WEBVTT - Why U.S. Officials Are Worried About This Russian Firm 0:00:03.600 --> 0:00:09.479 Like call here in order like to welcome our witnesses today, 0:00:09.600 --> 0:00:13.800 Director of National Intelligence Dan Coates, Dan, it's good to 0:00:13.840 --> 0:00:16.840 see our former may. A group of U. S. Senators 0:00:16.840 --> 0:00:19.800 held the public hearing. It was about maybe the most 0:00:19.840 --> 0:00:24.000 divisive tech company that you've never heard of. Kaspersky Lab 0:00:24.079 --> 0:00:28.160 software is used by not hundreds of thousands, millions of Americans. 0:00:28.720 --> 0:00:33.519 Kaspersky Lab, that's Russia's top saber security company. This is 0:00:33.560 --> 0:00:37.440 Marco Rubio, a Republican senator from Florida. He's sitting behind 0:00:37.440 --> 0:00:40.639 a wooden dais with the rest of the Senate's Intelligence Committee, 0:00:41.040 --> 0:00:44.479 and he's questioning a panel of America's most senior intelligence officials. 0:00:44.800 --> 0:00:46.880 To each of our witnesses, I would just ask, would 0:00:46.880 --> 0:00:50.720 any of you be comfortable with Kaspersky Lab software on 0:00:50.760 --> 0:00:56.280 your computers? Resounding note for me, No Senator, no sir, 0:00:57.360 --> 0:01:02.560 No Senator, no sir. This software from Kaspersky Lab that 0:01:02.680 --> 0:01:06.720 none of these intelligence officials want on their computers. It's 0:01:06.760 --> 0:01:09.679 not just your run of the mill application. It's anti 0:01:09.800 --> 0:01:14.160 virus software that gets very deep access into our computers 0:01:14.200 --> 0:01:18.440 to protect us from hackers. Their software is installed all 0:01:18.480 --> 0:01:20.840 over the United States, in the computers of not just 0:01:21.080 --> 0:01:24.800 US ordinary consumers, but also in the computers of banks, 0:01:24.800 --> 0:01:28.360 power plants, internet routers, and even portions of the U. S. Government. 0:01:28.840 --> 0:01:32.679 The intelligence officials in this hearing didn't specify why they 0:01:32.680 --> 0:01:37.160 Seekspersky Lab as a security threat, but the senators, once 0:01:37.200 --> 0:01:41.240 again without mentioning details, seem to be very concerned about 0:01:41.240 --> 0:01:44.240 the ties that the company has with Russia's own government, 0:01:44.760 --> 0:01:47.480 the very government that tried to influence and hack the 0:01:47.600 --> 0:01:51.280 U S presidential elections last fall. Today, I'm going to 0:01:51.360 --> 0:01:54.440 give you a peek into Cospersky's connections with people inside 0:01:54.520 --> 0:01:58.640 Russia's intelligence services, relationships the company has tried to keep secret. 0:01:59.080 --> 0:02:01.040 It's an investigation and that we've been working on for 0:02:01.080 --> 0:02:03.640 about two years now. These are details that have never 0:02:03.680 --> 0:02:18.720 been reported on before. Hi am Aki Ito, and I'm 0:02:18.760 --> 0:02:21.840 Jordan Robertson. And this week on Decrypted, we're going to 0:02:21.919 --> 0:02:25.560 be introducing you to Kaspersky Lab and its founder and CEO, 0:02:25.919 --> 0:02:30.560 Eugene Kaspersky in Russia. Eugene is a celebrity entrepreneur, one 0:02:30.560 --> 0:02:33.519 of the few really big names in Moscow's tech industry. 0:02:34.000 --> 0:02:36.080 He's built a huge business across the U S and 0:02:36.080 --> 0:02:38.800 Western Europe, which together make up more than half the 0:02:38.840 --> 0:02:43.359 company sales. Kaspersky himself has publicly denied working with the 0:02:43.440 --> 0:02:47.200 Russian government, and he's offered to answer senators questions and 0:02:47.240 --> 0:02:50.160 to make the company's source code available to the US 0:02:50.240 --> 0:02:53.600 government to show that there's no cause for concern. But 0:02:53.680 --> 0:02:57.040 after listening to this episode, I think you'll understand why 