登录 | 注册
您所在的位置:首页人物People › 正文
打印 收藏此页

尤金·卡巴斯基:从苏联情报官到享誉全球的俄罗斯超级杀毒软件大亨

Danny翻译,Danny发布英文 ; 2012-08-24 17:24 阅读次 
  • 中文
  • 中英对照

尤金·卡巴斯基:从苏联情报官到享誉全球的俄罗斯超级杀毒软件大亨之传奇故事早春二月,墨西哥坎昆的Ritz-Carlton酒店中聚集了大约六十个财务分析师、记者、外交官以及计算机安全专家。他们刚从前夜的酒会中清醒过来,挤在酒店的舞厅中。舞厅的正前方是一个巨大的屏幕,屏幕上是一个被准星瞄准的全球地图,坎昆在准星的中央。

一个胡子拉碴的红脸汉子跳上了舞台。他穿着一件皱巴巴的POLO衫,红色的太阳镜挂在头上,更像一个来错了地方的沙滩混混,而不是一个商业人士。但是实际上他是俄罗斯最富有的人——世界上富有争议的最重要的网络安全公司CEO。他叫尤金·卡巴斯基,他赞助了几乎会场的每一个人。“大家好,”他操着沙哑的俄罗斯口音为没能出席昨天的酒会活动道歉。他解释说过去的72小时中他从墨西哥飞到德国又从德国飞回来参加另外一个会议。“基辛格,麦凯恩,总统,政府总理都出席了,”他说,“我有一个小组讨论,意大利国防部长坐我左边,CIA前头头坐我右边。我当时感觉像是,‘哇,都是同行啊’。”

他确实是在吹牛,但是同时他可能低估了自己。意大利国防部长没有能力推断出罪犯或政府是否动了你的数据。卡巴斯基和他的公司,卡巴斯基实验室,却有这个能力。来自福布斯的数据显示2009年至2010年卡巴斯基反病毒软件的零售额提高了177个百分点,将近4500万一年——几乎是其对手赛门铁克和麦咖啡销售量之和。在全球范围内卡巴斯基的安全网络已经包括了5000万人,每当这些人下载一个新的软件时都会发送数据到莫斯科的卡巴斯基总部。微软、思科、Juniper网络公司都在自己的产品中内嵌了卡巴斯基的代码,为这个公司贡献了3亿用户。卡巴斯基在于病毒斗争的过程中逐渐坐上了业界领导者的位置。

这些还不是卡巴斯基的全部。2010年,一位研究人员发现了Stuxnet(震网)病毒。这是美国和以色列制造的、世界上第一个广为人知的计算机武器,毁掉了近千台伊朗离心机,这位研究人员现在为卡巴斯基工作。今年五月,卡巴斯基的反黑客专家发现了第二个计算机武器,命名为Flame(火焰)。这个病毒最终也被发现是么美以针对伊朗的武器。换句话说,卡巴斯基不仅仅是反病毒公司;他还是检测网络间谍活动的领导者。

对任何人来说,能够站在这样一个组织的顶端意味着相当大的权力。但是卡巴斯基的崛起格外引人注目——对于一些人来说是非常的不安——他受过克格勃(KGB)资助的训练,拥有苏联情报官终身职位,是普京政权的同盟,与俄罗斯联邦安全局(FSB)的错综复杂的关系。当然,这些经历没有一件在坎昆被提到。

(在坎昆)被谈及的是卡巴斯基对于互联网安全的未来的看法——以西方标准来看非常极端的看法。他的观点包括对某些线上活动发放电子护照并严格监控,并允许政府监管社交网络并组织抗议运动。“现在过于自由了,”卡巴斯基以Facebook为例说,“自由是好东西。但是坏人——他们可以滥用这种自由来操纵公众观点。”

这不是守护着我们如此多的电脑、平板、智能手机安全的人应该说出来的话。但这也是尤金·卡巴斯基矛盾的地方:他既是普金集权政权的帮凶,又肩负着数百万美国人电脑数据的安全;一个据说是退休了的情报官员,却还在整天揭露他国的秘密活动;他是开放和自由的互联网的重要存在,却不喜欢互联网这么自由。这就是影响力越来越大但又非常神秘的卡巴斯基的写照。

尤金·卡巴斯基是一个很聪明的孩子。16岁时获准进入克格勃支持的密码学、通信和计算机研究所进行为期五年的学习。1987年毕业之后被编入苏联军队担任情报官。直到四分之一世纪之后的今天,他仍然拒绝透露他在军队中的工作以及在研究所中学习的内容。“那是高度机密,所以我忘记了。”他说。

卡巴斯基更愿意谈论他在1989年第一次见到他的电脑被病毒感染的故事。那是一个叫做“瀑布”的恶作剧病毒,对计算机唯一的破坏就是让你屏幕上的字符像俄罗斯方块一样掉下来。(译注:1989年的计算机没有图形界面,一般都是命令行。)出于好奇,卡巴斯基保存了一份该病毒的副本并开始研究病毒的工作原理。几周之后他遇到了第二个病毒,接着是第三个。他的兴趣与日俱增。“对尤金来说,他有点上瘾了。”他的朋友Alexey De Mont De Rique说。每当出现一个新的病毒,卡巴斯基就会“坐在电脑前一动不动连续二十个小时,”尝试解剖病毒,De Mont De Rique回忆说。当时反病毒研究的圈子还很小,这位年轻的苏联情报官的名号迅速的响了起来。

在九十年代早期,卡巴斯基希望离开军队,将全部时间用于病毒研究。但是有一个小问题:“这几乎是不可能的,”他解释说。离开军队的方法只有进监狱、重病、以及证明自己彻头彻尾的无能。卡巴斯基原来在密码研究所的导师开了一个公司,从鞋子到电脑什么都卖,他有能力让卡巴斯基离开军队并雇用他。但是不知为何,卡巴斯基没有去。而卡巴斯基的老婆Natalya和De Mont De Rique很快就加入了卡巴斯基导师的公司。

1997年这三个人凑在了一起自己开起了反病毒公司。在当时他们的软件非常的先进,它是第一个实现了“沙盒”的网络安全软件,用于观察恶意软件的行为并将恶意软件与计算机其它部分隔离开来。它也是第一批将完整的病毒程序塞进病毒库中的反病毒软件。即使尤金与Natalya婚姻的失败也没有影响到这家初创公司的蓬勃发展。这对夫妇1998年离异,但是她还在公司负责销售和财务,而他则在“病毒实验室”关心研究病毒。“一般的分析员一天分析大概100个样本,”卡巴斯基首席研究员Aleks Gostev说,“尤金一天能搞300个。”

今天,卡巴斯基实验室拥有约200名病毒研究人员,小部分位于美国和中国,大部分都位于克里姆林宫西北六公里外的一个改造过的电子工厂中。在四月的一个晴朗早晨我来到那里参观。这座旧工厂更像是一个高中校园,到处是二十多岁纹了身的小伙子,从前苏联穿越到了这里。这所学校的偶像像是尤金本人。一些雇员穿着切·格瓦拉的衣服,但是头像换成了他们老板的头像。墙上挂着资深成员的黑白照片,里面的人像美洲的印第安人一样涂着油彩。“尤金——伟大的病毒猎手,”尤金·卡巴斯基的照片下写着这样的一行字,在照片中他握着弓箭。就在这个造成,卡巴斯基实验室受到了12,543封关于可疑程序的电子邮件,而公司累计收到的类似邮件多大780万封。

这些收集工作是自动进行的。当一个用户安装了卡巴斯基软件,它就会扫面你的每一个应用程序、文档、电子邮件,查找恶意行为的信号。它会删除检测到的已知的恶意软件,并在无法识别某个可疑的程序时,将程序副本加密发送到卡巴斯基服务器上——在用户同意加入卡巴斯基安全网络的前提下。基于云平台的系统自动的检查该副本是否在“白名单”或“黑名单”中。白名单包含了3亿个合法程序,黑名单中包含了9400万个已知的恶意程序。如果不在名单中,那么系统开始自动的分析程序的行为——例如看看这个程序是否会对计算机配置进行未授权的修改,或是连续不断的向一个远程服务器发送信息。少数情况下系统会对该副本束手无策,这时就轮到卡巴斯基穿着T恤的人类研究员出场了。他们会根据代码的功能对代码进行分类,例如密码窃取、伪造网页服务器、恶意软件下载器等等。随后他们对这段代码打上一个“特征指纹”用于以后的自动检测和识别。几分钟后,一个包含该特征指纹的软件更新就可以推送给卡巴斯基数以亿计的用户那里。

