think about Mark Zuckerberg right here in the US. He is. Eugene is a boisterous, barrel chested guy in his fifties. I've met him a few times, and everyone who's met
him will tell you the same thing. He's the life of the party. He's gregarious, quick with a joke, and you just get the sense that this guy knows stuff that others don't like. He's plugged into places not a lot of other people are, and his company a Spersky Lab, has a big reputation too. I can tell you that in Moscow here that's Oleg Demodov, a Russian cyber warfare expert with the p i R Center, an international security
research organization based in Moscow. Kaspersky Lab has been regarded is probably the most successful company in Russian information security cyber security sector, and that success all came from the anti virus software that the company sells. Kaspersky makes deals with retailers and PC makers to install it software on the devices, in some cases even before you buy it, and this part of Kaspersky's business is very large. It's
what the company is most known for. I sense a butt, but Kaspersky's technology is also pervasive in less obvious places. The company boasts some four million users worldwide, but according to one person familiar with how the company counts users, as many as two hundred million of those probably don't
know it. That's because of undisclosed licensing agreements that put the Kaspersky Lab anti virus system in things like Internet routers that power large corporate networks and even critical US infrastructure. Kaspersky was founded in Moscow, but has quickly expanded its
business to other markets. More than half of Kaspersky Labs revenue last year came from the U S and Europe, according to the research company I d C. And Eugene knows it's critically important that his clients in the West do not associate him too closely with his government, which of course has been actively hacking political operatives across the US and Europe. Yes, but I do need to emphasize it's not just Russian companies that have to work with
the Russian government. I don't think there's a tech company in the world that can just refuse to cooperate with its home government. Right. The Edwards Snowden revelations showed a pretty cozy relationship between the n s A and a lot of American tech companies, So it wouldn't be super rising at all to people in the industry if Kaspersky Lab had to keep some amount of contact with the Russian government, complying with legal requests for information and that
kind of thing. Those sorts of requests are very routine and happened here in the US. Two. But then there's the stuff that you've discovered in your reporting with our cybersecurity reporter Michael Riley. Right, our reporting shows that Kaspersky has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than Eugene Kaspersky has publicly admitted. We found evidence that Kaspersky Lab developed custom security technology
that the FSB asked for. Plus we've uncovered some joint projects between the company and Russian intelligence. Coming up, we'll hear the details on Jordan's and Mike's investigation. That's right after the short break. Before the break, we were just about to hear the details of your stigation, Jordan with Mike that highlighted some of the work that Kaspersky has
done for the FSP. So let's hear these details. So, my colleague Mike Riley and I recently reviewed internal emails from October two thousand nine, suggesting that at least back then, Kaspersky Lab had a close working relationship with the FSB. Now remember that's the main intelligence agency in Russia, right, And what did that relationship look like? These emails actually come from Eugene Kaspersky himself discussing a project with his
senior staff. The emails show that even back in two thousand nine, so again eight years ago, Kaspersky was making custom software to protect the government's own network from any kind of external hack. And that doesn't sound that unusual, right, Well, It's one thing to make the software and sell it to the government, but the emails also discussed another type
of operation. Kaspersky Lab's own employees appear to have been physically accompanying Russian agents on these raids to locate people thought to be launching hacks or cyber attacks against the government. So not just tracking these hackers down from their offices, but actually riding along on the cop cars. Correct. Have you heard of this kind of thing ever happening before? No? Never.
We talked to lots of cybersecurity experts, and I've never spoken to one who's accompanied a federal law enforcement agent on an arrest. It's very common for private sector security companies here in the US to provide data on criminal hackers to the FBI, which then makes the arrest right And and what else did you find? Those emails, which I should remind everyone were written in two thousand nine,
mentioned two Kaspersky Lab employees by name. One of them was the Caspersky employee going out on those raids with the FSP agents. In December, the Russian government arrested that man on treas and charges for alleged connections to get this U S intelligence for a company that claims to have no connections to the Russian government, having employees ride along on these raids sounds very much like a connection.