0:02:57.160 --> 0:03:00.400 the US government thinks Kaspersky maybe vone are able to 0:03:00.480 --> 0:03:03.760 Russian government influence. Now, none of this is meant to 0:03:03.800 --> 0:03:07.079 suggest that Kaspersky has actually used its connections with the 0:03:07.120 --> 0:03:10.440 Russian government for malicious purposes. We do not have any 0:03:10.440 --> 0:03:14.240 basis for believing them. But the combination of having relationships 0:03:14.240 --> 0:03:17.400 with people in Russian intelligence, as well as the ability 0:03:17.440 --> 0:03:22.120 to closely monitor large swaths of our digital infrastructure, is 0:03:22.200 --> 0:03:27.200 making American officials nervous, and other unusual things are happening too. 0:03:27.639 --> 0:03:30.800 According to one recent report, FBI agents visited the homes 0:03:30.800 --> 0:03:35.000 of several Kaspersky employees here in the US. Kaspersky confirmed 0:03:35.000 --> 0:03:37.600 that FBI agents have had brief interactions with some of 0:03:37.640 --> 0:03:40.720 its US employees, but said the discussions were just due 0:03:40.800 --> 0:03:44.680 diligence chats. Plus, we'll please some tape that has never 0:03:44.800 --> 0:03:49.880 been aired before of using Kaspersky himself talking candidly on 0:03:49.920 --> 0:03:54.040 the record about his relationship with some Russian government officials. 0:03:54.520 --> 0:04:03.080 Stay with us. So. Eugene Kaspersky was educated at a 0:04:03.160 --> 0:04:06.760 KGB sponsored cryptography institute, and he later worked for Russian 0:04:06.760 --> 0:04:10.280 military intelligence. But the reason he's famous is for his company, 0:04:10.360 --> 0:04:13.040 Kaspersky Lab. It was a company he started twenty years 0:04:13.040 --> 0:04:16.719 ago in the early days of anti virus security software, 0:04:17.040 --> 0:04:19.560 and it's made him a rich man. It's also made 0:04:19.640 --> 0:04:22.560 him the target of some of these congressional and intelligence 0:04:22.560 --> 0:04:26.320 community attacks. Right he's viewed at home in Russia kind 0:04:26.320 --> 0:04:29.240 of the way we think about Mark Zuckerberg right here 0:04:29.279 --> 0:04:33.000 in the US he is. Here's how he's viewed in Russia. Well, 0:04:33.200 --> 0:04:38.880 he's a big boss. He's a renowned industry and business leader. 0:04:39.400 --> 0:04:42.839 That's Oleg Demodov, a Russian cyber warfare expert with a 0:04:42.920 --> 0:04:46.880 p i R Center, an international security research organization based 0:04:46.880 --> 0:04:51.680 in Moscow. You cannot often see him in some regularly 0:04:51.800 --> 0:04:56.719 regular level conference or industry events. Ah. He appears in 0:04:56.760 --> 0:05:01.960 the public not so often, but he any any his speech, 0:05:02.040 --> 0:05:07.120 any his statement in his blog. AH. In many cases 0:05:07.240 --> 0:05:10.280 this is gonna be in the event Eugene is a boisterous, 0:05:10.279 --> 0:05:12.680 barrel chested guy in his fifties. I've met him a 0:05:12.680 --> 0:05:14.840 few times, and everyone who's met him will tell you 0:05:14.920 --> 0:05:18.320 the same thing. He's the life of the party. He's gregarious, 0:05:18.400 --> 0:05:20.839 quick with a joke, and you just get the sense 0:05:20.839 --> 0:05:23.520 that this guy knows stuff that others don't like. He's 0:05:23.520 --> 0:05:26.000 plugged into places not a lot of other people are. 0:05:26.520 --> 0:05:30.279 And his company, Kaspersky Lab, has a big reputation too. 0:05:31.240 --> 0:05:34.880 I can't tell you that in Moscow here, because Barresky 0:05:35.000 --> 0:05:41.359 Lab has been regarded is probably the most successful company 0:05:41.400 --> 0:05:47.040 in Russian information security cyber security sector, and that success 0:05:47.080 --> 0:05:50.480 all came from the anti virus software that the company sells, 0:05:51.680 --> 0:05:54.720 because Persky