这就是为卡巴斯基带来年均6亿业务的核心。这其实跟美国本土的赛门铁克或麦咖啡没有什么区别。唯一不同的是在俄罗斯,像卡巴斯基这样的高科技企业必须要跟普京政权的昔洛斯基强硬派(siloviki)、军队、安全、司法部门以及克格勃专家合作。

俄罗斯联邦安全局(FSB),KGB的继承者,现在负责俄罗斯的信息安全,以及别的很多事情。它是这个国家顶级的反计算机犯罪斗士,但是同时也在帮助普京政府管理着巨大的电子监控网络。根据俄罗斯相关法律(PDF格式),FSB不仅可以要求任何一家通信公司安装“额外的软件或硬件”来帮助FSB进行窃听,还可以直接安插它自己的人进入通信公司工作。“俄罗斯企业生存要义第一条:跟siloviki搞好关系,”一位有名的俄罗斯技术部门成员如是说。

卡巴斯基说FSB从来没有要求在他的软件中插入代码或安插他们的人在公司中。但是这并不表示卡巴斯基和FSB是独立运作,互不往来的。恰恰相反,“公司的核心部分跟FSB有着很深的一腿,”一位内部人士说。当别的俄罗斯公司因为政府资金(外汇)限制而在国际业务上无法大展拳脚时,卡巴斯基表示从无压力。“政府给了他海外运作的特权,因为他的公司名列所谓的‘好企业(good companies)’中。”

紧挨着莫斯科病毒实验室的,是这家公司另外一项事业的大本营。这里聚集了一批卡巴斯基亲自在全球挑选的精英黑客,专门研究新的或罕见的计算机安全威胁。卡巴斯基称这个小组为全球研究和专家分析小组(GREAT)。我见到了这个小组的两位成员,在他们各自的办公室中。Sergei Golovanov带着方框眼镜,留着胡子,活像90年代新金属乐队视频中跳出来的一样。Aleks Gostev骨瘦如柴,眼圈黝黑。

在卡巴斯基的鼓励下,GREAT小组在帮助大公司和司法部门打击计算机犯罪方面日渐活跃。Gostev帮助微软关闭了Kelihos僵尸网络,这个僵尸网络在高峰期每天发送38亿封垃圾邮件。Golovanov花了几个月的时间跟踪Koobface gang,这个针对社交媒体的蠕虫网络给用户造成了超过700万美元的损失。

然而,与GREAT合作最密切的确实FSB。FSB以外包的形式与卡巴斯基合作,卡巴斯基员工作为一个非官方的小组参与俄罗斯安全部门工作。他们训练FSB特工进行电子取证分析,偶尔在一些case上亲自上马。在2007年,FSB特工带着从嫌疑犯哪里缴获的电脑、DVD、硬盘跑到卡巴斯基总部寻求帮助。“我们一个月没睡觉,”Golovanov说。最终,两个俄罗斯病毒制造者被逮捕,FSB的头头Nikolai Patrushev专门发邮件来对GREAT表示感谢。

卡巴斯基公共部门的工作已经不局限于俄罗斯。今年五月,Gostev和卡巴斯基被召集到国际通信联盟(ITU)的日内瓦总部,这是一个旨在促进互联网发展的联合国分支机构。这两个俄国人被带到ITU首席秘书Hamadoun Touré的办公室,得知一种未知病毒正在删除伊朗石油天然气部门的电脑数据。这距离Stuxnet摧毁伊朗的离心机已经过去了两年。Hamadoun Touré请求卡巴斯基给予帮助。

回到实验室,GREAT成员开始收集整理来自客户计算机的存档报告。

其中一个模块悄悄的打开了电脑的麦克风并进行了录音。第二个模块专门针对设计和结构图纸。第三个模块负责将收集到的信息上传到控制服务器。第四个模块,文件名叫做Flame,负责感染其它电脑。分析人员一共发现了20个模块——一个完整的线上情报收集工具箱。这是有史以来发现的最复杂、最大的间谍软件。处于对其感染模块的敬佩,研究人员把这个病毒命名为Flame。5月28日,一位卡巴斯基研究员宣布发现了Flame病毒。

研究人员说这个间谍软件非常复杂,超过了普通个人黑客或组织的开发能力。Flame应该是在由政府资助下的专业开发团队开发的。卡巴斯基公司称之为计算机武器,并认为其跟Stuxnet病毒有关系。

六月一日,纽约时报爆料说是白宫授意制作了Stuxnet病毒作为线上情报刺探的一部分并针对德黑兰进行了破坏活动。之后,在六月十九号,华盛顿邮报确认Flame病毒是美国政府针对伊朗的第二件武器。卡巴斯基发现并杀死了它。

对卡巴斯基来说,揭露Flame病毒显示出他的公司更大的抱负:在国际上阻止犯罪并维护和平。他说,恶意软件从恶作剧起源,演变成犯罪工具,发展到现在成为了主权国家的武器。而他和他的斗士们随着恶意软件的强大也变得更加有影响力。“我不是为了赚钱。钱就像是氧气一样:有自然最好,但不能成为你生活的目标,”他说,“我的目标是拯救世界。”

在他办公室地下有一个锁着的房间,卡巴斯基正在这个房间中进行着一项跟这个崇高抱负相关的秘密项目,连他的助手都被禁止进入。但是在与我相处一天并喝了几杯芝华士之后,他打开了门让我瞄了一下。这是一个工业控制系统,用来控制重机械的计算机,类似Stuxnet病毒攻击的那种系统(卡巴斯基实验室的研究人员相信Flame也是针对这个系统的)。卡巴斯基的团队正在悄悄的工作,尝试加强这类系统的安全性以抵御电子攻击——国家电网、监狱系统、污水站等基础设施都依赖工控系统。卡巴斯基的想法是增加类Stuxnet病毒攻击的难度。工控系统在设计的时候没有考虑安全性,所以这样工作的难度很大。但是一旦成功了,卡巴斯基看起来超出其公司角色的愿景就会变得更加可信。

同时,这总是会牵涉到政治。

卡巴斯基给人一种四处烧钱的粗人形象——一个什么都说,什么都做,什么都喝的有钱大亨。在亚洲,他在电视节目中跟成龙相互耍宝;在欧洲,卡巴斯基赞助法拉利方程式赛车,在都柏林的酒馆里跟博诺打滚;在俄罗斯,他为1500人举办新年晚会。最近的一次活动带有摇滚主题,卡巴斯基穿着哈雷夹克登上了舞台。去年夏天他带了30个人去了俄罗斯的勘察加半岛爬火山。接着是伪装成放荡酒会的卡巴斯基实验室大会(反过来说也对):在西班牙阳光海岸举办的“‘分析员’峰会”,在蒙特卡洛举办的“高级CEO论坛”,在赛布鲁斯举办的“媒体参观活动”,以及在坎昆举办的不知是什么主题的聚会。

这些活动可能让人觉得卡巴斯基跟那些无知的财阀没有什么两样,每天喝威士忌喝到烂醉,在电视里面装腔作势,真正的技术活当时手下在做。但是批评者忽略了一点:现在卡巴斯基致力于处理政治关系,他的种种怪行都和这个行动有关。每次去上海方程式赛车或是去伦敦网络空间会议都同时是接触外交家和政客的机会,增加他的公司影响力的机会。他的目标之一就是说服政策制定者按照他的意愿来重新制定互联网规则——同时,就像已经发生的那样,这更像是普京政府的意愿。

从一个会议厅到另一个会议厅,卡巴斯基不断的重申像Stuxnet或Flame这样的恶意软件应该像沙林毒气和武器级炭疽病毒一样被国际条约禁止。他认为互联网应该划分成不同的区域,在某些区域只有具备特定“电子护照”的人才能访问。这样,匿名黑客就无法获得敏感数据——例如原子能电站——的数据了。是的,这样做必须要求我们放弃自己的隐私,但是卡巴斯基争辩道,现在的互联网,广告公司、搜索引擎、政府机构一天到晚都在跟踪我们,我们本来就没有多少隐私的。“想要隐私就只能住到丛林里面或中西伯利亚去,”他在巴哈马群岛的一次会议中如是说。

互联网从一个纯研究人员的网络发展成全球的神经系统,很大程度上就在于其能够在任何地点访问任何资源,没有ID的限制。而开放、自由和匿名性根植于网络架构和网络文化之中。但是对于卡巴斯基来说,这些东西都不管用了:为了“保护我们的权利我们需要牺牲掉这些特点!我们牺牲掉这些来换取网上冲浪的安全并在任何时候都免于恶意软件的侵害。”

减少互联网隐私性的想法正得到许多部门的推动,这其中也有卡巴斯基游说的结果。在坎昆的会议中与他一同上台的是ITU的高级官员Alexander Ntoko。“为什么我们不能为每一个人发一个数字ID呢?”他问道,“当我进银行的时候我不会遮着自己的脸,为什么在网上就不一样了呢?”

