Evgeny Kaspersky was trained as a cryptologist and went on to co-found Kapersky Labs, which makes antivirus, anti-spyware, anti-spam and other online security products. In a recent SPIEGEL interview, he discussed a number of what he sees as worrying trends in cyber security. Regarding the new era of cyber war, he stated: “This war can’t be won; it only has perpetrators and victims. Out there, all we can do is prevent everything from spinning out of control. Only two things could solve this for good, and both of them are undesirable: to ban computers — or people.”
US soldiers at the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colorado: Regarding the recent Stuxnet virus that partially sabotaged Iranian nuclear facilities, Kaspersky said: “There was a lot of talk — on the Internet and in the media — that Stuxnet was a joint US-Israeli project. I think that’s probably the most likely scenario. It was highly professional work … It cost several million dollars and had to be orchestrated by a team of highly trained engineers over several months. These were no amateurs; these were total professionals who have to be taken very seriously. You don’t get in a fight with them; they don’t mess around.”
Russian President Dmitry Medvedev (right) speaks with Kaspersky at Kaspersky Lab in Moscow. Kaspersky says that Russians “are among the most sophisticated and advanced players in criminal cyber activity.” But he laments that there aren’t as many IT entrepreneurs as there could be. “Most of today’s business leaders are around 50, which means they were born during the Soviet era,” he said. “They often have a type of Iron Curtain in their minds. They like to go abroad for vacation; but when they do business, they limit themselves to countries that once belonged to the Soviet Union because that’s where people speak their language — and understand them in cultural terms. I hope to see a new generation that is no longer afraid of other cultures and that speaks English.”
Anti-Virus Pioneer Evgeny Kaspersky
‘I Fear the Net Will Soon Become a War Zone’
SPIEGEL: Mr. Kaspersky, when was the last time that a virus hunter like you fell victim to a cyber attack?
Evgeny Kaspersky:My computer was almost infected twice recently. When someone returned my flash card to me at a conference, it was infected with a virus. But then our own virus program helped me. The second time, the website of a hotel in Cyprus was infected. These kinds of things can happen to anyone, no matter how careful you are. I need protection just like anyone else. After all, a specialist on sexually transmitted diseases also relies on condoms for protection.
SPIEGEL: Virologists sometimes rave about the deadly perfection of the viruses they study. Do you still ever get excited yourself about the technology of a computer virus?
Kaspersky: The more sophisticated a virus is, the more exciting it is to crack its algorithm. I’m happy if I can do it. Okay, sometimes there’s a little professional respect involved, too. But it has nothing to do with enthusiasm. Every virus is a crime. Hackers do bad things. I would never hire one.
SPIEGEL: You and your company are the winners of a new era in warfare.
Kaspersky: No, because this war can’t be won; it only has perpetrators and victims. Out there, all we can do is prevent everything from spinning out of control. Only two things could solve this for good, and both of them are undesirable: to ban computers — or people.
SPIEGEL: Although your company Kaspersky Lab now employs more than 2,000 employees, it’s a small business compared with antivirus software makers like McAfee and Symantec. Can you ever catch up with them?
Kaspersky: We’re certainly trying. Russia is our most important competitive advantage. Moscow produces the world’s best programmers. It has a large number of outstanding technical universities. And although Russians can’t build cars the way you Germans can, they do write brilliant software.
SPIEGEL: You were once trained as a cryptologist by the KGB. Does that at all hinder your expansion in the West?
Kaspersky: No, but the fact that we are a company with Russian roots does. We occasionally sense a certain amount of suspicion. Nevertheless, we are now No. 1 in Germany, are growing rapidly in the United States and even have customers within NATO.
Kaspersky: A defense ministry. I won’t reveal the name of the country.
SPIEGEL: Which countries do most viruses come from?
Kaspersky: It’s hard to say because viruses unfortunately don’t carry ID cards. We can at least usually identify the originator’s language, and that’s at the moment the inventor communicates with his virus and gives it a command.