makes deals with retailers and PC makers to 0:05:54.800 --> 0:05:58.080 install it software on the devices, in some cases even 0:05:58.120 --> 0:06:01.119 before you buy it. And this part of Kaspersky's business 0:06:01.279 --> 0:06:04.120 is very large. It's what the company is most known for. 0:06:04.560 --> 0:06:08.599 I sense a butt, but Kaspersky's technology is also pervasive 0:06:08.600 --> 0:06:12.200 in less obvious places. The company boasts some four hundred 0:06:12.279 --> 0:06:15.919 million users worldwide, but according to one person familiar with 0:06:15.920 --> 0:06:18.960 how the company counts users, as many as two hundred 0:06:19.080 --> 0:06:22.320 million of those probably don't know it. That's because of 0:06:22.440 --> 0:06:26.719 undisclosed licensing agreements that put the Kaspersky Lab anti virus 0:06:26.800 --> 0:06:30.000 system in things like Internet routers that power large corporate 0:06:30.040 --> 0:06:37.320 networks and even critical US infrastructure. Kaspersky was founded in Moscow, 0:06:37.440 --> 0:06:41.160 but has quickly expanded its business to other markets. More 0:06:41.200 --> 0:06:43.960 than half of Kaspersky Labs revenue last year came from 0:06:44.000 --> 0:06:46.440 the U S and Europe, according to the research company 0:06:46.520 --> 0:06:50.120 I d C. And Eugene knows it's critically important that 0:06:50.240 --> 0:06:53.680 his clients in the West do not associate him too 0:06:53.680 --> 0:06:56.960 closely with his government, which of course has been actively 0:06:57.040 --> 0:07:01.040 hacking political operatives across the US and euro app. Yes, 0:07:01.279 --> 0:07:03.880 but I do need to emphasize it's not just Russian 0:07:03.920 --> 0:07:06.560 companies that have to work with the Russian government. I 0:07:06.600 --> 0:07:08.440 don't think there's a tech company in the world that 0:07:08.480 --> 0:07:11.440 can just refuse to cooperate with its home government. Right 0:07:11.560 --> 0:07:15.720 The Edwards Snowden revelations showed a pretty cozy relationship between 0:07:15.720 --> 0:07:18.280 the n s A and a lot of American tech companies, 0:07:19.000 --> 0:07:21.160 so it wouldn't be surprising at all two people in 0:07:21.200 --> 0:07:23.840 the industry if Kaspersky Lab had to keep some amount 0:07:23.880 --> 0:07:27.160 of contact with the Russian government complying with legal requests 0:07:27.200 --> 0:07:29.880 for information and that kind of thing. Those sorts of 0:07:29.880 --> 0:07:35.240 requests are very routine and happened here in the US too. Um. 0:07:37.320 --> 0:07:40.000 But then there's the stuff that you've discovered in your 0:07:40.040 --> 0:07:44.600 reporting with our cybersecurity reporter Michael Reiley. Right. Our reporting 0:07:44.640 --> 0:07:48.040 shows that Kaspersky has maintained a much closer working relationship 0:07:48.080 --> 0:07:52.560 with Russia's main intelligence agency, the FSB, than Eugene Kaspersky 0:07:52.600 --> 0:07:56.320 has publicly admitted. We found evidence that Kaspersky Lab developed 0:07:56.320 --> 0:08:00.720 custom security technology that the FSB asked for. Plus we've 0:08:00.800 --> 0:08:04.440 uncovered some joint projects between the company and Russian intelligence. 0:08:04.840 --> 0:08:08.920 Coming up, we'll hear the details on Jordan's and Mike's investigation. 