And as luck would have it, Mike and I actually broached some of these subjects with Eugene Kaspersky back in for a profile we did on the company for Bloomberg Business Week. Eugene Kaspersky agreed to let us record the interview, which was all on the record, and Jordan's this was the first time that you confronted Eugene Kaspersky with information you'd obtained back then about his ties to Russian officials. Well,
I'll play you this bit first. This is where Eugene Kaspersky suggests that his company's interactions with law enforcement, both in Russia and in other countries around the world, happened routinely. Well, actually, we're in Dutch, was both us everywhere on the world. We're in Dutch with the cyber police and cybersecurities. Uh and in the Russia the cyber police is for their low levels other crime and there were serious effects like
kind of not yet. For example, this level is a FSB department which is kind of deches right side side, So of course we worked very close to them because there's so much crime in Russia. But after quite openly talking about the work that he does with the FSB, Eugene Kaspersky reverts to this favorite punch line of his, which is at he's closer to the FBI in America than he is with Russian authorities. So there are rumors
about our various special links. And in creaming we'll have I let's say that, of course we have in touch with these guys, but I think that in Israel, in in the United States, we have much better connection this
love of enforcement. And in this interview in Mike and I asked Eugene about this thing we heard about where he goes to the banya with members of the Russian military and Russian intelligence is a Russian sauna, that's right, And we wanted to ask specifically about this because if it's true, that would suggest he has friendly relations and ships with people in Russian intelligence. When I go to Banna, it's like a difference not only from the company, but
we don't talk about business. There are some most friends. FSB military generals are some of these training or military personnel, and therefore they we have a one guy there. It's a friend of us. Uh, he's a retired as he's simply there because well, actually he was responsible for certification. So to get a military contract like the New States and the Europe and the rest of the same, you have to positiveification. So we went touch with that man
for long years. So Kaspersky is wide business network in the US, combined with a working relationship with the Russian government is what's making officials here in the US nervous. For them, even the possibility of Kaspersky's platform being used as a backdoor into computers, fire walls, and routers around the world is terrifying, although we don't have evidence that
the company ever tried to do this. And in a statement, Democratic Senator Jeane Schaheen called the ties between Kaspersky and the Kremlin quote alarming, and she said it's because of that that the Congress and the administration thinks quote Kaspersky lap cannot be trusted to protect critical infrastructure, particularly computer systems, vital to our nation's security. We also saw news of a Senate bill that will ban the Department of Defense
from using Kaspersky software. We recently reported at Bloomberg that Russia is threatening some kind of retaliation if this bill goes through. We don't have details on what kind of measures that could entail, but the threat from Russia shows
just how important this one company could become. And by the way, we ask Kaspersky Lab for comment on our story today, they said, quote, Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyber threats, but it does not have any unethical ties or affiliations with any government, including Russia. With the U S relationship with Russia where it is now just tensions being higher than
they have in a really long time. Do you think a company like Kaspersky Lab even stands a chance in the federal government market. I think Kaspersky Lab is going to find it very, very hard to penetrate the US federal market, and they've all but acknowledged that this really
isn't a market they're pursuing. However, on the consumer side, their software is actually really good at what it does, and it has the endorsement of a lot of cybersecurity professionals, so on that side, they still see potential for very very big growth, but really what's happening here is just as the US doesn't buy missiles and other weapons systems from foreign countries, we're starting to see the same thing play out in the cybersecurity market, where if your security
software is made by made in a country that is considered an adversary, you may not have great success here in the U. S Okay, so Jordan's it is now mayen. Since we first ran that episode last year, the Trump administration has banned the federal government from using Kaspersky software. A lot's happened. Walk us through some of the highlights. As no federal agency is allowed to use Kaspersky Lab
software anywhere on its networks. Now, that doesn't mean there's no Kaspersky Lab software anywhere on those networks Already, It's used in some very small parts of those organizations. So as though the government is supposed to be getting rid
of all of that software. Uh, it's been several years now since we've been hearing this drumbeat of concerns from national security officials here in the US that Caspersky Lab could be a backdoor mechanism for the Russian government to spy on American citizens, American businesses, American government organizations and uh, and last year a pretty bombshell type of storyline emerged, you know, that involved Kaspersky Labs software apparently being used,
