By Dr. Solvita Denisa-Liepniece, for CEPA
Kaspersky is popular in Russia, less so elsewhere. Vladimir Putin called the cybersecurity company’s founder, Eugene Kaspersky, Russia’s answer to Elon Musk. The KGB-trained software expert founded the company (then known as Kaspersky Lab) in 1997; it became one of the most popular antivirus program providers in the world.
Recently, it has had a rough ride. The U.S. has banned its software for government use. The European Parliament demanded that EU institutions stop using the company’s products. Some other countries have taken similar steps.
Now Kaspersky is pushing back, with what it calls its “Cyber Security Capacity Building Programme” (a term used eight years ago for a British Foreign Office initiative). The target audiences of the new project are state agencies, national cybersecurity regulators, as well as academia, the media, and information security community experts.
In the Baltic states, Kaspersky is promoted intensively in articles published on popular online news portals. Topics include how to increase your personal IT-resilience; how to care about elderly people going online as a result of self-isolation; how to protect children having online-learning; how to disinfect your smartphone or to have a safe Zoom meeting. None of the articles were marked as sponsored content or as commercials.
Lithuania’s public service portal LRT, for example, gave advice on online safety based exclusively on Kaspersky expertise, quoting the company’s specialists in three articles within the last few months. Lithuania is the only country among the Baltic states that has named Kaspersky as a potential national security threat. The decision to cancel the use of Kaspersky for critical importance infrastructure came at the same time as in the U.S.
Mindaugas Jackevičius, editor-in-chief of LRT portal, says publishing these articles was a mistake to be learned from. A young journalist was trapped by good PR: “they take ‘innocent’ topics and prepare high-quality production,” says Jackevičius.
An even more striking example was from Latvia, where on April 18, Delfi, the country’s most popular portal, published an opinion piece written by Eugene Kaspersky himself, inviting doctors and health care organizations to take up a special covid-19 related package, which offers the company’s products with a free six-month license. Kaspersky underlined the vulnerabilities of healthcare systems to cyber attacks, and recent breaches suffered by medical organizations, including in the U.S.
Last December Delfi.lv published a series of advertisements made for Kaspersky featuring Latvian influencers. Delfi’s editor-in-chief in Latvia, Ingus Bērziņš, insists that the company has strictly divided commercial and editorial content. In regards to publishing the Kaspersky op-ed he says editorial decision making did not include reacting to a hypothetical security threat.
The threat is serious, says Jānis Kažociņš, national security adviser to Latvia’s president and the former chief of the country’s foreign intelligence service. He notes that individuals’ medical data can reveal physical, psychiatric, or emotional vulnerabilities that can be used by hostile intelligence services or for criminal purposes. These might be exploited either directly against a person (for blackmail) or indirectly (against an individual’s friends, colleagues, or family). Medical data should be protected like security-vetting information, he says. “particularly in the case of those with security clearances or in key appointments.”
Bearing in mind the close and unavoidable association in undemocratic states between business, government, intelligence services, and organized crime, Kažociņš says the use of data protection services from countries such as China and Russia should be viewed as a serious threat. Giving a hostile foreign state access to these data, in short, is as risky as giving a Chinese technology giant like Huawei a role in the next-generation 5G mobile data network.
A representative of Latvia’s CERT (the institution that deals with cyber-emergencies), Līga Besere, says that just as individuals must be able to evaluate online risks, medical companies should also be able to evaluate advantages and disadvantages of any offer, including Kaspersky’s.
The issue is seen differently in Estonia. Lauri Aasmann, Director of Cyber Security at the Estonian Information Systems Authority, says public authorities and companies providing critical services have been advised to consider the risks involved in using any software, including antivirus software. “We have also pointed out that there have been security concerns over Kaspersky products,” he says, referring to a trial when an ex-NSA hacker was jailed in a case involving Kaspersky software.
Kaspersky’s publicity efforts in Latvia give few clues about its Russian origins. The company describes itself as “an international cybersecurity organization established in 1997” registered in the UK with infrastructure in Switzerland and research centers in Europe, the U.S., Russia, and elsewhere. No controversy is mentioned.
Offering products with a prolonged free-of-charge trial to vulnerable groups creates the perception of altruistic behavior and thereby legitimation, for commercial or other purposes. Pascal Boyer, a cognitive anthropologist, explains in his book “Minds Make Societies” that announcing a threat can establish trust.
Kaspersky denies any ties with Russian security services and insists that consumer data are safe. A company PR representative dealing with the Baltic states promised a prompt reply to questions but sent nothing.
For critics, Kaspersky’s campaign echoes the patient opportunism practiced for decades in the Baltic states by the Kremlin: remain on the sidelines for a moment, wait for (or contribute to creating) the right moment to become needed and then set your own agenda.
By Dr. Solvita Denisa-Liepniece, for CEPA
Dr. Solvita Denisa-Liepniece is a consultant on cognitive resilience and an Assistant Professor at Vidzeme University of Applied Sciences.
Europe’s Edge is an online journal covering crucial topics in the transatlantic policy debate. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.