0:08:09.440 --> 0:08:25.600 That's right after the short break. Hi, I'm Pagat Carrie, 0:08:25.640 --> 0:08:28.679 a producer Here on Decrypted. We hear a lot about 0:08:28.720 --> 0:08:32.400 the possibility that robots and algorithms could take away our jobs. 0:08:32.720 --> 0:08:35.719 But how real is this threat? If you're seeing or 0:08:35.840 --> 0:08:39.920 experiencing automation at work, or suspect your job will be impacted, 0:08:40.080 --> 0:08:42.760 please get in touch with us. We want to hear 0:08:42.880 --> 0:08:46.440 your story, even use it for a future episode. Record 0:08:46.480 --> 0:08:49.240 a voice message on your smartphone and email it to 0:08:49.440 --> 0:08:59.439 decrypted at Bloomberg dot net. Before the break, we were 0:08:59.600 --> 0:09:02.280 just about have to hear the details of your investigation, 0:09:02.440 --> 0:09:05.319 Jordan with Mike. That highlighted some of the work that 0:09:05.559 --> 0:09:09.959 Kaspersky has done for the FSB, So let's hear these details. So, 0:09:10.200 --> 0:09:13.319 my colleague Mike Riley and I recently reviewed internal emails 0:09:13.320 --> 0:09:16.679 from October two thousand nine, suggesting that at least back then, 0:09:17.160 --> 0:09:20.280 Kaspersky Lab had a close working relationship with the FSB. 0:09:20.720 --> 0:09:24.040 Now remember that's the main intelligence agency in Russia, right, 0:09:24.160 --> 0:09:27.680 And what did that relationship look like? These emails actually 0:09:27.720 --> 0:09:31.280 come from Eugene Kaspersky himself discussing a project with his 0:09:31.400 --> 0:09:34.240 senior staff. The emails show that even back in two 0:09:34.320 --> 0:09:38.200 thousand nine, so again, eight years ago, Kaspersky was making 0:09:38.320 --> 0:09:42.040 custom software to protect the government's own network from any 0:09:42.160 --> 0:09:47.160 kind of external hack. And that doesn't sound that unusual, right, Well, 0:09:47.360 --> 0:09:49.559 it's one thing to make the software and sell it 0:09:49.600 --> 0:09:52.880 to the government, But the emails also discussed another type 0:09:52.920 --> 0:09:56.839 of operation. Kaspersky Lab's own employees appear to have been 0:09:56.960 --> 0:10:01.240 physically accompanying Russian agents on these raids to locate people 0:10:01.320 --> 0:10:04.320 thought to be launching hacks or cyber attacks against the government, 0:10:04.640 --> 0:10:08.079 so not just tracking these hackers down from their offices, 0:10:08.240 --> 0:10:12.040 but actually riding along on the cop cars. Correct. Have 0:10:12.200 --> 0:10:15.800 you heard of this kind of thing ever happening before? No. Never. 0:10:15.960 --> 0:10:18.440 We talked to lots of cybersecurity experts, and I've never 0:10:18.520 --> 0:10:21.800 spoken to one who's accompanied a federal law enforcement agent 0:10:21.880 --> 0:10:24.840 on an arrest. It's very common for private sector security 0:10:24.880 --> 0:10:27.800 companies here in the US to provide data on criminal 0:10:27.880 --> 0:10:31.400 hackers to the FBI, which then makes the arrest right 0:10:31.640 --> 0:10:34.960 And and what else did you find? Those emails, which 0:10:34.960 --> 0:10:37.480 I should remind everyone were written in two thousand nine, 0:10:37.960 --> 0:10:41.360 mentioned two Kaspersky Lab employees by name. One of them 0:10:41.840 --> 0:10:44.280 was the Kaspersky employee going out on those raids with 0:10:44.360 --> 0:10:48.240 the FSP agents. In December, the Russian government arrested that 0:10:48.360 --> 0:10:51.600 man on treas and charges for alleged connections to get 0:10:51.679 --> 0:10:56.079 this U S intelligence, which is quite the twist. It is. 0:10:56.760 --> 0:11:00.680 A senior Russian intelligence official was also arrested, and while 0:11:00.720 --> 0:11:03.280 we don't know the exact nature of the treason charges, 0:11:03.679 --> 0:11:06.120 what is clear is that the Russian government is paying 0:11:06.240 --> 0:11:17.520 very close attention to Kaspersky Lab and its employees for 0:11:17.640 --> 0:11:20.719 a company that claims to have no connections to the 0:11:20.800 --> 0:11:26.000 Russian government, having employees ride along on these raids sounds 0:11:26.200 --> 0:11:29.040 very much like a connection. And as luck would have it, 0:11:29.200 --> 0:11:31.360 Mike and I actually broached some of these subjects with 0:11:31.440 --> 0:11:35.360 Eugene Kaspersky back in for