ITU以前只是一个毫无生气的官僚机构,但是近年来俄罗斯和中国政府一直在推动其成为管理互联网的中心机构。目前的互联网有美国主导的非营利机构管理,负责协调域名及推动技术标准等。ITU希望将权利接管过来并代表各个不同的主权政府。互联网发明人之一Vint Cerf在国会听证是告诉国会这会“失去开放和自由的互联网,”因为这会将权利从技术人员手中转移到政府官僚机构中。ITU将在今年12月重新讨论实行了24年之后的互联网通信管理协定。

不管是否获得这样的权力,ITU都很乐意跟卡巴斯基结盟。当卡巴斯基在坎昆会议的几个月后拜访日内瓦ITU总部时,他不仅同意帮忙处理伊朗石油部遇到的病毒攻击,而且还告诉ITU首领Touré他很乐意在任何时候将他的研究人员调配过来帮忙进行调查。这是一个双赢的结果,卡巴斯基增加了他的影响力并可能发现下一个计算机武器;Touré和ITU则获得了一个私人的计算机安全团队。

但是卡巴斯基最紧密的政治关系还是在俄罗斯。作为这个国家最成功的技术企业家——以及俄罗斯在互联网事务上的发言人——卡巴斯基在自己的办公室招待了前任总统和现在的总理梅德韦杰夫。相应的,梅德韦杰夫任命卡巴斯基在俄罗斯公众院中任职,公众院负责监督国会。

卡巴斯基和莫斯科政府在计算机安全问题上的观点非常的相似。他们的合作已经超越了简单的数据安全保护。当卡巴斯基或克里姆林宫官员谈论线上威胁的责任时,他们说的不仅仅是限制恶意数据——他们还希望限制他们认为是恶意的信息,包括引发骚乱和暴动的言论和想法。

卡巴斯基无法阻止像Facebook或VK(原用名VKontakte)这样的俄罗斯本土社交媒体(在俄罗斯流行)。“(在社交媒体中)一个人可以通过虚假信息操纵他人,”他说,“而且(目前)还无法揪出这些人。这可能导致危险的事情发生。”他说尤其危险的是社交网络在从的黎波里到莫斯科的种种抗议活动中的角色,它使得博主Alexei Navalny成为最重要的异议分子领袖之一,而VK和LiveJournal这样的社交网络帮助成千上万的人涌向街头。卡巴斯基将这些事态的发展视为反政府力量为了“操作无知群众并改变公众观点”而发起的情报战。

前FSB首脑,现任普京首席安全顾问Nikolai Patrushev在这个问题上的观点与卡巴斯基近乎一致。在六月他告诉一个记者说外部势力正在网上持续不断的刺激着俄罗斯社会。“国外网站传播各种政治投机思想,引发了国内未授权的抗议活动,”他说。

俄罗斯政府和该国最著名的科技企业有着长期的相互支持关系,在计算机犯罪事务上合作并相互支持对方的政治议程。但是从2011年4月19号上午6点30分开始,卡巴斯基和俄国政府紧紧的交织在了一起。当时位于伦敦某酒店的卡巴斯基接到一个电话,手机显示是他二十岁儿子伊万的手机号,但是从电话那头传来的不是伊万的声音。一个中年男性口音很礼貌的告诉卡巴斯基:“我们绑架了你儿子。”

自从他儿子被绑架之后,尤金·卡巴斯基在俄罗斯境内旅行总有保镖伴随

卡巴斯基在表面上假装听到伊万被绑架这条消息时很镇定。他告诉绑匪他很困,让绑匪过一会儿再打给他——绑匪照办了,但是换了一个号码。卡巴斯基说自己在接受一个采访并让绑匪打了第三个电话。

这是一种拖延策略,为卡巴斯基联系上与他合作的安全官员,进而联系上FSB争取时间。一般而言俄罗斯情报局不管绑架解救这类的事情。但是伊万·卡巴斯基被绑架可不是一般的绑架。“我的第一反应是麻烦大了,第二个反应是赶紧联系FSB。第三个反应,我觉得他们愚蠢到胆敢针对我,”卡巴斯基说。“我百分之百肯定——好吧,百分之九十九肯定——FSB和警察会找到他们。我们跟FSB和莫斯科警署有非常好的关系,他们了解我们,就像知道所有支持他们的人一样。他们像疯了一样开始工作。”

当晚卡巴斯基就满眼血丝的回到了莫斯科。他艰难的度过了早晨的紧张时刻,手机每隔几分钟就响一次。当绑匪提出他们的要求时——三百万欧元,500元面值——他们不停地更换手机和SIM卡试图掩盖他们的行踪。但是每通电话都使得FSB距离绑匪又近了一步。

卡巴斯基一到莫斯科中心的警察局就由于紧张和精疲力尽而昏了过去。接下来的四天,他和他的前妻一直留在警察局等待消息,不停的在警察局的走廊徘徊。FSB和莫斯科警局通过电话呼叫记录将伊万的藏身地点锁定在城郊的一个小屋中。几天之后,FSB官员以支付赎金为由将绑匪引了出来,一枪不发的抓住了劫匪。伊万自由了,毫发无损,只是身上有点脏——小屋中没有自来水。“这可能是他这辈子唯一读书的日子,”伊万的妈妈娜塔莉亚·卡巴斯基见到儿子时调侃道。

起初,卡巴斯基公开的自责,觉得自己没有尽到保护家人的责任。但是不久他就将矛头指向了VK。他指责这个俄罗斯社交网络怂恿伊万公开自己的地址、电话号码,甚至在娜塔莉亚的InfoWatch公司实习的细节。“社交媒体不应该鼓励用户公开类似信息。如果社交网站索要了隐私信息,那么一旦信息泄露就应当受到刑事指控,”卡巴斯基在十月份接受俄罗斯RT电视台时说。作为克里姆林宫的喉舌,RT电视台将这番评论作为线上隐私已死的证据,并将其儿子被绑架的事件作为主要例子。

卡巴斯基绑架案最终变成了执政党的(宣传)工具。但是娜塔莉亚觉得把责任归结到VK是没意义的。“绑匪在社交网络上发现他的?非也。他们跟踪了我儿子一个月以上,知道他走什么路线,去哪里,联系谁,”她说。是的,伊万在网上贴了自己的地址——“一个假地址,废弃的老房子。”这根本不可能帮助绑匪找到他,她说。

那么,为什么尤金·卡巴斯基会谴责VK?或许他想让自己好受点,毕竟是自己儿子被绑架了。或许他把网上的假地址和真地址弄混了。不管是什么原因,最终他儿子的绑架事件变成了他攻击政敌的工具。

尤金·卡巴斯基现在在莫斯科保镖不离身。他搬到了一个带花园的双层房子中,房子四周被篱笆环绕,他解释说这样可以更好的保护他女朋友和襁褓中儿子的安全。环绕式阳台可以看到尚未解冻的莫斯科河和卡巴斯基总部新的五层大楼。向左看你可以看到卡巴斯基儿时的家:斯大林时代为劳改人员建的单间棚屋。

