A Russian-origin cybersecurity firm that helps governments catch hackers recently hosted a contest where American and British students submitted plans to fix vulnerabilities in e-voting systems.
Kaspersky Lab, a global cybersecurity software company whose leader was educated at a KGB-backed institution, announced three finalists in a competition to create technology to secure digital voting systems last week.
Students from 19 universities in the United States and United Kingdom submitted proposals to use so-called "blockchain" technology to address security challenges in digital voting systems related to voter fraud and voter privacy. The winners of the Cybersecurity Case Study Competition, which was hosted by the Economist's "Which MBA?" website, received thousands of dollars in prize money for their submissions.
Kaspersky Lab, which was founded in 1997, describes itself as the fastest-growing global company developing cybersecurity solutions, providing technology to 400 million users and nearly 300,000 corporate clients worldwide. The company operates in 200 countries and territories, with offices in 32 countries, and works with local authorities to investigate cybercrime.
Eugene Kaspersky, the company's chairman and CEO, studied cryptography and mathematics at a school sponsored by the Soviet Ministries of Atomic Energy and Defense, the Soviet Space Agency, and the KGB, the Soviet spy agency that has been supplanted by the FSB, Russia's foreign intelligence service. Kaspersky worked as a software engineer at the Ministry of Defense after graduating but later moved to the private sector in the 1990s. "I wrote the code for the Soviet military," Kaspersky told the New York Times earlier this year.
Kaspersky's background has been subject to scrutiny in recent years, leading some to question whether U.S. entities should trust his firm's technology to secure their systems.
"Given what we know between Snowden, the massive Russian hacking operation against the U.S. elections this year, we need to be very vigilant about employing IT firms that have any connection, however distant, to the Russian government since Russia doesn't work the way that the United States does," John Schindler, a former NSA intelligence analyst and counterintelligence officer, told the Washington Free Beacon in an interview Monday.
"Private firms are not always completely private and individuals with a KGB or military background are expected to share information with the Russian state," Schindler said.
When contacted by the Free Beacon, Kaspersky Lab described concerns about their equipment as "unwarranted."
"As a private company Kaspersky Lab has no political ties to any government, but is proud to collaborate with the authorities of many countries and international law enforcement agencies in fighting cybercrime," the firm said. "The company works together with the global IT security community, international organizations, national and regional law enforcement agencies."
The company dismissed concerns about Kaspersky's background, stating, "After graduating from high school, he attended a higher school that had multiple government sponsors, one of which was the KGB—that is the extent of it."
In June, Kaspersky Lab helped Russian authorities investigate and arrest alleged members of a criminal hacking group called Lurk that used malicious software to steal money from bank accounts used by commercial organizations. The company also helped secure systems used by the Russian Olympic Committee during the 2014 Winter Olympics in Sochi.
The Russian version of Kaspersky's website boasts that its cybersecurity software is endorsed by the FSB.
"Kaspersky FSTEK can be and is strongly recommended to be used (official position of the FSB) for the protection of personal information and data, including those related to the category 'government secrets,'" states a page on the company's website, according to an English translation of the Russian.
Kaspersky said in a February 2016 interview with the magazine Gulf Business that the company has worked with the governments of Russia and other nations, though he insisted it did not have dealings with any intelligence services.
"We are working with governments in many nations--in Europe, in Asia, in the Middle East, in Russia. We are very good friends with the cyber police and the agencies responsible for cyber security," he told the publication. "But we stay away from the intelligence services and the espionage agencies; we keep our distance from them and from the politicians. We are a security company so we must stay independent and neutral. It is not possible to be linked to any political party, for instance. It would be a conflict of interest."
Bloomberg Businessweek reported in March 2015 that the company had undergone changes since 2012, with individuals with ties to Russian military and intelligence services replacing high-level managers who left or were fired. Kaspersky responded to the article in a blog post, labeling it "nonsense" and "sensationalist" journalism.
The firm's global management team includes individuals with ties to the Russian government.
For example, Andrey Tikhonov, the firm's chief operating officer, previously worked in information technology at a research institute of the Russian Ministry of Defense, where he rose to the rank of lieutenant colonel.
Igor Chekunov, the chief legal officer, held positions in the Russian Federation's ministries of internal affairs, industry, oil and energy, and transportation before joining Kaspersky. He received his law degree from Moscow University of the Ministry of Internal Affairs of the Russian Federation.
Alexey De-Monderik, Kaspersky's corporate adviser, worked for several years as a computer engineer in a Soviet rocket science institute before helping to co-found Kaspersky Lab in 1997.
The Free Beacon reported in March that the U.S. Defense Intelligence Agency warned in an internal notice that Russian government hackers could use new security software developed by Kaspersky Lab to penetrate U.S. industrial control networks. The company vehemently denied the charges that it was producing equipment that could be used to penetrate U.S. infrastructure.
The cybersecurity competition about e-voting was hosted by Kaspersky's North American division, which is based in Woburn, Massachusetts. The firm named New York University, the University of Maryland, College Park, and England's Newcastle University as the top three winners last Thursday. They were awarded prizes of $10,000, $5,000, and $3,000, respectively.
The participants, who were judged by Kaspersky experts, "provided written and video submissions detailing their proposals on blockchain-compliant systems that addressed specific security challenges, including voter privacy, undecided voters, voter fraud, and more," according to the contest press release.
Democratic Reps. Jerrold Nadler (N.Y.) and Steny Hoyer (Md.) released statements congratulating winners from their states for their success in the competition. Kaspersky himself said he was "impressed" by the submissions.
"The challenges of cybersecurity mean the next generation of experts face a changing frontier—there will be plenty of things to work on and securing digital voting systems for national elections is just one example," Kaspersky said in a statement. "If cybercriminals exploited one small vulnerability, it could potentially change the course of a nation's history, and these young scholars are bringing us one step closer to making secure digital voting a reality."
The company said that the competition was not about "researching or identifying vulnerabilities" in voting systems and that the challenge was not specific to any particular country or region's voting system.
The competition to secure digital voting systems comes amid controversy over Russia's attempts to influence the U.S. presidential election through cyber attacks.
The U.S. intelligence community formally accused the Russian government in October of directing hacks against U.S. political organizations to influence the election.
The Washington Post reported last week that a secret CIA assessment had concluded that Moscow intervened in the election to help President-elect Donald Trump, though the Office of the Director of National Intelligence has reportedly not endorsed the findings due to lack of conclusive evidence.
Republican and Democratic members of Congress have joined to demand investigations into the hacks.