a profile we did on 0:11:35.480 --> 0:11:39.000 the company for Bloomberg Business Week. Eugene Kaspersky agreed to 0:11:39.080 --> 0:11:41.880 let us record the interview, which was all on the record, 0:11:42.280 --> 0:11:45.479 and Jordan's this was the first time that you confronted 0:11:45.720 --> 0:11:49.520 Eugene Kaspersky with information you'd obtained back then about his 0:11:49.640 --> 0:11:54.160 ties to Russian officials. Correct, and his answers were surprisingly candid, 0:11:54.640 --> 0:11:57.439 even though he'd later deny, saying some of it okay, 0:11:57.480 --> 0:12:00.520 So let's place some of that tape. Well, I'll play 0:12:00.520 --> 0:12:03.840 you this bit first. This is where Eugene Kaspersky suggests 0:12:03.880 --> 0:12:07.160 that his company's interactions with law enforcement, both in Russia 0:12:07.280 --> 0:12:12.160 and in other countries around the world, happened routinely. Well, actually, 0:12:12.200 --> 0:12:15.400 we're in touch with the wet us everywhere on the world. 0:12:15.960 --> 0:12:20.120 We're in touch with the Center Police and cybersecuritiy UH. 0:12:20.280 --> 0:12:23.600 And in the Russia, the cyber police is for their 0:12:23.800 --> 0:12:26.600 low level cyber crime, and there was a serious attacks 0:12:26.640 --> 0:12:30.880 like carbon for example. This level it's ah FSB development, 0:12:31.000 --> 0:12:34.360 which is kind of DHS right side the side. So 0:12:34.559 --> 0:12:37.720 of course we've worked very close to them because there's 0:12:37.760 --> 0:12:41.319 so much crime in Russia. But after quite openly talking 0:12:41.360 --> 0:12:44.000 about the work that he does with the FSB, Eugene 0:12:44.040 --> 0:12:47.200 Kospersky reverts to this favorite punch line of his, which 0:12:47.280 --> 0:12:49.760 is that he's closer to the FBI in America than 0:12:49.840 --> 0:12:52.679 he is with Russian authorities. He repeated a version of 0:12:52.760 --> 0:12:55.280 this on May eleven, where he said, and I quote, 0:12:55.840 --> 0:12:58.840 we don't have ties to any government other than paying taxes. 0:12:59.360 --> 0:13:01.640 We paid tax is in many countries as we are 0:13:01.720 --> 0:13:05.280 a very international company. Here's the club. So there are 0:13:05.360 --> 0:13:09.360 rumors about our very special links in creaming we'll have. 0:13:09.960 --> 0:13:11.880 I'd like say that, of course we have in touch 0:13:11.960 --> 0:13:15.360 with these guys, but I think that in Israel, in 0:13:15.720 --> 0:13:19.959 in the United States, we have much better connections. This 0:13:21.440 --> 0:13:26.520 love enforcement And in this interview in Mike and I 0:13:26.640 --> 0:13:29.160 asked Eugene about this thing we heard about where he 0:13:29.200 --> 0:13:31.840 goes to the banya with members of the Russian military 0:13:31.960 --> 0:13:36.800 and Russian intelligence. Is a Russian sauna that's right, And 0:13:36.960 --> 0:13:39.959 we wanted to ask specifically about this because if it's true, 0:13:40.520 --> 0:13:43.160 that would suggest he has friendly relationships with people in 0:13:43.240 --> 0:13:47.000 Russian intelligence. When I go to Bunnet, it's like a 0:13:47.760 --> 0:13:50.200 difference not only from the company, but we don't talk 0:13:50.240 --> 0:13:54.880 about business. There are those friends FSB, military generals or 0:13:54.920 --> 0:13:59.079 some of those, or military personnel. And therefore, did we 0:13:59.160 --> 0:14:02.000 have one guy there it's a friend of us, uh, 0:14:02.200 --> 0:14:07.120 he's City diet As. He simply there because well, actually 0:14:07.200 --> 0:14:10.760 he was responsible for certification, so to get the military 0:14:10.800 --> 0:14:12.760 contract in the New States, in the Europe and the 0:14:12.800 --> 0:14:16.079 rest of the same, you have for positivetification. So we 0:14:16.120 --> 0:14:26.240 went to was that man for long years? Okay, so 0:14:26.320 --> 0:14:29.200 we've got through some of the details of your investigation, 0:14:29.360 --> 0:14:34.360 Jordan's with Mike that suggested Kaspersky Labs relationship with Russian 0:14:34.440 --> 0:14:38.560 intelligence is much closer than the company has publicly admitted. 