四月下旬的一个周日下午,卡巴斯基穿着周五穿过的廉价条纹衬衫抽着中国烟。他的妈妈——也住在这栋房子中——热了一点薄烤饼,打开了一瓶鱼子酱罐头。近距离的观察发现,卡巴斯基超级超级富豪和花花公子的形象,更象是一种(公众面前的)表演。实际上,他与俄罗斯的寡头保持着距离。对他来说(政治寡头)跟他追捕的电脑罪犯不是一类人。他认为自己参与政治是一种他没有理由抗拒的不得以的恶。卡巴斯基对政治活动和莫斯科放荡不羁的夜生活不感兴趣;他更倾向于坐飞机去参加学术讨论跟其它技术牛人讨论。当他去堪察加半岛这样的地方时,他总是带着员工或客户。“除了工作我没有什么朋友。”

当批评者认为卡巴斯基公司实际上是俄罗斯情报部门的虚拟武器时,他和他的员工坚持说他们与FSB的合作是有限的,虽然这看起来很难成立。他们争辩说使用自己的软件去偷窥用户会降低公司在全球范围的信誉;这就像一个小地方的锁匠晚上兼职做偷车贼一样。信誉是卡巴斯基实验室赢得订单的核心前提。如果没有这么多的客户,就没有卡巴斯基安全网络,没有已知威胁数据库,也没有办法得到感染机器的统计数据。

是的,卡巴斯基公开的站在克里姆林宫这边并为之摇旗呐喊。但是在普京统治下的俄罗斯,公司老板们不这么做的下场只有关门大吉并被投入监狱或被迫流亡。同时,你也不需要成为莫斯科的亲密伙伴,为减少网上的自由言论和线上隐私而卖力。许多西方官员也在这么做。直到2011年之前,意大利人在网吧使用Wi-Fi上网的时候还需要出示身份证。欧盟现在正在考虑是否在全欧洲大陆实行“电子认证”制度。英国首相戴维·卡梅隆在2011年伦敦骚乱之后也开始考虑是否在必要时关闭社交网站。美国前海军副司令米奇·麦康奈尔在华盛顿邮报撰文呼吁“需要重新改造互联网使得责任……更加容易管理。”他以前是国家情报局领导人——美国最大的间谍。

在很多方面,克里姆林宫和卡巴斯基实验室的关系,跟华盛顿和美国的大安全公司的关系类似。莫斯科给了卡巴斯基大把的票子让他保障政府网络的安全——就像五角大楼拿钱砸麦咖啡和赛门铁克一样。卡巴斯基帮助FSB打击网络犯罪;麦咖啡和赛门铁克跟FBI合作。卡巴斯基的员工要去俄罗斯国会国家杜马汇报,美国的研究人员是在国会和白宫。这些安全公司都成为各自国家保障网络安全和在全球范围内打击计算机犯罪的关键角色。

但是美国和俄罗斯的公司也有非常重要的不同。Stuxnet是美国政府为实现其地缘政治目标而发起的高度机密行动。但是美国自己的赛门铁克公司不管这些,(一视同仁的)搜寻并消灭它。你不可能发现克里姆林宫和卡巴斯基实验室会出现这么不一致的情况。

在2011年12月,卡巴斯基做了(跟赛门铁克公司)相反的事情而备受指责——忽略了带有明显政治意图的网络攻击犯罪行为。在俄罗斯国家杜马选举的前页,大规模的拒绝服务攻击迫使LiveJournal这样的社交媒体、俄罗斯生意人这样媒体网站、以及独立选举监督机构Golos下线。这次攻击的动机似乎是为了压制针对执政党的不利评论。但是卡巴斯基实验室——吹嘘自己的软件可以检测并组织DDoS攻击——否认了攻击的存在。“很奇怪,我们什么都没有发现耶,”卡巴斯基在其推特帐号上说。第二天他在自己的博客上说,其实我们发现了,但是我们猜测这些网站很多都是因为技术原因或因为太流行了(导致服务器招架不住)。

卡巴斯基否认自己否认DDoS攻击的存在是为了讨好执政党。(之后他说支持普京的网站也被攻击了。)但是Andrei Soldatov,一位网站(Agentura.ru)也被攻击了的“扒粪工”(译注:即专爆黑幕的记者,始于美国)对此有截然不同的看法:“我无法理解卡巴斯基不顾一切的企图站在克里姆林宫一边,这使他自己宣称自己是独立的技术专家的形象非常怪异。”

卡巴斯基的办公室里,有你能想象到的一个从小时候在棚屋长大如今穿梭世界各地的商业巨子所想拥有的所有东西:法拉利比赛夹克,卡巴斯基软件中国和德国的包装盒、提供外太空旅行的宇宙飞船2号模型(卡巴斯基已经买了船票)。有点下午,他走到一个小储物室中,找出一件带有他公司标志的实验室制服给我看。这件制服的旁边是新泽西网队的篮球套衫,这家球队被俄罗斯巨商Mikhail Prokhorov买下来了。在储物室很里面的位置我瞄到了一件深绿色的夹克外套,那是卡巴斯基在苏联军队的制服。衣服还跟新的一样,看起来还能在军队阅兵的时候穿。

许多俄罗斯商业巨头乐于利用跟克里姆林宫的关系以及腐败得利在全球市场上不公平竞争。卡巴斯基长久以来走的是不同的路。他是从普京统治下的俄罗斯走出来的国际企业家,而不是普京的企业家。卡巴斯基在经济和影响力上的成功是他在这条狭窄的道路上游刃有余的证明。但始终有一个问题:一个对莫斯科如此有价值的企业,真的可以保持独立么?在这个储物间中还有什么,是这个世界无法看到的?

我向前迈了几步想看看那件夹克。卡巴斯基关上了门。“没啥,”他一边说一边走出了房间。“走,喝一杯去。”

尤金·卡巴斯基:从苏联情报官到享誉全球的俄罗斯超级杀毒软件大亨之传奇故事早春二月,墨西哥坎昆的Ritz-Carlton酒店中聚集了大约六十个财务分析师、记者、外交官以及计算机安全专家。他们刚从前夜的酒会中清醒过来,挤在酒店的舞厅中。舞厅的正前方是一个巨大的屏幕,屏幕上是一个被准星瞄准的全球地图,坎昆在准星的中央。

一个胡子拉碴的红脸汉子跳上了舞台。他穿着一件皱巴巴的POLO衫,红色的太阳镜挂在头上,更像一个来错了地方的沙滩混混,而不是一个商业人士。但是实际上他是俄罗斯最富有的人——世界上富有争议的最重要的网络安全公司CEO。他叫尤金·卡巴斯基,他赞助了几乎会场的每一个人。“大家好,”他操着沙哑的俄罗斯口音为没能出席昨天的酒会活动道歉。他解释说过去的72小时中他从墨西哥飞到德国又从德国飞回来参加另外一个会议。“基辛格,麦凯恩,总统,政府总理都出席了,”他说,“我有一个小组讨论,意大利国防部长坐我左边,CIA前头头坐我右边。我当时感觉像是,‘哇,都是同行啊’。”

他确实是在吹牛,但是同时他可能低估了自己。意大利国防部长没有能力推断出罪犯或政府是否动了你的数据。卡巴斯基和他的公司,卡巴斯基实验室,却有这个能力。来自福布斯的数据显示2009年至2010年卡巴斯基反病毒软件的零售额提高了177个百分点,将近4500万一年——几乎是其对手赛门铁克和麦咖啡销售量之和。在全球范围内卡巴斯基的安全网络已经包括了5000万人,每当这些人下载一个新的软件时都会发送数据到莫斯科的卡巴斯基总部。微软、思科、Juniper网络公司都在自己的产品中内嵌了卡巴斯基的代码,为这个公司贡献了3亿用户。卡巴斯基在于病毒斗争的过程中逐渐坐上了业界领导者的位置。

这些还不是卡巴斯基的全部。2010年,一位研究人员发现了Stuxnet(震网)病毒。这是美国和以色列制造的、世界上第一个广为人知的计算机武器,毁掉了近千台伊朗离心机,这位研究人员现在为卡巴斯基工作。今年五月,卡巴斯基的反黑客专家发现了第二个计算机武器,命名为Flame(火焰)。这个病毒最终也被发现是么美以针对伊朗的武器。换句话说,卡巴斯基不仅仅是反病毒公司;他还是检测网络间谍活动的领导者。

