The days when Russian companies could hope to prosper in the global market have ended, whether they accept the fact or not.
By Irina Borogan and Andrei Soldatov
October 10, 2024
CEPA
When Kaspersky apps, a world-known flagship antivirus software, was removed from Google Play in October, it did not come as a huge surprise, either to Kaspersky lab or to Yevgeny Kaspersky himself.
The expulsion from US App stores was a matter of time after US Commerce Secretary Gina Raimondo announced the ban on sales and distribution of Kaspersky products in June, citing Moscow’s influence over the company as posing a significant risk to US infrastructure and services.
Nonetheless, it sparked anger from the company, which said that “Google’s decision is based on overinterpretation of the US restrictions.”
According to Kaspersky’s official blog: “The US restrictive measures don’t prohibit the sales and distribution of Kaspersky’s products and services outside the United States,” and argued the removal of the apps deprived worldwide users of access to Kaspersky solutions. Kaspersky himself kept silent.
It was a rather sad, but predictable outcome for the 59-year-old who had aspired to create a world-recognized IT brand, worked on it for 30 years, and succeeded.
Kaspersky never wanted to make his antiviruses simply for the Russian market. From day one, he dreamed of the world. Building his company, he was inspired not only by Russian entrepreneurs but by the British businessman, Richard Branson. He had Branson’s book on his table in his office, bought a ticket for a journey into space from Branson’s company, and Kaspersky Lab sponsored Branson’s Virgin Racing team. At one point, he went as far as to imitate his hairstyle.
But Kaspersky is a Russian national and one cannot build a truly global cyber company independent from the Kremlin and its security services. Kaspersky should have known this better than anyone — he graduated from a KGB cryptography school and started his career in the military.
The early years of Putin’s rule may have allowed some to harbor illusions about the true nature of his regime, but nothing could survive the annexation of Crimea in 2014 and the invasion of eastern Ukraine. After this, the Kremlin made it clear that for IT businesses it was time to decide which side you were on.
The authors witnessed it firsthand in November 2017, when the German Economic Forum in St. Paul’s Church in Frankfurt had a question and answer with Kaspersky.
On stage, Kaspersky looked anxious. He fidgeted in his chair and joked so awkwardly that the host often failed to grasp his meaning. Just a few months earlier, the US Secretary of Homeland Security had ordered all government agencies to remove the company’s software from their systems.
Things had become tough for Kaspersky in Moscow, too. The FSB had Kaspersky’s deputy, the head of the company’s most sensitive department — computer crime investigations — detained in Lefortovo prison. Nobody knew what he was now telling his interrogators about the company.
The moderator at St. Paul’s, a German journalist from Die Zeit, was well-prepared. When Kaspersky said he was “a product of a mathematical school,” the journalist added, “The KGB.” Kaspersky was visibly unhappy with this remark. When he began to discuss the qualities of Russian engineers and hackers, the host asked him about our book, The Red Web.
When Kaspersky said he hadn’t read it, the German responded: “Oh, you didn’t?” He smiled and summarized the Red Web’s findings — how Russian IT companies changed after 2014 when the Kremlin demanded that IT companies serve the state, with no room for maneuver.
“No,” he said. This sounded firm enough, but Kaspersky decided his denial needed to be underlined. “Zero,” he added and made a zero with the fingers of his two hands. “That’s why I am not interested in this book. We live in different realities.” It didn’t sound terribly convincing to the audience in the church, but the words may anyway have been aimed at the Kremlin.
Whatever Kaspersky said, things had changed for Russian IT companies, including those directly involved in cyber security.
A month after the Frankfurt forum, we helped the Washington Post to break a story, based on court documents, that Kaspersky lab had cooperated closely and secretly with the FSB. One court document we obtained showed that an FSB operative inside the office of Kaspersky Lab in Moscow provided a Kaspersky employee with a password for a suspected Russian cyber criminal’s computer.
The employee then gained access to the computer and took decrypted documents for the FSB, in what was termed an “information retrieval” operation. Kaspersky’s people actively and covertly participated in an ongoing FSB operation, as if they were assets rather than experts.
A cyber expert told the Washington Post that it was highly unusual: “You’re basically doing an offensive cyber operation, targeting an individual system’s people on behalf of an intelligence organization.”
For many years Kaspersky and others like him made very good use of moral relativism, which equated the treatment of sensitive issues in democratic and authoritarian countries.
In this reality, KGB and CIA operatives were little different because they were intelligence operatives whose goal was espionage. So a former KGB officer launching a cyber company was
no different from a CIA or NSA veteran going private. And of course, the same logic assumed that doing business in cyber security, which includes, among other things, offensive cyber operations against selected targets, is basically the same everywhere — whether one operates in Putin’s Russia or in the United States or France or Portugal.
This is of course untrue. It does make a difference whether you’re working for a dictatorship or a democracy, even if many in the West understood this very late in the day.
When the full-scale invasion of Ukraine began, Kaspersky continued to say he could play on both sides of the wall. On March 1, 2022, he tweeted: “We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn’t good for anyone. Like the rest of the world, we are in shock regarding the recent events.”
But by now the Western mood had changed. Kaspersky’s efforts were scorned by many and sanctions soon followed. In June, the US Treasury sanctioned 12 of Kaspersky lab’s top managers “for their cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives.”
Just a month before, Kaspersky said in an interview with El País: “There are things in the world that we cannot change.” When asked about the American government’s accusations, he said: “We need to adapt to the new reality, like with thunderstorms. [That’s why] we keep working.”
Whatever Kaspersky’s public pronouncements, one thing is absolutely clear. His company is shut off from much of the developed world and now has little choice but to work from behind an (invisible) wall.
Irina Borogan and Andrei Soldatov are Non-resident Senior Fellows with the Center for European Policy Analysis (CEPA.) They are Russian investigative journalists, and co-founders of Agentura.ru, a watchdog of Russian secret service activities.