0:14:39.200 --> 0:14:42.520 So let's take off the main points. Sure. First, there's 0:14:42.520 --> 0:14:46.400 the information from the company's internal emails suggesting that Kaspersky 0:14:46.480 --> 0:14:50.880 Lab employees participated in raids with Russian agents. Then there's 0:14:50.880 --> 0:14:54.040 the employee who apparently went on those raids getting arrested 0:14:54.120 --> 0:14:57.680 by the Russians on treason charges. And of course there's 0:14:57.680 --> 0:15:01.320 Eugene Kaspersky himself telling us on the record that he 0:15:01.400 --> 0:15:04.000 goes to these Banya knights with his friends, some of 0:15:04.040 --> 0:15:08.440 whom are Russian military and intelligence officials. So let's swim 0:15:08.520 --> 0:15:13.320 out to the geopolitical situation. Tensions are mounting, with Congress 0:15:13.520 --> 0:15:17.560 and the FBI looking separately into allegations that Russia was 0:15:17.640 --> 0:15:20.480 trying to influence the U S election. And it isn't 0:15:20.520 --> 0:15:24.000 just a US. Russia's cyber operations have been getting increasingly 0:15:24.040 --> 0:15:28.360 aggressive in France, the Netherlands and Germany too, So Kaspersky's 0:15:28.480 --> 0:15:31.960 wide business network in the US, combined with a working 0:15:32.080 --> 0:15:35.800 relationship with the Russian government, is what's making officials here 0:15:35.960 --> 0:15:39.720 in the US nervous. For them, even the possibility of 0:15:39.840 --> 0:15:43.960 Kaspersky's platform being used as a backdoor into computers, firewalls, 0:15:44.000 --> 0:15:47.120 and routers around the world is terrifying, although we don't 0:15:47.160 --> 0:15:49.280 have evidence that the company ever tried to do this. 0:15:49.760 --> 0:15:53.480 And in a statement, Democratic Senator Jean Chaheen called the 0:15:53.600 --> 0:15:57.760 ties between Kaspersky and the Kremlin quote alarming, and she 0:15:57.840 --> 0:16:00.280 said it's because of that that the Congress and the 0:16:00.320 --> 0:16:05.120 administration thinks quote Kaspersky Lab cannot be trusted to protect 0:16:05.160 --> 0:16:10.280 critical infrastructure, particularly computer systems vital to our nations security, 0:16:10.720 --> 0:16:13.080 and that fear comes from the very nature of the 0:16:13.160 --> 0:16:17.640 software that Kaspersky has installed on our computers. They would 0:16:17.720 --> 0:16:21.920 know the security posture and the security risk of their customers, 0:16:22.000 --> 0:16:25.080 so they would know if a certain customer is not 0:16:25.320 --> 0:16:30.920 very security oriented and has a lot of threats detected 0:16:31.040 --> 0:16:33.360 on its end points, they would get a snapshot of 0:16:33.800 --> 0:16:41.480 what the architecture is somewhat like. That's Rob Westerfeld, who's 0:16:41.480 --> 0:16:44.520 an analyst with market research firm I d C. What 0:16:44.720 --> 0:16:47.520 Rob saying here is that Kaspersky Lab could easily find 0:16:47.560 --> 0:16:49.920 out which of its clients would be most vulnerable to 0:16:49.960 --> 0:16:53.920 an attack. That's enormously valuable in securing those systems or 0:16:54.280 --> 0:16:58.000 planning an attack. And let's be super clear here, this 0:16:58.280 --> 0:17:03.040 is all very hypothetical. There's absolutely no evidence that Kaspersky 0:17:03.200 --> 0:17:07.600 is misusing its access. That's right, it's just as potential 0:17:07.800 --> 0:17:11.240 that's getting officials worried. There's always a risk there, and 0:17:11.600 --> 0:17:14.360 there could be a risk. That risk could be repeated 0:17:14.400 --> 0:17:17.440 by any security vendor. They could have a rogue employee 0:17:17.520 --> 0:17:20.560 that is doing that, and so you know, it's a 0:17:20.720 --> 0:17:26.240 virtually impossible for a security vendor to be probed extremely 0:17:26.359 --> 0:17:30.159 heavily in order to tell whether the level of that 0:17:30.440 --> 0:17:36.080 risk exists. Although in Russia many people blame the scrutiny 0:17:36.200 --> 0:17:39.880 Kaspersky Lab is under on politics, here's the security analyst. 