12 May 15. Kaspersky Denies KGB Connections. Russian cyber-security firm Kaspersky Lab may have ties to Russia’s Federal Security Service (FSB), the successor to the Soviet KGB, according to a report published by Bloomberg. The report cited six unidentified former and current employees of Kaspersky Lab, one of the world’s biggest sellers of anti-virus software, as saying the company had aided Russian spooks using data collected from its 400 million customers worldwide. Bloomberg also alleged close personal ties between Kaspersky’s founder, Eugene Kaspersky, and Russian intelligence officers and said the Russian company, which issues regular reports on global cyber-espionage groups, focused on exposing Western programs, particularly by the U.S. National Security Agency (NSA), while ignoring espionage efforts by Russia’s security service. Kaspersky on Friday refuted the claims on his blog, claiming that the company had nothing to hide.
“It is very hard for a company with Russian roots to become successful in the U.S. and European markets,” Kaspersky wrote. “Nobody trusts us by default. Our only strategy — is to be 1000 percent transparent and honest. It took years to explain who we are.”
The Moscow-based company is the world’s sixth-largest cyber security firm by revenue, raking in $667m in 2013, and is highly regarded by U.S. retail stores such as Best Buy and Amazon.com. Citing its unidentified sources, Bloomberg said Kaspersky Lab had started cozying up to the Russian government in 2012, firing high-level managers and replacing them with Russians close to the military or intelligence services. Three of Bloomberg’s sources identified the company’s chief legal officer, Igor Chekunov, as one highly placed manager with a KGB past — he worked as a border guard, a post that was managed by the KGB in the Soviet Union, Bloomberg said. According to Bloomberg, Chekunov joins Kaspersky for a weekly banya (Russian sauna) session with 5 to 10 regulars that include Russian intelligence officers. Kaspersky denied knowing any intelligence officers at the banya on his blog. Bloomberg also said Kaspersky was a KGB cryptography specialist and cited a Japanese advertising campaign that claimed as much. Kaspersky firmly denied this.
“I can spell it out: I’ve NEVER worked for the KGB,” he wrote. “I studied mathematics at the school sponsored by Ministry of Atomic Energy, Ministry of Defense and KGB. After graduating, I worked in the Ministry of Defense as a software engineer for several years.”
(Source: Cyber Security Intelligence/Moscow Times)
12 May 15. Hacking Aviation Technology. Hard-core engineering industry professionals often believe that if information about how systems might be exploited is published, then the risk of these systems being exploited will increase. In contrast, most security researchers believe that responsibly disclosing security issues creates positive pressure on vendors to address these issues more effectively. Aviation isn’t the only industry in this position. Energy, utilities, automotive, any industry where operational technology is being integrated, or replaced, with more IT components, experiences this conflict. These are generalizations, of course, and there are extremes on either side, but there’s a core, cultural difference in a response of ‘no one can access this component’ and ‘what happens when someone does?’ Industries that have a life-and-death impact are, understandably, particularly sensitive to this issue. Anywhere failure can actually kill people deserves some special consideration. In aviation, flight safety trumps information security, as it should, but as more and more attacks affect well known organizations, information security is gaining in visibility. There’s a growing recognition that cyber-attacks can have real-world consequences. Despite this change in visibility, security researchers are concerned that if they demonstrate theoretical attacks on aircraft and aircraft systems, which i