对任何人来说,能够站在这样一个组织的顶端意味着相当大的权力。但是卡巴斯基的崛起格外引人注目——对于一些人来说是非常的不安——他受过克格勃(KGB)资助的训练,拥有苏联情报官终身职位,是普京政权的同盟,与俄罗斯联邦安全局(FSB)的错综复杂的关系。当然,这些经历没有一件在坎昆被提到。

(在坎昆)被谈及的是卡巴斯基对于互联网安全的未来的看法——以西方标准来看非常极端的看法。他的观点包括对某些线上活动发放电子护照并严格监控,并允许政府监管社交网络并组织抗议运动。“现在过于自由了,”卡巴斯基以Facebook为例说,“自由是好东西。但是坏人——他们可以滥用这种自由来操纵公众观点。”

这不是守护着我们如此多的电脑、平板、智能手机安全的人应该说出来的话。但这也是尤金·卡巴斯基矛盾的地方:他既是普金集权政权的帮凶,又肩负着数百万美国人电脑数据的安全;一个据说是退休了的情报官员,却还在整天揭露他国的秘密活动;他是开放和自由的互联网的重要存在,却不喜欢互联网这么自由。这就是影响力越来越大但又非常神秘的卡巴斯基的写照。

尤金·卡巴斯基是一个很聪明的孩子。16岁时获准进入克格勃支持的密码学、通信和计算机研究所进行为期五年的学习。1987年毕业之后被编入苏联军队担任情报官。直到四分之一世纪之后的今天,他仍然拒绝透露他在军队中的工作以及在研究所中学习的内容。“那是高度机密,所以我忘记了。”他说。

卡巴斯基更愿意谈论他在1989年第一次见到他的电脑被病毒感染的故事。那是一个叫做“瀑布”的恶作剧病毒,对计算机唯一的破坏就是让你屏幕上的字符像俄罗斯方块一样掉下来。(译注:1989年的计算机没有图形界面,一般都是命令行。)出于好奇,卡巴斯基保存了一份该病毒的副本并开始研究病毒的工作原理。几周之后他遇到了第二个病毒,接着是第三个。他的兴趣与日俱增。“对尤金来说,他有点上瘾了。”他的朋友Alexey De Mont De Rique说。每当出现一个新的病毒,卡巴斯基就会“坐在电脑前一动不动连续二十个小时,”尝试解剖病毒,De Mont De Rique回忆说。当时反病毒研究的圈子还很小,这位年轻的苏联情报官的名号迅速的响了起来。

在九十年代早期,卡巴斯基希望离开军队,将全部时间用于病毒研究。但是有一个小问题:“这几乎是不可能的,”他解释说。离开军队的方法只有进监狱、重病、以及证明自己彻头彻尾的无能。卡巴斯基原来在密码研究所的导师开了一个公司,从鞋子到电脑什么都卖,他有能力让卡巴斯基离开军队并雇用他。但是不知为何,卡巴斯基没有去。而卡巴斯基的老婆Natalya和De Mont De Rique很快就加入了卡巴斯基导师的公司。

1997年这三个人凑在了一起自己开起了反病毒公司。在当时他们的软件非常的先进,它是第一个实现了“沙盒”的网络安全软件,用于观察恶意软件的行为并将恶意软件与计算机其它部分隔离开来。它也是第一批将完整的病毒程序塞进病毒库中的反病毒软件。即使尤金与Natalya婚姻的失败也没有影响到这家初创公司的蓬勃发展。这对夫妇1998年离异,但是她还在公司负责销售和财务,而他则在“病毒实验室”关心研究病毒。“一般的分析员一天分析大概100个样本,”卡巴斯基首席研究员Aleks Gostev说,“尤金一天能搞300个。”

今天,卡巴斯基实验室拥有约200名病毒研究人员,小部分位于美国和中国,大部分都位于克里姆林宫西北六公里外的一个改造过的电子工厂中。在四月的一个晴朗早晨我来到那里参观。这座旧工厂更像是一个高中校园,到处是二十多岁纹了身的小伙子,从前苏联穿越到了这里。这所学校的偶像像是尤金本人。一些雇员穿着切·格瓦拉的衣服,但是头像换成了他们老板的头像。墙上挂着资深成员的黑白照片,里面的人像美洲的印第安人一样涂着油彩。“尤金——伟大的病毒猎手,”尤金·卡巴斯基的照片下写着这样的一行字,在照片中他握着弓箭。就在这个造成,卡巴斯基实验室受到了12,543封关于可疑程序的电子邮件,而公司累计收到的类似邮件多大780万封。

这些收集工作是自动进行的。当一个用户安装了卡巴斯基软件,它就会扫面你的每一个应用程序、文档、电子邮件,查找恶意行为的信号。它会删除检测到的已知的恶意软件,并在无法识别某个可疑的程序时,将程序副本加密发送到卡巴斯基服务器上——在用户同意加入卡巴斯基安全网络的前提下。基于云平台的系统自动的检查该副本是否在“白名单”或“黑名单”中。白名单包含了3亿个合法程序,黑名单中包含了9400万个已知的恶意程序。如果不在名单中,那么系统开始自动的分析程序的行为——例如看看这个程序是否会对计算机配置进行未授权的修改,或是连续不断的向一个远程服务器发送信息。少数情况下系统会对该副本束手无策,这时就轮到卡巴斯基穿着T恤的人类研究员出场了。他们会根据代码的功能对代码进行分类,例如密码窃取、伪造网页服务器、恶意软件下载器等等。随后他们对这段代码打上一个“特征指纹”用于以后的自动检测和识别。几分钟后,一个包含该特征指纹的软件更新就可以推送给卡巴斯基数以亿计的用户那里。

这就是为卡巴斯基带来年均6亿业务的核心。这其实跟美国本土的赛门铁克或麦咖啡没有什么区别。唯一不同的是在俄罗斯,像卡巴斯基这样的高科技企业必须要跟普京政权的昔洛斯基强硬派(siloviki)、军队、安全、司法部门以及克格勃专家合作。

俄罗斯联邦安全局(FSB),KGB的继承者,现在负责俄罗斯的信息安全,以及别的很多事情。它是这个国家顶级的反计算机犯罪斗士,但是同时也在帮助普京政府管理着巨大的电子监控网络。根据俄罗斯相关法律(PDF格式),FSB不仅可以要求任何一家通信公司安装“额外的软件或硬件”来帮助FSB进行窃听,还可以直接安插它自己的人进入通信公司工作。“俄罗斯企业生存要义第一条:跟siloviki搞好关系,”一位有名的俄罗斯技术部门成员如是说。

卡巴斯基说FSB从来没有要求在他的软件中插入代码或安插他们的人在公司中。但是这并不表示卡巴斯基和FSB是独立运作,互不往来的。恰恰相反,“公司的核心部分跟FSB有着很深的一腿,”一位内部人士说。当别的俄罗斯公司因为政府资金(外汇)限制而在国际业务上无法大展拳脚时,卡巴斯基表示从无压力。“政府给了他海外运作的特权,因为他的公司名列所谓的‘好企业(good companies)’中。”

紧挨着莫斯科病毒实验室的,是这家公司另外一项事业的大本营。这里聚集了一批卡巴斯基亲自在全球挑选的精英黑客,专门研究新的或罕见的计算机安全威胁。卡巴斯基称这个小组为全球研究和专家分析小组(GREAT)。我见到了这个小组的两位成员,在他们各自的办公室中。Sergei Golovanov带着方框眼镜,留着胡子,活像90年代新金属乐队视频中跳出来的一样。Aleks Gostev骨瘦如柴,眼圈黝黑。

在卡巴斯基的鼓励下,GREAT小组在帮助大公司和司法部门打击计算机犯罪方面日渐活跃。Gostev帮助微软关闭了Kelihos僵尸网络,这个僵尸网络在高峰期每天发送38亿封垃圾邮件。Golovanov花了几个月的时间跟踪Koobface gang,这个针对社交媒体的蠕虫网络给用户造成了超过700万美元的损失。

然而,与GREAT合作最密切的确实FSB。FSB以外包的形式与卡巴斯基合作,卡巴斯基员工作为一个非官方的小组参与俄罗斯安全部门工作。他们训练FSB特工进行电子取证分析,偶尔在一些case上亲自上马。在2007年,FSB特工带着从嫌疑犯哪里缴获的电脑、DVD、硬盘跑到卡巴斯基总部寻求帮助。“我们一个月没睡觉,”Golovanov说。最终,两个俄罗斯病毒制造者被逮捕,FSB的头头Nikolai Patrushev专门发邮件来对GREAT表示感谢。