0:17:39.920 --> 0:17:44.600 Oh leg Again, people in Russia understand well why this 0:17:44.720 --> 0:17:47.760 is happening now, this is a kind of alarm is 0:17:48.200 --> 0:17:54.480 wideless bread in the American military communities, special services community, 0:17:54.600 --> 0:17:58.399 and tolist extent less extent law enforcement community with regard 0:17:58.480 --> 0:18:02.000 to Russia and the so called the Russian threat in cyberspace. 0:18:02.520 --> 0:18:04.399 So at the top of the show, we mentioned that 0:18:04.600 --> 0:18:11.040 FBI asians visited the homes of some of Kaspersky's US employees. Jordan, 0:18:11.119 --> 0:18:13.840 would we know about this so far? Well, we don't 0:18:13.880 --> 0:18:16.960 know exactly why the FBI agents decided to make those visits. 0:18:17.200 --> 0:18:20.040 Reports say it has to do with a counterintelligence inquiry. 0:18:20.560 --> 0:18:23.880 And what does that mean? So counterintelligence means they're looking 0:18:23.920 --> 0:18:27.600 for foreign spies right here in the US. That's pretty interesting. Now, 0:18:27.680 --> 0:18:30.760 that doesn't necessarily mean the FBI thinks that Caspersky employees 0:18:30.840 --> 0:18:33.720 themselves are involved in espionage, or even that they know 0:18:33.760 --> 0:18:36.960 anything about it, but for whatever reason, the FBI apparently 0:18:37.000 --> 0:18:38.840 thought it was worth the effort to pay them a visit. 0:18:39.320 --> 0:18:41.840 We also saw news of a Senate bill that will 0:18:41.920 --> 0:18:46.320 ban the Department of Defense from using Kaspersky software. The 0:18:46.480 --> 0:18:50.960 legislation said that Kaspersky Lab quote might be vulnerable to 0:18:51.080 --> 0:18:54.800 Russian government influence. Now let's make this clear. It's not 0:18:54.920 --> 0:18:57.920 like the Pentagon us as much Kaspersky Lab software anyway, 0:18:58.200 --> 0:19:00.360 so the idea may not actually do all that much. 0:19:01.280 --> 0:19:05.400 But we recently reported at Bloomberg that Russia is threatening 0:19:05.600 --> 0:19:09.680 some kind of retaliation if this bill goes through. We 0:19:09.760 --> 0:19:12.480 don't have details on what kind of measures that could entail, 0:19:12.880 --> 0:19:15.399 but the threat from Russia shows just how important this 0:19:15.520 --> 0:19:27.479 one company could become. In response to this escalated concern 0:19:27.560 --> 0:19:31.120 over Cospersky Lab, Eugene Coosperski himself went on Reddit. During 0:19:31.119 --> 0:19:33.160 the Senate hearing we've mentioned at the top of the show, 0:19:33.840 --> 0:19:36.440 he repeated the same message he's maintained for years, that 0:19:36.560 --> 0:19:40.160 the allegations are unfounded conspiracy theories and amount to simple 0:19:40.240 --> 0:19:43.720 Russia baiting. Eugene Kaspersky said his only ties to the 0:19:43.800 --> 0:19:47.360 Russian government are the taxes his company pays and even 0:19:47.440 --> 0:19:50.240 went so far as to say that Caspersky Lab doesn't 0:19:50.240 --> 0:19:55.359 share any user data with any government, including Russian And 0:19:55.440 --> 0:19:58.639 by the way, we ask Spersky Lab for comment on 0:19:58.720 --> 0:20:03.440 our story today, they said, quote, Kaspersky Lap has always 0:20:03.480 --> 0:20:07.760 acknowledged that it provides appropriate products and services to governments 0:20:07.920 --> 0:20:11.959 around the world to protect those organizations from cyber threats. 