according to National security officials, at the hands of Russian intelligence services, to spy on American citizens computers and look for classified material on those computers. And in one case, apparently they found an n S A contractor who had
taken classified materials home to his home computer. The Caspersky Lab software, according to the reporting, flagged on that software, and UH, the Cospersky Lab software was able to retrieve that classified material from that analyst computer who wasn't supposed to have it on his computer in the first place. And then there's the report we saw just the other week that U S Intelligence officials are considering officially sanctioning Kaspersky. Tell us what that means, tell us why that is
different from what's already happened. Sure, so what we're seeing now. Anytime you see these stories about, you know, federal officials mulling a ban on something, whether it's Kaspersky Lab software out of Russia or Huawei and Zte hardware and mobile phones out of China, you know what the government is typically doing is restricting the use of those technologies on federal networks. I mean, that's what the federal government can
most directly control in the case of Kaspersky Lab. Again, as of Kaspersky is banned from all federal networks, that's kind of the logical step for a federal government that's concerned about a technology. Sanctioning Kaspersky Lab would be a whole other level. What's sanctioning Kaspersky Lab would mean is that no US business would be legally allowed to do business with Kaspersky Lab. That would be a fine, herble
punishable offense. So if Kaspersky were to be sanctioned by the US, that would effectively wipe out all of Kaspersky's US sales. That would be devastating for the company instantly. Yeah, I mean, as all of this has gone on, you know, Kaspersky has lost over the past year, especially significant clients in the US. Best Buy has stopped selling them at their retail stores. Uh, you know, and other large big
box retailers have done the same. But still it's it hasn't been illegal to buy the software, and many, many people, millions of people have Kaspersky software in the US. I mean Let's not forget it was only you know a little over a year ago that you walk into any best buy in the country and you would see Kaspersky Labs software all over the shelves. And anytime you bought a new computer and went to the geek squad to have it set up. So you know, Kaspersky paid a
pretty penny on for their marketing in the US. And the reason is the U s was is there. Big was their biggest market. But if they were to be formally sanctioned and all of that business were to dry up, you know, the big box retailers are gone, but any consumer business they had left in the US at any small business, uh, you know, sales they had left in the US, those are evaporate instantly, and you're talking about wiping out potentially, I don't know fift of the company.
And you know recently the Chinese tech companies Huawei and Zte you just mentioned them earlier, have come under similar scrutiny. The Pentagon just announced that it's banning the sale of z t E and Wawi phones a military bases. And uh, presumably this is because US officials are worried that the Chinese government could order these companies to create backdoors to spy in Americans. What do you make of all this
of these growing bands on foreign devices and services. Is the US soon only going to be using US design, US manufactured devices. You know, it's a double edged sword. It's like the trade wars we're seeing with steel and you know and other goods. Uh. You know, the federal government is absolutely within its authority to say, you know, technologies like Kaspersky Lab, if they have concerns about that company,
have no place on a federal government network. Totally appropriate and totally understandable that the federal government would take steps to secure federal networks. When you move into the private sector, however, it gets a little trickier because you know, companies like Kaspersky in Whahwei and zte, you know, to the extent that they exist in the US marketplace at all, you know,
they tend to live at the lower end. They live at the end of you know, small businesses that may not have a lot of money to pay for the high end security software or in the case of Whahwei and zte, you know, they would exist in the realm of kind of maybe regional internet carriers, small internet companies that may not have the money to buy cutting edge Cisco networking equipment or whatever. So to the extent those companies had a market presence at all in the US,
you know, it wasn't at the big federal agencies. It wasn't at you know, large internet providers. It wasn't at big companies in the first place. And any time you get into the realm of regulating what the private sector can and can't buy, you get into really tricky territory because the other countries, the target countries, can do exactly the same to your companies. It's got to make American
companies like Apple and Microsoft really nervous. Absolutely. I mean, you know, it's like if you split apart parts of the tech business that would be most affected by things like this, You're exactly right, it would be a company like Apple, say, you know, that does a ton of business in China and needs to do more business in China to to continue to further its growth. Uh. You know, the US government should tread very carefully in regulating what
the private sector does and doesn't buy. And that's it for this week's episode of Decrypted. Thanks for listening. We always like to know what you think of the show, and which topics you want us to cover in future episodes. Right to us at decrypted at Bloomberg dot net. This episode was produced by Pogut, Cary, Liz Smith, Magnus Hendrickson, and Tofur Foreheads. Francesca Levy is head of Bloomberg Podcast. We'll see you next week.