卡巴斯基公共部门的工作已经不局限于俄罗斯。今年五月,Gostev和卡巴斯基被召集到国际通信联盟(ITU)的日内瓦总部,这是一个旨在促进互联网发展的联合国分支机构。这两个俄国人被带到ITU首席秘书Hamadoun Touré的办公室,得知一种未知病毒正在删除伊朗石油天然气部门的电脑数据。这距离Stuxnet摧毁伊朗的离心机已经过去了两年。Hamadoun Touré请求卡巴斯基给予帮助。

回到实验室,GREAT成员开始收集整理来自客户计算机的存档报告。

其中一个模块悄悄的打开了电脑的麦克风并进行了录音。第二个模块专门针对设计和结构图纸。第三个模块负责将收集到的信息上传到控制服务器。第四个模块,文件名叫做Flame,负责感染其它电脑。分析人员一共发现了20个模块——一个完整的线上情报收集工具箱。这是有史以来发现的最复杂、最大的间谍软件。处于对其感染模块的敬佩,研究人员把这个病毒命名为Flame。5月28日,一位卡巴斯基研究员宣布发现了Flame病毒。

研究人员说这个间谍软件非常复杂,超过了普通个人黑客或组织的开发能力。Flame应该是在由政府资助下的专业开发团队开发的。卡巴斯基公司称之为计算机武器,并认为其跟Stuxnet病毒有关系。

六月一日,纽约时报爆料说是白宫授意制作了Stuxnet病毒作为线上情报刺探的一部分并针对德黑兰进行了破坏活动。之后,在六月十九号,华盛顿邮报确认Flame病毒是美国政府针对伊朗的第二件武器。卡巴斯基发现并杀死了它。

对卡巴斯基来说,揭露Flame病毒显示出他的公司更大的抱负:在国际上阻止犯罪并维护和平。他说,恶意软件从恶作剧起源,演变成犯罪工具,发展到现在成为了主权国家的武器。而他和他的斗士们随着恶意软件的强大也变得更加有影响力。“我不是为了赚钱。钱就像是氧气一样:有自然最好,但不能成为你生活的目标,”他说,“我的目标是拯救世界。”

在他办公室地下有一个锁着的房间,卡巴斯基正在这个房间中进行着一项跟这个崇高抱负相关的秘密项目,连他的助手都被禁止进入。但是在与我相处一天并喝了几杯芝华士之后,他打开了门让我瞄了一下。这是一个工业控制系统,用来控制重机械的计算机,类似Stuxnet病毒攻击的那种系统(卡巴斯基实验室的研究人员相信Flame也是针对这个系统的)。卡巴斯基的团队正在悄悄的工作,尝试加强这类系统的安全性以抵御电子攻击——国家电网、监狱系统、污水站等基础设施都依赖工控系统。卡巴斯基的想法是增加类Stuxnet病毒攻击的难度。工控系统在设计的时候没有考虑安全性,所以这样工作的难度很大。但是一旦成功了,卡巴斯基看起来超出其公司角色的愿景就会变得更加可信。

同时,这总是会牵涉到政治。

卡巴斯基给人一种四处烧钱的粗人形象——一个什么都说,什么都做,什么都喝的有钱大亨。在亚洲,他在电视节目中跟成龙相互耍宝;在欧洲,卡巴斯基赞助法拉利方程式赛车,在都柏林的酒馆里跟博诺打滚;在俄罗斯,他为1500人举办新年晚会。最近的一次活动带有摇滚主题,卡巴斯基穿着哈雷夹克登上了舞台。去年夏天他带了30个人去了俄罗斯的勘察加半岛爬火山。接着是伪装成放荡酒会的卡巴斯基实验室大会(反过来说也对):在西班牙阳光海岸举办的“‘分析员’峰会”,在蒙特卡洛举办的“高级CEO论坛”,在赛布鲁斯举办的“媒体参观活动”,以及在坎昆举办的不知是什么主题的聚会。

这些活动可能让人觉得卡巴斯基跟那些无知的财阀没有什么两样,每天喝威士忌喝到烂醉,在电视里面装腔作势,真正的技术活当时手下在做。但是批评者忽略了一点:现在卡巴斯基致力于处理政治关系,他的种种怪行都和这个行动有关。每次去上海方程式赛车或是去伦敦网络空间会议都同时是接触外交家和政客的机会,增加他的公司影响力的机会。他的目标之一就是说服政策制定者按照他的意愿来重新制定互联网规则——同时,就像已经发生的那样,这更像是普京政府的意愿。

从一个会议厅到另一个会议厅,卡巴斯基不断的重申像Stuxnet或Flame这样的恶意软件应该像沙林毒气和武器级炭疽病毒一样被国际条约禁止。他认为互联网应该划分成不同的区域,在某些区域只有具备特定“电子护照”的人才能访问。这样,匿名黑客就无法获得敏感数据——例如原子能电站——的数据了。是的,这样做必须要求我们放弃自己的隐私,但是卡巴斯基争辩道,现在的互联网,广告公司、搜索引擎、政府机构一天到晚都在跟踪我们,我们本来就没有多少隐私的。“想要隐私就只能住到丛林里面或中西伯利亚去,”他在巴哈马群岛的一次会议中如是说。

互联网从一个纯研究人员的网络发展成全球的神经系统,很大程度上就在于其能够在任何地点访问任何资源,没有ID的限制。而开放、自由和匿名性根植于网络架构和网络文化之中。但是对于卡巴斯基来说,这些东西都不管用了:为了“保护我们的权利我们需要牺牲掉这些特点!我们牺牲掉这些来换取网上冲浪的安全并在任何时候都免于恶意软件的侵害。”

减少互联网隐私性的想法正得到许多部门的推动,这其中也有卡巴斯基游说的结果。在坎昆的会议中与他一同上台的是ITU的高级官员Alexander Ntoko。“为什么我们不能为每一个人发一个数字ID呢?”他问道,“当我进银行的时候我不会遮着自己的脸,为什么在网上就不一样了呢?”

ITU以前只是一个毫无生气的官僚机构,但是近年来俄罗斯和中国政府一直在推动其成为管理互联网的中心机构。目前的互联网有美国主导的非营利机构管理,负责协调域名及推动技术标准等。ITU希望将权利接管过来并代表各个不同的主权政府。互联网发明人之一Vint Cerf在国会听证是告诉国会这会“失去开放和自由的互联网,”因为这会将权利从技术人员手中转移到政府官僚机构中。ITU将在今年12月重新讨论实行了24年之后的互联网通信管理协定。

不管是否获得这样的权力,ITU都很乐意跟卡巴斯基结盟。当卡巴斯基在坎昆会议的几个月后拜访日内瓦ITU总部时,他不仅同意帮忙处理伊朗石油部遇到的病毒攻击,而且还告诉ITU首领Touré他很乐意在任何时候将他的研究人员调配过来帮忙进行调查。这是一个双赢的结果,卡巴斯基增加了他的影响力并可能发现下一个计算机武器;Touré和ITU则获得了一个私人的计算机安全团队。

但是卡巴斯基最紧密的政治关系还是在俄罗斯。作为这个国家最成功的技术企业家——以及俄罗斯在互联网事务上的发言人——卡巴斯基在自己的办公室招待了前任总统和现在的总理梅德韦杰夫。相应的,梅德韦杰夫任命卡巴斯基在俄罗斯公众院中任职,公众院负责监督国会。

卡巴斯基和莫斯科政府在计算机安全问题上的观点非常的相似。他们的合作已经超越了简单的数据安全保护。当卡巴斯基或克里姆林宫官员谈论线上威胁的责任时,他们说的不仅仅是限制恶意数据——他们还希望限制他们认为是恶意的信息,包括引发骚乱和暴动的言论和想法。

