Eugene Kaspersky, cybersecurity expert: ‘The good news is that we use AI to detect malware. The bad news is that criminals also use it’

A rainstorm of historic proportions caused unprecedented flooding in Dubai on April 16. Among the thousands of people from all over the world trying to land in the desert city was Eugene Kaspersky, the founder and CEO of Kaspersky Lab, a cybersecurity firm. The 58-year-old’s flight from Moscow wasn’t without incident: “There was turbulence the entire time and I had to land in Abu Dhabi.” After waiting on the plane for a couple of hours, he was able to leave the airport and find a car to take him to Dubai.

The Russian cybersecurity expert compares the storms in Dubai with the challenges his company is facing in the United States. In recent years, his firm has come under scrutiny due to allegations about its relationship with the Russian government. In fact, the U.S. vetoed the use of Kaspersky’s software by government agencies in 2017, for fear of Russian espionage. Now, the Biden administration is preparing to go further, by issuing an order that would prevent American companies and citizens from using his software. According to CNN, this is due to national security concerns.

“There are things in the world that we cannot change,” Kaspersky shrugs, when asked by EL PAÍS about the American government’s accusations. “We need to adapt to the new reality, like with thunderstorms. [That’s why] we keep working.” Next, the expert boasts that his company has technologies “that recognize malware (malicious software) better than others: we do it in real-time and we send what we capture on the internet to the rest of the community. Companies like McAfee and Broadcom also exchange information. It’s a kind of network of cooperation.” According to this expert, failure to collaborate could reduce the quality of protection and expose users to greater risks.

The U.S. isn’t the only country that views Kaspersky with suspicion. In 2022 — just two months after Russia invaded Ukraine — Germany’s Federal Office for Information Security urged companies and users to avoid using the company’s programs due to “a considerable risk of a successful cyberattack.” The CEO of Kaspersky Lab defended himself, affirming that these claims are mere speculations that aren’t supported by any tangible evidence.

When asked about his position regarding the war in Ukraine and his relationship with the Russian government, the expert insists that his firm is “an independent cybersecurity company.”

“We’re a very transparent company. [Some people] fear that we’ll do something wrong. We explain to them that this is impossible, because we cannot just become invisible. Many people would [witness this behavior] and wouldn’t remain silent,” he claims, in an interview conducted at Kaspersky Cyber Immunity, a conference that was organized in Dubai between April 17 and 19. EL PAÍS was invited by the cybersecurity company.

In March 2022, Kaspersky stated that “war isn’t good for anyone.” Since sanctions were imposed on Russia by the West, his company has been especially affected in the United States. “Right now, they don’t want us. Business has fallen by around 50%,” he laments. However, he highlights that in some countries — such as Spain — the allegations levied against his company haven’t negatively affected him. Kaspersky Lab products are still included in the Spanish ICT Security Products Catalog — which offers services to various government agencies — and used by the National Cryptologic Center (CCN), within the National Intelligence Center.

According to Kaspersky, when the war in Ukraine began, cybercriminal activities and politically-motivated attacks proliferated. “It doesn’t just happen with wars: [it can happen] with any major event, such as an earthquake or a tsunami,” the expert notes. He says that he is “100% sure” that there will be cyberattacks related to the Olympic Games, pointing out that cybercriminals “use the flaws of these big events for [the purposes of] social engineering” and to make “more attempts at hacking.”

In a war, “everyone” is vulnerable to cyberattacks: “Individuals, companies, soldiers…” After the invasion of Ukraine, some companies that were active in Russia saw a 1,000% increase in attacks. “We were observing what was happening on the Russian side and there were massive attacks against various companies and public services. Many [of these attacks were attempting] to steal and publish sensitive data. Others were against the financial sector and infrastructure,” Kaspersky recalls.

AI in the wrong hands

A long time ago, Kaspersky asked himself a question: why do malware and hackers exist? He’s now clear about the answer: “Because the architecture of the operating systems is vulnerable.” He explains that “the main ideas [behind] modern operating systems were [conceived] in the 1960s and 1970s.” Around that time, those who mainly used computer systems were scientists and military personnel. “Cybernetics wasn’t for the general public; it was for a gentlemen’s club who knew each other, so there was no room for criminals.”

But the situation has changed. At his firm, the employees detect more than 400,000 new cases of malware every day. “It’s impossible to do this manually,” Kaspersky points out. For this reason, they use a machine learning system. “The good news is that we use artificial intelligence to detect malware. The bad news is that criminals also use it for their own purposes.” For him, the danger of artificial intelligence is precisely “that it falls into the wrong hands.”

Although automated systems are used, the criminal business based on malware involves “hundreds of thousands of people.” The expert acknowledges that “if they said there were 100,000 people involved in developing malicious code, I wouldn’t be surprised.” The typical profile of someone who engages in cyberattacks is a software engineer between the ages of 20 and 30. “Although the majority [of hackers] are young, there are people between 14 and 60-years-old,” Kaspersky clarifies.

Typically, behind all these attacks, there are “complex” organizations that operate as “a company.” Kaspersky says that they have specialized departments in each stage of the process, from engineering the attack to negotiating the ransom. “In many cases, these people don’t know each other. They only know each other by nicknames… [they’re in contact with each other], but they’ve never met in person.”

Some cybercriminal groups specialize in specific types of attacks and focus on particular regions. “If we’re talking about ransomware, most of [the actors] are Russian-speaking. If we talk about [those who run] botnets and backdoors, most of them are Chinese-speaking. And, if we talk about financial fraud, the majority [of perpetrators] are Spanish and Portuguese speaking,” he details.

He says that there’s a reason why Chinese hackers don’t make as much ransomware, a type of malware that locks a victim’s data or device and threatens to keep it locked unless money is paid: “Ransomware often asks for cryptocurrency, and cryptocurrencies are banned in China. So, Chinese cybercriminals cannot monetize them.”

A cell phone without applications

To face the threats of the cyber world, Kaspersky has a unique cell phone in the works — his own company is developing it for him. It’s still a prototype. “It’s not very smart, because the camera doesn’t work yet,” Kaspersky admits. He previously had an old Nokia. Beyond Telegram, the mobile device hardly has any applications. But Kaspersky doesn’t care. “I don’t have time to use it anyways,” he shrugs.

When he wants to use social media, or upload content to his travel blog, he uses a computer that he always carries with him. But how does he take photos if his cellphone camera doesn’t work? The answer is inside his backpack. He unzips it and proudly pulls out a large camera. “I’m not a professional… but some of my photos are pretty good,” he smiles.

To protect himself in his daily life, Kaspersky avoids publishing personal information on social media. Additionally, he only gives out his phone number to people he knows well and who respect his time zone. “I don’t want to receive calls at five in the morning,” he grumbles.

For him, the main mistake that users make is that “they trust anyone on the internet.” The expert warns that criminals — especially in Latin America — are using deepfakes to deceive people with fake voices and images. To avoid being a victim of any attack or fraud, he recommends utilizing updated security products on devices. He also highlights something even more important: “Don’t trust anyone online. Especially now, when we’re in the era of deepfakes.”

Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition