Politics intrude as cybersecurity firms hunt foreign spies

(Reuters) – The $71 billion cybersecurity industry is fragmenting along geopolitical lines as firms chase after government contracts, share information with spy agencies, and market themselves as protectors against attacks by other nations.

Moscow-based cybersecurity firm Kaspersky Lab has become a leading authority on American computer espionage campaigns, but sources within the company say it has hesitated at least twice before exposing hacking activities attributed to mother Russia.

Meanwhile, U.S. cybersecurity firms CrowdStrike Inc and FireEye Inc have won fame by uncovering sophisticated spying by Russia and China – but have yet to point a finger at any American espionage.

The balkanization of the security industry reflects broader rifts in the technology markets that have been exacerbated by disclosures about government-sponsored cyberattacks and surveillance programs, especially those leaked by former U.S. intelligence agency contractor Edward Snowden.

« Some companies think we should be stopping all hackers. Others think we should stop only the other guy’s hackers – they think we can win the war, » said Dan Kaminsky, chief scientist at security firm White Ops Inc, putting himself in the former camp.

Kaspersky Lab has faced questions about its connections to Russian intelligence before: Chief Executive Eugene Kaspersky had attended a KGB school, Chief Operating Officer Andrey Tikhonov was a lieutenant colonel in the military, and Chief Legal Officer Igor Chekunov had served in the KGB’s border service.

Eugene Kaspersky said the firm has never been asked by a government agency to back away from investigating a cyberattack, and said that its international team of researchers would not be swayed by any one country’s national interests.

Still, several current and former Kaspersky Lab employees said the firm has dithered over whether to publish research on at least two Russian hacking strikes.

Last year, Kaspersky Lab officials privately gave some paying customers a report about a sophisticated computer spying campaign that it had uncovered. But the company did not publish the report more widely until five months after British defense contractor BAE Systems Plc exposed the campaign, linking it to another suspected Russian government operation and noting that most infected computers were found were in Ukraine.

« We were late, » Eugene Kaspersky said about the report, but he denied that political considerations were at play. « It is not possible to be the champion in every game. »

In 2013, Kaspersky Lab researchers uncovered another spying operation, dubbed Red October, that was written by Russian-speaking programmers and targeted governmental and diplomatic organizations in Europe, Central Asia and North America.

It was only after a heated internal debate that the firm decided to publish a report on that operation, which it believed to be the work of the Russian military’s GRU foreign intelligence branch, according to several current and former Kaspersky Lab employees who did not want to be identified.


Kaspersky Lab has been the first to expose a series of major U.S. cyberattacks, including, most recently, the tools that may have been used to spread the Stuxnet worm that sabotaged Iran’s nuclear program.

Like its U.S. competitors Symantec Corp and Intel Corp, Kaspersky Lab drops hints about who it thinks are behind the attacks but does not publicly name the country.

Kaspersky’s success in uncovering U.S. campaigns is in part because its anti-virus software and security products are sold in countries of high interest to American spies, such as Iran and Russia. Much of its research is based on data from customer computers that use Kaspersky software.

CrowdStrike, a privately held cybersecurity firm based in Irvine, California, will not sell its services in either Russia or China because it does not want to face pressure to suppress information about the activities of those governments. That also means the firm is less likely to stumble across the United States’ most ambitious intelligence-gathering efforts.

« We’re selective about our customers, » said CrowdStrike Co-founder Dmitri Alperovitch. « You can’t play both sides. »

CrowdStrike’s customers include major global banks and tech companies.

FireEye avoids selling its services in China and Afghanistan, but does have clients in Russia. Last year, it acquired computer forensics firm Mandiant Corp, founded by a former U.S. Air Force officer, Kevin Mandia.

To read further, please click here: http://in.reuters.com/article/2015/03/12/cybersecurity-fragmentation-idINKBN0M80HR20150312

Blog anglais, La cyber-sécurité, Mises à jour et nouvelles de l'industrie