卡巴斯基无法阻止像Facebook或VK(原用名VKontakte)这样的俄罗斯本土社交媒体(在俄罗斯流行)。“(在社交媒体中)一个人可以通过虚假信息操纵他人,”他说,“而且(目前)还无法揪出这些人。这可能导致危险的事情发生。”他说尤其危险的是社交网络在从的黎波里到莫斯科的种种抗议活动中的角色,它使得博主Alexei Navalny成为最重要的异议分子领袖之一,而VK和LiveJournal这样的社交网络帮助成千上万的人涌向街头。卡巴斯基将这些事态的发展视为反政府力量为了“操作无知群众并改变公众观点”而发起的情报战。

前FSB首脑,现任普京首席安全顾问Nikolai Patrushev在这个问题上的观点与卡巴斯基近乎一致。在六月他告诉一个记者说外部势力正在网上持续不断的刺激着俄罗斯社会。“国外网站传播各种政治投机思想,引发了国内未授权的抗议活动,”他说。

俄罗斯政府和该国最著名的科技企业有着长期的相互支持关系,在计算机犯罪事务上合作并相互支持对方的政治议程。但是从2011年4月19号上午6点30分开始,卡巴斯基和俄国政府紧紧的交织在了一起。当时位于伦敦某酒店的卡巴斯基接到一个电话,手机显示是他二十岁儿子伊万的手机号,但是从电话那头传来的不是伊万的声音。一个中年男性口音很礼貌的告诉卡巴斯基:“我们绑架了你儿子。”

自从他儿子被绑架之后,尤金·卡巴斯基在俄罗斯境内旅行总有保镖伴随

卡巴斯基在表面上假装听到伊万被绑架这条消息时很镇定。他告诉绑匪他很困,让绑匪过一会儿再打给他——绑匪照办了,但是换了一个号码。卡巴斯基说自己在接受一个采访并让绑匪打了第三个电话。

这是一种拖延策略,为卡巴斯基联系上与他合作的安全官员,进而联系上FSB争取时间。一般而言俄罗斯情报局不管绑架解救这类的事情。但是伊万·卡巴斯基被绑架可不是一般的绑架。“我的第一反应是麻烦大了,第二个反应是赶紧联系FSB。第三个反应,我觉得他们愚蠢到胆敢针对我,”卡巴斯基说。“我百分之百肯定——好吧,百分之九十九肯定——FSB和警察会找到他们。我们跟FSB和莫斯科警署有非常好的关系,他们了解我们,就像知道所有支持他们的人一样。他们像疯了一样开始工作。”

当晚卡巴斯基就满眼血丝的回到了莫斯科。他艰难的度过了早晨的紧张时刻,手机每隔几分钟就响一次。当绑匪提出他们的要求时——三百万欧元,500元面值——他们不停地更换手机和SIM卡试图掩盖他们的行踪。但是每通电话都使得FSB距离绑匪又近了一步。

卡巴斯基一到莫斯科中心的警察局就由于紧张和精疲力尽而昏了过去。接下来的四天,他和他的前妻一直留在警察局等待消息,不停的在警察局的走廊徘徊。FSB和莫斯科警局通过电话呼叫记录将伊万的藏身地点锁定在城郊的一个小屋中。几天之后,FSB官员以支付赎金为由将绑匪引了出来,一枪不发的抓住了劫匪。伊万自由了,毫发无损,只是身上有点脏——小屋中没有自来水。“这可能是他这辈子唯一读书的日子,”伊万的妈妈娜塔莉亚·卡巴斯基见到儿子时调侃道。

起初,卡巴斯基公开的自责,觉得自己没有尽到保护家人的责任。但是不久他就将矛头指向了VK。他指责这个俄罗斯社交网络怂恿伊万公开自己的地址、电话号码,甚至在娜塔莉亚的InfoWatch公司实习的细节。“社交媒体不应该鼓励用户公开类似信息。如果社交网站索要了隐私信息,那么一旦信息泄露就应当受到刑事指控,”卡巴斯基在十月份接受俄罗斯RT电视台时说。作为克里姆林宫的喉舌,RT电视台将这番评论作为线上隐私已死的证据,并将其儿子被绑架的事件作为主要例子。

卡巴斯基绑架案最终变成了执政党的(宣传)工具。但是娜塔莉亚觉得把责任归结到VK是没意义的。“绑匪在社交网络上发现他的?非也。他们跟踪了我儿子一个月以上,知道他走什么路线,去哪里,联系谁,”她说。是的,伊万在网上贴了自己的地址——“一个假地址,废弃的老房子。”这根本不可能帮助绑匪找到他,她说。

那么,为什么尤金·卡巴斯基会谴责VK?或许他想让自己好受点,毕竟是自己儿子被绑架了。或许他把网上的假地址和真地址弄混了。不管是什么原因,最终他儿子的绑架事件变成了他攻击政敌的工具。

尤金·卡巴斯基现在在莫斯科保镖不离身。他搬到了一个带花园的双层房子中,房子四周被篱笆环绕,他解释说这样可以更好的保护他女朋友和襁褓中儿子的安全。环绕式阳台可以看到尚未解冻的莫斯科河和卡巴斯基总部新的五层大楼。向左看你可以看到卡巴斯基儿时的家:斯大林时代为劳改人员建的单间棚屋。

四月下旬的一个周日下午,卡巴斯基穿着周五穿过的廉价条纹衬衫抽着中国烟。他的妈妈——也住在这栋房子中——热了一点薄烤饼,打开了一瓶鱼子酱罐头。近距离的观察发现,卡巴斯基超级超级富豪和花花公子的形象,更象是一种(公众面前的)表演。实际上,他与俄罗斯的寡头保持着距离。对他来说(政治寡头)跟他追捕的电脑罪犯不是一类人。他认为自己参与政治是一种他没有理由抗拒的不得以的恶。卡巴斯基对政治活动和莫斯科放荡不羁的夜生活不感兴趣;他更倾向于坐飞机去参加学术讨论跟其它技术牛人讨论。当他去堪察加半岛这样的地方时,他总是带着员工或客户。“除了工作我没有什么朋友。”

当批评者认为卡巴斯基公司实际上是俄罗斯情报部门的虚拟武器时,他和他的员工坚持说他们与FSB的合作是有限的,虽然这看起来很难成立。他们争辩说使用自己的软件去偷窥用户会降低公司在全球范围的信誉;这就像一个小地方的锁匠晚上兼职做偷车贼一样。信誉是卡巴斯基实验室赢得订单的核心前提。如果没有这么多的客户,就没有卡巴斯基安全网络,没有已知威胁数据库,也没有办法得到感染机器的统计数据。

是的,卡巴斯基公开的站在克里姆林宫这边并为之摇旗呐喊。但是在普京统治下的俄罗斯,公司老板们不这么做的下场只有关门大吉并被投入监狱或被迫流亡。同时,你也不需要成为莫斯科的亲密伙伴,为减少网上的自由言论和线上隐私而卖力。许多西方官员也在这么做。直到2011年之前,意大利人在网吧使用Wi-Fi上网的时候还需要出示身份证。欧盟现在正在考虑是否在全欧洲大陆实行“电子认证”制度。英国首相戴维·卡梅隆在2011年伦敦骚乱之后也开始考虑是否在必要时关闭社交网站。美国前海军副司令米奇·麦康奈尔在华盛顿邮报撰文呼吁“需要重新改造互联网使得责任……更加容易管理。”他以前是国家情报局领导人——美国最大的间谍。

在很多方面,克里姆林宫和卡巴斯基实验室的关系,跟华盛顿和美国的大安全公司的关系类似。莫斯科给了卡巴斯基大把的票子让他保障政府网络的安全——就像五角大楼拿钱砸麦咖啡和赛门铁克一样。卡巴斯基帮助FSB打击网络犯罪;麦咖啡和赛门铁克跟FBI合作。卡巴斯基的员工要去俄罗斯国会国家杜马汇报,美国的研究人员是在国会和白宫。这些安全公司都成为各自国家保障网络安全和在全球范围内打击计算机犯罪的关键角色。

但是美国和俄罗斯的公司也有非常重要的不同。Stuxnet是美国政府为实现其地缘政治目标而发起的高度机密行动。但是美国自己的赛门铁克公司不管这些,(一视同仁的)搜寻并消灭它。你不可能发现克里姆林宫和卡巴斯基实验室会出现这么不一致的情况。