0:20:12.560 --> 0:20:16.320 But it does not have any unethical ties or affiliations 0:20:16.480 --> 0:20:23.440 with any government, including Russia. And where do you think 0:20:23.480 --> 0:20:25.320 this is gonna go? What do you think it's going 0:20:25.359 --> 0:20:29.320 to happen next? Well, the latest development is Eugene Kaspersky 0:20:29.400 --> 0:20:32.800 has offered to give the US government his company source 0:20:32.880 --> 0:20:36.000 code for review. This is not an uncommon thing for 0:20:36.160 --> 0:20:39.240 companies doing business with the federal government, but many security 0:20:39.280 --> 0:20:41.879 experts say it's not the point. Uh. The point, they 0:20:42.000 --> 0:20:45.879 say is that this software could be used for potentially 0:20:45.920 --> 0:20:49.680 malicious purposes independent of what's in the source code. And 0:20:49.800 --> 0:20:54.320 the reason is security software receives continuous updates, and if 0:20:54.359 --> 0:20:57.120 any of those updates are malicious, uh, the theory goes, 0:20:57.760 --> 0:21:00.960 the software could be used for for bad intentions. So 0:21:01.119 --> 0:21:04.760 Jordan's with the US relationship with Russia, where it is now, 0:21:05.080 --> 0:21:08.480 just tensions being higher than they have in a really 0:21:08.560 --> 0:21:12.280 long time. Do you think a company like Kaspersky Lab 0:21:12.359 --> 0:21:15.840 even stands a chance in the federal government market. I 0:21:15.880 --> 0:21:18.040 think Caspersky Lab is going to find it very very 0:21:18.160 --> 0:21:21.359 hard to penetrate the US federal market, and they've all 0:21:21.400 --> 0:21:25.119 but acknowledged that this really isn't a market they're pursuing. However, 0:21:25.280 --> 0:21:28.400 on the consumer side, their software is actually really good 0:21:28.440 --> 0:21:30.280 at what it does, and it has the endorsement of 0:21:30.359 --> 0:21:33.320 a lot of cybersecurity professionals, so on that side they 0:21:33.600 --> 0:21:37.480 still see potential for very very big growth. But really, 0:21:37.520 --> 0:21:40.960 what's happening here is just as the US doesn't buy 0:21:41.200 --> 0:21:44.960 missiles and other weapons systems from foreign countries, we're starting 0:21:45.000 --> 0:21:47.800 to see the same thing play out in the cybersecurity market, 0:21:48.119 --> 0:21:51.639 where if your security software is made by made in 0:21:51.720 --> 0:21:55.040 a country that is considered an adversary, you may not 0:21:55.240 --> 0:22:06.639 have great success here in the US. And that's it 0:22:06.800 --> 0:22:10.280 for this week's episode of Decrypted. Thanks for listening. Let 0:22:10.400 --> 0:22:12.200 us know what you thought of the show. Please record 0:22:12.240 --> 0:22:15.320 a voice message and send it to Decrypted at Bloomberg 0:22:15.359 --> 0:22:18.800 dot net. Also, I'm on Twitter at Jordan's are one 0:22:18.880 --> 0:22:22.600 thousand and I'm at Akio seven. If you haven't already, 0:22:22.800 --> 0:22:26.160 please subscribe to our show wherever you get your podcasts, 0:22:26.440 --> 0:22:29.120 and while you're there, leave us a rating and a review. 0:22:29.480 --> 0:22:31.760 This really helps us find more listeners for a show. 0:22:32.080 --> 0:22:35.480 This episode was produced by Pia Gadkari Liz Smith at 0:22:35.560 --> 0:22:38.639 Magnus Hendrickson. Thanks to Nico Grant for his help on 0:22:38.720 --> 0:22:41.639 this show. My business Week story was co written by 0:22:41.760 --> 0:22:44.960 Michael Reilly and edited by Jeff Muscus. You can read 0:22:45.000 --> 0:22:47.639 it at Bloomberg dot com, slash business Week, or in 0:22:47.680 --> 0:22:50.680 the New Business Week app. Alec McCabe is head of 0:22:50.720 --> 0:22:52.800 Bloomberg podcast. We'll see you next week.