SPIEGEL: Russian programmers don’t only do good things. We assume that they also dominate the virus business.
Kaspersky:Based on the number of programmed viruses, we are in third place behind China and Latin America. Unfortunately, Russians are also among the most sophisticated and advanced players in criminal cyber activity. These days, they invent viruses and complex Trojan programs on demand. They launder money through the Internet. However, the largest number of harmful programs are written in Chinese. This means that they can be coming directly from the People’s Republic, but also from Singapore, Malaysia and even California, where there are Mandarin-speaking hackers.
SPIEGEL: Surprisingly enough, very few viruses seem to be coming from India even though it’s a rising star in the IT world.
Kaspersky: In general, the crime level in India is low. It’s probably a matter of the mentality. India and China have roughly the same population, the same computer density, a similar standard of living and similar religious roots. But China spits out viruses like they were coming off an assembly line.
SPIEGEL: Why is Russia producing some of the most dangerous hacker rings but very few world-class software companies like your own?
Kaspersky: There are a few, but I see a basic problem: In Russia, the level of technical training has traditionally been high, and it has been transferred from teachers to students for generations. But there are no teachers who know how to build a business with this training because, over seven decades of communism, doing business was never allowed to be the focus. Most of today’s business leaders are around 50, which means they were born during the Soviet era. They often have a type of Iron Curtain in their minds. They like to go abroad for vacation; but when they do business, they limit themselves to countries that once belonged to the Soviet Union because that’s where people speak their language and understand them culturally. I hope to see a new generation that is no longer afraid of other cultures and that speaks English.
SPIEGEL: The Russian search engine Yandex recently raised $1.3 billion (€912 million) in its initial public offering in New York, which was the highest IPO figure in the industry since Google…
Kaspersky: …which is an unbelievably important signal for many people here. A Russian company has shown that it can be successful with the power of our brains rather than with our natural resources. There is an American dream, and now there is a Russian dream, as well: to make money without oil and gas.
SPIEGEL: You once described yourself as an extremely paranoid person. What is the worst possible disaster that a computer viruses could cause?
Kaspersky: In the Soviet days, we used to joke that an optimist learns English because he is hoping that the country will open up, that a pessimist learns Chinese because he’s afraid that the Chinese will conquer us, and that the realist learns to use a Kalashnikov. These days, the optimist learns Chinese, the pessimist learns Arabic…
SPIEGEL: …and the realist?
Kaspersky: …keeps practicing with his Kalashnikov. Seriously. Even the Americans are now openly saying that they would respond to a large-scale, destructive Internet attack with a classic military strike. But what will they do if the cyber attack is launched against the United States from within their own country? Everything depends on computers these days: the energy supply, airplanes, trains. I’m worried that the Net will soon become a war zone, a platform for professional attacks on critical infrastructure.
SPIEGEL: When will that happen?
Kaspersky: Yesterday. Such attacks have already occurred.
SPIEGEL: You’re referring to Stuxnet, the so-called “super virus” that was allegedly programmed to sabotage Iranian nuclear facilities.
Kaspersky: Israeli intelligence unfortunately doesn’t send us any reports. There was a lot of talk — on the Internet and in the media — that Stuxnet was a joint US-Israeli project. I think that’s probably the most likely scenario. It was highly professional work, by the way, and one that commands a lot of respect from me. It cost several million dollars and had to be orchestrated by a team of highly trained engineers over several months. These were no amateurs; these were total professionals who have to be taken very seriously. You don’t get in a fight with them; they don’t mess around.
SPIEGEL: What kind of damage can a super virus like this inflict?
Kaspersky: Do you remember the total power outage in large parts of North America in August 2003? Today, I’m pretty sure that a virus triggered that catastrophe. And that was eight years ago.
SPIEGEL: Firemen tend to describe the dangers of fire in particularly dramatic terms because they make their money fighting fires. Aren’t you just trying to scare people about viruses because that’s your bread and butter?
