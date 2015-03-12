| SAN FRANCISCO, March 12
SAN FRANCISCO, March 12 The $71 billion
cybersecurity industry is fragmenting along geopolitical lines
as firms chase after government contracts, share information
with spy agencies, and market themselves as protectors against
attacks by other nations.
Moscow-based cybersecurity firm Kaspersky Lab has become a
leading authority on American computer espionage campaigns, but
sources within the company say it has hesitated at least twice
before exposing hacking activities attributed to mother Russia.
Meanwhile, U.S. cybersecurity firms CrowdStrike Inc and
FireEye Inc have won fame by uncovering sophisticated
spying by Russia and China - but have yet to point a finger at
any American espionage.
The balkanization of the security industry reflects broader
rifts in the technology markets that have been exacerbated by
disclosures about government-sponsored cyberattacks and
surveillance programs, especially those leaked by former U.S.
intelligence agency contractor Edward Snowden.
"Some companies think we should be stopping all hackers.
Others think we should stop only the other guy's hackers - they
think we can win the war," said Dan Kaminsky, chief scientist at
security firm White Ops Inc, putting himself in the former camp.
Kaspersky Lab has faced questions about its connections to
Russian intelligence before: Chief Executive Eugene Kaspersky
had attended a KGB school, Chief Operating Officer Andrey
Tikhonov was a lieutenant colonel in the military, and Chief
Legal Officer Igor Chekunov had served in the KGB's border
service.
Eugene Kaspersky said the firm has never been asked by a
government agency to back away from investigating a cyberattack,
and said that its international team of researchers would not be
swayed by any one country's national interests.
Still, several current and former Kaspersky Lab employees
said the firm has dithered over whether to publish research on
at least two Russian hacking strikes.
Last year, Kaspersky Lab officials privately gave some
paying customers a report about a sophisticated computer spying
campaign that it had uncovered. But the company did not publish
the report more widely until five months after British defense
contractor BAE Systems Plc exposed the campaign,
linking it to another suspected Russian government operation and
noting that most infected computers were found were in Ukraine.
"We were late," Eugene Kaspersky said about the report, but
he denied that political considerations were at play. "It is not
possible to be the champion in every game."
In 2013, Kaspersky Lab researchers uncovered another spying
operation, dubbed Red October, that was written by
Russian-speaking programmers and targeted governmental and
diplomatic organizations in Europe, Central Asia and North
America.
It was only after a heated internal debate that the firm
decided to publish a report on that operation, which it believed
to be the work of the Russian military's GRU foreign
intelligence branch, according to several current and former
Kaspersky Lab employees who did not want to be identified.
WHERE TO DO BUSINESS
Kaspersky Lab has been the first to expose a series of major
U.S. cyberattacks, including, most recently, the tools that may
have been used to spread the Stuxnet worm that sabotaged Iran's
nuclear program.
Like its U.S. competitors Symantec Corp and Intel
Corp, Kaspersky Lab drops hints about who it thinks are
behind the attacks but does not publicly name the country.
Kaspersky's success in uncovering U.S. campaigns is in part
because its anti-virus software and security products are sold
in countries of high interest to American spies, such as Iran
and Russia. Much of its research is based on data from customer
computers that use Kaspersky software.
CrowdStrike, a privately held cybersecurity firm based in
Irvine, California, will not sell its services in either Russia
or China because it does not want to face pressure to suppress
information about the activities of those governments. That also
means the firm is less likely to stumble across the United
States' most ambitious intelligence-gathering efforts.
"We're selective about our customers," said CrowdStrike
Co-founder Dmitri Alperovitch. "You can't play both sides."
CrowdStrike's customers include major global banks and tech
companies.
FireEye avoids selling its services in China and
Afghanistan, but does have clients in Russia. Last year, it
acquired computer forensics firm Mandiant Corp, founded by a
former U.S. Air Force officer, Kevin Mandia.
As many of Mandiant's first large customers were U.S.
Defense Department suppliers, it came across spying campaigns
launched by Chinese hackers. That started a cycle in which
Mandiant was hired by other companies worried about China,
enhancing the firm's knowledge and reputation in dealing with
that type of threat.
If companies specialize too much in one region, however,
they could miss attacks elsewhere, security experts said.
As governments spend more to protect their networks from
hackers, they draw closer to the cybersecurity companies.
Senior U.S. intelligence officials, notably from the National
Security Agency, have also joined private security companies
after leaving their posts, drawn by surging demand for cyber
expertise.
Greater information sharing, as proposed by a bill backed by
U.S. President Barack Obama, would push the public and private
sectors still closer.
"I would not be surprised if the NSA went to Symantec and
McAfee and asked them not to detect something," said
cryptography expert Bruce Schneier, chief technology officer at
Resilient Systems Inc, a security firm.
Spokespeople for Symantec and Intel, which bought McAfee in
2011, said that has not happened.
To be sure, Symantec has played a critical role, along with
Kaspersky Lab, in exposing the U.S.-led Stuxnet, and it has
backed up other Kaspersky findings since then.
"We are being completely agnostic to who the malware author
may be," said Symantec Principal Security Response Manager
Vikram Thakur.
Asked if Mandiant would ever expose a U.S. spying program,
the firm's technical director, Ryan Kazanciyan, said: "I
honestly don't know."
Vitor De Souza, spokesman for parent company FireEye said:
"We would do a report on a U.S. group if they broke the law."
The ties between governments and homegrown security firms
could yet break apart, especially if intelligence agencies start
corrupting anti-virus software to spy on target machines.
"Security products might become one of the main vectors of
getting access," said Mikko Hypponen, chief research officer at
Finland's F-Secure Oyj.
White Ops' Kaminsky, whose company identifies networks of
compromised computers being used for fraud, said some security
companies' own attitudes could end up making things worse
faster.
"The global economy depends on a secure Internet, and that
means no back doors for anybody," he said. "Nobody wants to live
in a war zone."
(Additional reporting by Jim Finkle in Boston; Editing by
Tiffany Wu)