‘Bad guys’ who hacked HSE most likely based in Moscow, says Russia’s top cybersecurity tycoon

Kaspersky denies firm has security service links ahead of Dublin cybercrime conference

Eugene Kaspersky, co-founder of Russia’s top cybersecurity company, denies US and UK claims that his eponymous firm has links to Moscow’s security services. (The device visible over his shoulder in the office is an anti-drone system.) Photograph: Daniel McLaughlin
Eugene Kaspersky, co-founder of Russia’s top cybersecurity company, denies US and UK claims that his eponymous firm has links to Moscow’s security services. (The device visible over his shoulder in the office is an anti-drone system.) Photograph: Daniel McLaughlin

Hackers in Russia who target foreign firms and critical infrastructure such as Ireland's health service will enjoy impunity until the West works more closely on the issue with Moscow, according to the head of Russia's top cybersecurity firm.

Before speaking at a conference on cybercrime in Dublin on Thursday, Eugene Kaspersky also denied that his company has links to Russia's powerful security services, despite it being blacklisted by the US and British governments over fears that its products could be exploited by intelligence agencies in Moscow.

Kaspersky said his experts were quick to assist Ireland via Interpol when the HSE was hit by a major ransomware attack in May, and within three days pinpointing "the internet provider that the bad guys were using in Moscow".

The Moscow headquarters of cybersecurity firm Kaspersky Lab, founded in 1997, which via Interpol helped Ireland respond to the HSE ransomware attack in May. Photograph: Daniel McLaughlin
The Moscow headquarters of cybersecurity firm Kaspersky Lab, founded in 1997, which via Interpol helped Ireland respond to the HSE ransomware attack in May. Photograph: Daniel McLaughlin

"We don't have their names. We're not the police so we can't go to the internet provider and ask who is behind these IP addresses," Kaspersky told The Irish Times at the headquarters of Kaspersky Lab overlooking the Moscow canal.

READ SOME MORE

“But we have everything for the Russian cyberpolice if they call us about the case. And we shared all this information with Interpol, of course.”

That call is unlikely to come, however, due to an almost complete breakdown of co-operation between Moscow and the West in the political and security fields, which Kaspersky says makes Russia a “paradise” for cybercriminals.

Shadowy deal

Yet he puts this down to a combination of legal issues and poor relations for which the West and the Kremlin are both to blame, rather than any shadowy deal by which Russia’s security services shield – and sometimes deploy – the country’s hackers as long as they only attack foreign targets.

“It’s not an agreement, it’s the law. It’s about all crime, not just cybercrime – if the crime is done abroad, then the Russian police don’t have any reason to start an investigation,” he said.

The Moscow headquarters of cybersecurity firm Kaspersky Lab, founded in 1997, which via Interpol helped Ireland respond to the HSE ransomware attack in May. Photograph: Daniel McLaughlin
The Moscow headquarters of cybersecurity firm Kaspersky Lab, founded in 1997, which via Interpol helped Ireland respond to the HSE ransomware attack in May. Photograph: Daniel McLaughlin

If the US asks Russia for help in such cases, Kaspersky said there is “no response”.

"And it's the same the opposite way. If Russia asks the United States or the UK to do something with suspects, nothing happens. There are win-win situations and this is lose-lose," he added.

“What I heard from law enforcement and people working with law enforcement is that this co-operation is completely broken, and it is not [only] Russia’s fault – it’s both sides’ fault. So in Russia, for cybercrime, it’s a paradise.”

Kaspersky said the HSE hackers were “most probably” located in Moscow at the time of the attack, and described Russia as a “major source” of cybercrime, where hackers who attacked foreign targets were “safe, absolutely, at the moment.”

“But if Russia and the [United] States agree about more close co-operation, they will not be safe. It must be solved on the top,” he added, referring to the political leadership of both countries.

Many analysts believe the Kremlin views Russian cybercrime against foreign firms and governments as a useful card to hold in talks with the West.

US president Joe Biden has repeatedly urged Russian counterpart Vladimir Putin to tackle the issue, apparently without success, and at a summit in June he gave him a list of 16 infrastructure sectors that should be "off-limits" to hackers, including energy and water supply and the health, election and banking systems.

In 2017 the US banned government departments from using Kaspersky Lab software over fears it could enable Russian spying and threaten national security.

Warning

The UK's national cybersecurity centre told government agencies the same year not to use anti-virus products from Kaspersky Lab and other Russian firms, in a warning issued by its then director Ciaran Martin, who is also expected to attend the Irish Reporting and Information Security Service conference at the Aviva Stadium.

The company, which has offices in more than 30 countries and declared revenue of $704 million (€622 million) for 2020, insists it is not subject to sweeping rules that oblige Russian communication firms to save data on users' activity for six months, and it assures customers outside Russia that their data is stored in Switzerland.

Kaspersky denies that the firm he co-founded in 1997, a decade after graduating from a KGB technical university, has moved closer to the Russian security services in recent years, particularly after the brief kidnapping of his son in 2011.

"When you talk about pressure from [security officials], I think it's mostly the same in the States, the UK and many other nations. In some less, and some like China are even more strict. But the government coming and asking [us] to do something wrong? I don't believe in this scenario, because it would be seen," he said.

Kaspersky (56) also brushes off strong claims from opposition politicians that electronic voting in September’s Russian parliamentary elections was massively rigged in Moscow to hand victory to ruling-party candidates, using a system that incorporated Kaspersky block-chain technology.

“A couple of our engineers were there. They didn’t see everything, but I know others with more information there and I trust them...I don’t have any indicator that something was wrong.”

Kaspersky expects state regulation of the internet to increase globally in the coming years, in response to fears over the security of critical infrastructure and the vast amounts of personal data now in digital storage.

‘Less freedom’

“I believe there will be more and more regulation and less and less freedom, not just in Russia and China but in the States and the rest of world...There will be much more data collected about you, even very private data, to make your life easier. Do you want to choose privacy or comfort?” said Kaspersky, who has anti-drone systems made by his firm standing by his desk and on the roof of the building.

"So in front of your smart devices, just don't do something that you don't want to be seen tomorrow on YouTube, " he advised.

“Do I like it? Do you like this weather? It’s reality. I can’t change it.”

Daniel McLaughlin

Daniel McLaughlin

Daniel McLaughlin is a contributor to The Irish Times from central and eastern Europe