Kaspersky: If I were only interested in the money, my company would have gone public by now. Believe it or not, my primary concern is making the world a cleaner place. Money is important; but if I do my job well, that will take care of itself.
SPIEGEL: Hackers have recently been taking aim at companies like Lockheed Martin, Google and Sony…
Kaspersky: …simply because they can now infiltrate their well-protected security systems to access secret information. This puts companies at risk, but it also jeopardizes entire nations. It’s a matter of private industrial espionage, but countries are also involved.
SPIEGEL: Are you saying that governments are behind many of the attacks?
Kaspersky: I don’t rule it out.
SPIEGEL: Google has claimed that the attack on its e-mail services was traced back to China.
Kaspersky: I have no information pointing toward China as the actual originator. Professionals do their work through proxy servers. They can be located in China but controlled from the United States. Perhaps it was just competitors — but people then pointed the finger at China. Anything can happen in our business.
SPIEGEL: In 2007, Estonia provoked the Russians when it moved a Soviet-era war memorial. Do you think the Kremlin was behind the subsequent cyber attack on the small country?
Kaspersky: Not the government, but enraged Russian spammers who directed special computer networks known as “botnets” against Estonia. It became the prototype of a belligerent cyber attack on a country. The attackers didn’t just cripple government websites; they also sent so many spam e-mails that the entire Internet channel to Estonia quickly collapsed. The country was cut off from the world. The banking system, trade, transportation — everything ground to a halt.
SPIEGEL: Could Russian hackers figuratively “checkmate” Germany?
Kaspersky: (laughing) We won’t do that. If we did, who would buy our natural gas?
SPIEGEL: A number of computer geeks and hackers have banded together into an elusive online group known as “Anonymous,” which is constantly staging fresh guerilla cyber campaigns. What are your thoughts about it?
Kaspersky: I don’t think Anonymous has done any major damage yet. But I also don’t support this group. Some of these people have good intentions and are merely trying to draw attention to security loopholes. But there are also those with bad intentions. Imagine you left the key in your front door. Some would call to let your know, whereas others would spread the news throughout the entire city that your front door is open. That’s Anonymous; it’s unpredictable.
SPIEGEL: In the future, terrorist organizations like al-Qaida could also wage cyber wars.
Kaspersky: Terrorists primarily use the Internet for communication, propaganda and recruiting new members and funding sources. So far, highly qualified cyber criminals have had enough sense to not get involved with terrorists. But, in the future, we should count on seeing cyber attacks on factories, airplanes and power plants. Just think of Die Hard 4…
SPIEGEL: …in which Bruce Willis had to fight his way through an army of young hackers.
Kaspersky: Half of the film is Hollywood fiction, but the other half is quite realistic. That really worries me.
SPIEGEL: Your 20-year-old son Ivan was recently kidnapped by a gang but liberated unharmed a few days later. How dangerous is it to be rich in Russia?
Kaspersky: More dangerous than it is in Munich, but not as dangerous as it is in Colombia, where I usually traveled in an armored car when I was there on vacation. The children of successful entrepreneurs are kidnapped in other countries, too. Thank God the Russian authorities and my security service were able to rescue Ivan. My son was partly to blame for his kidnapping: He had broadcast his address on Facebook even though I’d been warning him for years not to reveal any personal information on the Internet. Social networks like Facebook and Twitter make it easier for criminals to do their work.
SPIEGEL: Your son is studying mathematics and works as a programmer. Do you expect him to take over your company one day?
Kaspersky: If he’s good, maybe so.
SPIEGEL: Silicon Valley is teeming with Russian scientists. Didn’t you ever want to emigrate to America?
Kaspersky: Once, in 1992. I had just returned to Moscow from Hanover, from my first trip to the West. At the time, I could do nothing but shake my head in disgust over my country. The prosperity gap was enormous. It’s become significantly smaller today. And because I travel so much, I know there are pros and cons everywhere — whether social, economic or political.
SPIEGEL: Mr. Kaspersky, thank you for this interview.
Interview conducted by Matthias Schepp and Thomas Tuma