Russia's cybercrime-fighting Bond villain

Antivirus guru Eugene Kaspersky says criminals are responsible for an increasing amount of malware
Written by Dan Ilett, Contributor

Three large and weathered Russian women fiercely stand guard at the entrance to a former Soviet nuclear missile building. We show them our passports half wondering if they are as amused as we are, but they glare back coldly without hint of a smile and wave us through.

Walking along the gloomy corridor to the office, the interior looks tatty and has crumbling walls. But on entering Kaspersky Labs proper, the scenery changes. Manning the computers in the spacious modern offices are the antivirus researchers nicknamed 'woodpeckers' for their ability to hammer viruses within minutes of detection.

Sitting behind a large desk at the back of the room is Eugene Kaspersky - a pony-tailed Russian in his early forties with a wry smile. On his desk are two heavy weapons - a wooden flail and a long, heavy bone he says was once a Walrus penis. They are useful for keeping the woodpeckers under control, he jokes. On the wall behind the desk is a dramatic portrait of a younger Kaspersky looking for all the world like a James Bond villain. Surrounded by three beautiful women -- one of whom is Natalya, his ex-wife and CEO of the company -- the young Kaspersky has a self-aware expression and holds a globe in his hands.

Kaspersky built the antivirus labs which bear his name from scratch during the 1990s. A graduate of the Institute of Cryptography, Telecommunications and Computer Science, he worked in military scientific research institute until 1991. He began studying computer viruses in 1989, when he discovered the Cascade virus on his own computer.

Are you seeing an increase in the number of viruses and hack attacks that seem to have a criminal rather than randomly malicious intent?
After you hear stories of hackers getting money from attacking systems, I think there are more hackers attracted [to crime] by that. There is an attitude that people don't understand that cybercrime is not just a virtual thing -- it's real life too. But what is going on is criminalisation of the Internet. Five years ago, 50 percent of the malware was written by hooligans and 50 percent by criminals. But this has gone up. Now it's 90 percent criminals. Hooligans are not only teenagers either. There was a guy back in 1994 who was arrested for virus writing. He was 30-something. I saw an interview with him. He was brilliant, but quite a lot older.

You say that 90 percent of malware you see is sent by criminals. Are we talking organised crime here or random individuals?
I think at the moment they are individuals or small groups. Probably most of them don't understand that what they are doing is against the law. These people just don't understand. But anyone using computer systems to send spam or spy on people is a criminal. Then again, some of them do understand and they try to hide themselves from the police.

Police reports suggest that a lot of phishing attacks and hack attacks originate in Russia. Is this an unjustified stereotype that's forming?
There are many types of hackers and criminals in Russia and in China, of course. But it's not a major proportion of the world. After all, the Russian police tend to arrest many people because they are quite good at this sort of thing. But criminals -- all nations have criminals. People have a dark part of the soul and a light part of the soul. If you have more of the dark part, you become a criminal. More of the light part, you don't. So if you look at arrests on virus writers and hackers, they're everywhere. In Russia we have criminals, but in Germany, China, the States, the UK and Hungary they have them too. I don't think most of them are in Russia. The visible part is coming from Russia but it's not the majority. More comes from Brazil.

Do you ever receive threats to your company?
Actually we are watching a group of hackers -- [we don't know where they are] but they are often in touch with our colleagues. We're constantly asking people for new information on people in the groups. But even if we have this information, it is very difficult to trace back. One of the active groups, which I don't want to name, just disappeared recently. It still exists, but they just don't disclose themselves. And we saw quite a lot of stuff from them. So we built generic protection from their Trojans and looked at their code samples. We defended from it. Then we got the next sample. When we opened it, it said "Kaspersky is a fool". [He laughs].

They want their software to be undetected so they develop technology to bypass detection. And they pay special attention to who develops security solutions. They are able to update that, so it's important that we update too. They can always try out our protection, so in a way, criminals everywhere are always one step ahead.

Your company claims to be able to disarm viruses in minutes. How often do you actually live up to that?
It's very difficult to write a virus. It takes time. For us it takes seconds to add detection but it takes years to develop antivirus technology that can do that. Seeing one sample is easy, but developing all the technology is very difficult. It's not easy.

You've said before that there will be some nasty trends in the security industry, almost akin to the Internet bubble bursting.
I'm not sure about this, but it seems to be going the same way. Everyone remembers the Internet boom. The new companies were helping the internet to grow. More services and companies were emerging. It seems to be the same case with the security companies now. There are companies getting rich because of the huge interest in security, and I'm sure there will be more antivirus and security companies that develop different solutions. This could come to an end, but I'm not sure, this is just a theory. What I am sure about is that the security situation will not be as good in the future. There will be more companies attacked.

Editorial standards