Thursday, May 31, 2012

Flame, Russia and the ITU: A Geopolitical Agenda?

Both the ITU and the Russian government have been united in their interest to secure a global cyber warfare treaty since at least 2010. In recent weeks, Evgeniy (Eugene) Kaspersky has been increasing his rhetoric regarding a future cyber catastrophe and most recently his company was chosen by the ITU to investigate the Flame attack. That attack prompted today's press release by the ITU calling for "greater international collaboration" on cyber security matters at their upcoming conference in Dubai; a conference sponsored by Kaspersky Labs and where CEO Kaspersky will deliver the keynote:
Cybersecurity will be a major agenda theme at ITU Telecom World 2012 (Dubai, 14-18 October 2012), supported by key partners, one of whom is Kaspersky Lab. This agenda will explore issues such as mitigating risks posed by major coordinated cyber-attacks at the national level, the threats posed by malware such as Flame, and strengthening international cooperation. Kaspersky Lab CEO Eugene Kaspersky will deliver a Visionary Keynote speech at the event, outlining the magnitude and global nature of cyberthreats today.
 The Russian government has long been an advocate of an Information Warfare treaty limiting the use of cyber weapons and other acts of IW because it serves the interests of the Russian government (which has other means of conducting IW) while restricting cyber weapons development in the West. An excellent overview of the ramifications of such a treaty is Tom Gjelton's "Shadow Wars: Debating Cyber Disarmament".

Evgeniy Kaspersky, Kaspersky Labs, and the Russian Security Service

In November 2009, the Duma Committee on Security met on “the legislative, organizational and technical security aspects of the national info-communications infrastructure.”  The meeting included the Experts Council and several additional experts.  The invited experts were primarily senior government officials—including two from the FSB--with two from industry.  One was the President of MFI-Soft—the company that provides internet intercept systems to the FSB ISC—and the other was Evgeniy Kaspersky, Director of JSC Kaspersky Labs.

The President of MFI-Soft Alexander Ivanov is a former senior military communications officer.  MFI-Soft’s bread and butter are lawful intercept systems including SORM-1, SORM-2, and SORM-3.  MFI-Soft holds numerous licenses from the FSB and FSTEC for work on state secret information and encryption systems.  JSC Kaspersky Labs does as well.  While the Duma Security Committee did not post the meetings minutes, both companies are now involved in pushing Russian standards for the Commonwealth of Independent States (CIS).

Kaspersky Labs holds numerous security clearances authorizing work on projects involving state secret information (current list is posted at The FSB only licenses two antivirus companies for work with state secret information; JSC Kaspersky Labs and Dr. Web. The licensing requirements effectively give JSC Kaspersky Labs and Dr. Web a monopoly on the Russian market since the IT market is dominated by the Russian Government and large industry closely aligned with the government.  Indeed, in 2009, the Russian Federal Antimonopoly Service (FAS) initiated proceedings against Kaspersky for possible violations of Russian antitrust laws, but no action appears to have been taken. Russian government tenders posted at frequently specify JSC Kaspersky Labs products as required based on their FSB/FSTEC licenses.  The licenses are almost certainly critical to Kaspersky’s future.  According to Interfax, Kaspersky sales totaled $538 million in 2010 (last year for full data).  However, the revenue breakdown was stated in such a way that it is impossible to identify specific sources.

Kaspersky's elevation of Flame to a status that it doesn't deserve (a "highly sophisticated cyber weapon") takes on a new meaning when you examine the close relationship between Kaspersky Labs and the Russian government along with their relationship with the ITU and their parallel interests in promoting international cyber security agreements and cyber warfare treaties. Is Flame a means to a geopolitical end that favors those players interests? I think it is.

"Kaspersky's Problematic Flame Analysis"


  1. Do you seriously think Flame is a russian creation?

  2. I have no idea who's behind Flame however it's clear to me that both Russia and the ITU are using Flame for political purposes.