在2011年12月,卡巴斯基做了(跟赛门铁克公司)相反的事情而备受指责——忽略了带有明显政治意图的网络攻击犯罪行为。在俄罗斯国家杜马选举的前页,大规模的拒绝服务攻击迫使LiveJournal这样的社交媒体、俄罗斯生意人这样媒体网站、以及独立选举监督机构Golos下线。这次攻击的动机似乎是为了压制针对执政党的不利评论。但是卡巴斯基实验室——吹嘘自己的软件可以检测并组织DDoS攻击——否认了攻击的存在。“很奇怪,我们什么都没有发现耶,”卡巴斯基在其推特帐号上说。第二天他在自己的博客上说,其实我们发现了,但是我们猜测这些网站很多都是因为技术原因或因为太流行了(导致服务器招架不住)。

卡巴斯基否认自己否认DDoS攻击的存在是为了讨好执政党。(之后他说支持普京的网站也被攻击了。)但是Andrei Soldatov,一位网站(Agentura.ru)也被攻击了的“扒粪工”(译注:即专爆黑幕的记者,始于美国)对此有截然不同的看法:“我无法理解卡巴斯基不顾一切的企图站在克里姆林宫一边,这使他自己宣称自己是独立的技术专家的形象非常怪异。”

卡巴斯基的办公室里,有你能想象到的一个从小时候在棚屋长大如今穿梭世界各地的商业巨子所想拥有的所有东西:法拉利比赛夹克,卡巴斯基软件中国和德国的包装盒、提供外太空旅行的宇宙飞船2号模型(卡巴斯基已经买了船票)。有点下午,他走到一个小储物室中,找出一件带有他公司标志的实验室制服给我看。这件制服的旁边是新泽西网队的篮球套衫,这家球队被俄罗斯巨商Mikhail Prokhorov买下来了。在储物室很里面的位置我瞄到了一件深绿色的夹克外套,那是卡巴斯基在苏联军队的制服。衣服还跟新的一样,看起来还能在军队阅兵的时候穿。

许多俄罗斯商业巨头乐于利用跟克里姆林宫的关系以及腐败得利在全球市场上不公平竞争。卡巴斯基长久以来走的是不同的路。他是从普京统治下的俄罗斯走出来的国际企业家,而不是普京的企业家。卡巴斯基在经济和影响力上的成功是他在这条狭窄的道路上游刃有余的证明。但始终有一个问题:一个对莫斯科如此有价值的企业,真的可以保持独立么?在这个储物间中还有什么,是这个世界无法看到的?

我向前迈了几步想看看那件夹克。卡巴斯基关上了门。“没啥,”他一边说一边走出了房间。“走,喝一杯去。”

It’s early February in Cancun, Mexico. A group of 60 or so financial analysts, reporters, diplomats, and cybersecurity specialists shake off the previous night’s tequila and file into a ballroom at the Ritz-Carlton hotel. At the front of the room, a giant screen shows a globe targeted by crosshairs. Cancun is in the center of the bull’s-eye.

A ruddy-faced, unshaven man bounds onstage. Wearing a wrinkled white polo shirt with a pair of red sunglasses perched on his head, he looks more like a beach bum who’s lost his way than a business executive. In fact, he’s one of Russia’s richest men—the CEO of what is arguably the most important Internet security company in the world. His name is Eugene Kaspersky, and he paid for almost everyone in the audience to come here. “Buenos dias,” he says in a throaty Russian accent, as he apologizes for missing the previous night’s boozy activities. Over the past 72 hours, Kaspersky explains, he flew from Mexico to Germany and back to take part in another conference. “Kissinger, McCain, presidents, government ministers” were all there, he says. “I have panel. Left of me, minister of defense of Italy. Right of me, former head of CIA. I’m like, ‘Whoa, colleagues.’”

He’s bragging to be sure, but Kaspersky may be selling himself short. The Italian defense minister isn’t going to determine whether criminals or governments get their hands on your data. Kaspersky and his company, Kaspersky Lab, very well might. Between 2009 and 2010, according to Forbes, retail sales of Kaspersky antivirus software increased 177 percent, reaching almost 4.5 million a year—nearly as much as its rivals Symantec and McAfee combined. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. Microsoft, Cisco, and Juniper Networks all embed Kaspersky code in their products—effectively giving the company 300 million users. When it comes to keeping computers free from infection, Kaspersky Lab is on its way to becoming an industry leader.

But this still doesn’t fully capture Kaspersky’s influence. Back in 2010, a researcher now working for Kaspersky discovered Stuxnet, the US-Israeli worm that wrecked nearly a thousand Iranian centrifuges and became the world’s first openly acknowledged cyberweapon. In May of this year, Kaspersky’s elite antihackers exposed a second weaponized computer program, which they dubbed Flame. It was subsequently revealed to be another US-Israeli operation aimed at Iran. In other words, Kaspersky Lab isn’t just an antivirus company; it’s also a leader in uncovering cyber-espionage.

Serving at the pinnacle of such an organization would be a remarkably powerful position for any man. But Kaspersky’s rise is particularly notable—and to some, downright troubling—given his KGB-sponsored training, his tenure as a Soviet intelligence officer, his alliance with Vladimir Putin’s regime, and his deep and ongoing relationship with Russia’s Federal Security Service, or FSB. Of course, none of this history is ever mentioned in Cancun.

What is mentioned is Kaspersky’s vision for the future of Internet security—which by Western standards can seem extreme. It includes requiring strictly monitored digital passports for some online activities and enabling government regulation of social networks to thwart protest movements. “It’s too much freedom there,” Kaspersky says, referring to sites like Facebook. “Freedom is good. But the bad guys—they can abuse this freedom to manipulate public opinion.”

These are not exactly comforting words from a man who is responsible for the security of so many of our PCs, tablets, and smartphones. But that is the paradox of Eugene Kaspersky: a close associate of the autocratic Putin regime who is charged with safeguarding the data of millions of Americans; a supposedly-retired intelligence officer who is busy today revealing the covert activities of other nations; a vital presence in the open and free Internet who doesn’t want us to be too free. It’s an enigmatic profile that’s on the rise as Kaspersky’s influence grows.

Eugene Kaspersky was a bright kid. At 16 he was accepted to a five-year program at the KGB-backed Institute of Cryptography, Telecommunications, and Computer Science. After graduating in 1987, he was commissioned as an intelligence officer in the Soviet army. A quarter century after the fact, he still won’t disclose what he did in the military or what exactly he studied at the institute. “That was top-secret, so I don’t remember,” he says.

Kaspersky is more open about the day in October 1989 when a virus first infected his computer. It was a playful little thing called Cascade that made the characters on a PC screen tumble to the bottom like Tetris blocks. Curious, Kaspersky saved a copy of the virus on a floppy disk to study how the code worked. A couple of weeks later he encountered a second virus, and then a third. His interest grew with each discovery. “For Eugene, it was an addiction,” his friend Alexey De Mont De Rique says. Each time a new virus appeared, Kaspersky would “sit in front of the computer for 20 hours straight,” trying to pick it apart, De Mont De Rique recalls. In the small world of antivirus researchers, the Soviet officer quickly made a name for himself.

By the early ’90s, Kaspersky wanted out of the army so he could study viruses full-time. There was one small problem: “It was almost not possible,” he explains. The only way to get out was to go to jail, get sick, or prove yourself to be extremely incompetent. Kaspersky’s old instructor at the Institute of Cryptography had a company that sold everything from athletic shoes to PCs. Somehow—Kaspersky won’t answer questions about this either—the former professor was able to get Kaspersky a discharge and hire him. Kaspersky’s wife, Natalya, and De Mont De Rique soon joined him at the company.

In 1997 the three of them went into the antivirus business for themselves. Their software was advanced for the time. They were the first to allow users of Internet security software to watch malware operate in an isolated “sandbox,” quarantined from the rest of the computer; they were among the first to store entire programs in a virus database. The young company flourished even as Kaspersky’s marriage to Natalya fizzled. The couple divorced in 1998, but she continued to handle sales and finance while he worked in the “virus lab,” classifying new threats himself. “The typical analyst would process maybe 100 pieces of new malware a day,” says Aleks Gostev, one of Kaspersky’s top researchers. “Eugene would do 300.”

Today Kaspersky Lab employs about 200 virus researchers—some in the US and China, but the bulk of them in a converted electronics factory 6 miles northwest of the Kremlin. On a sunny April morning when I visit, the old factory feels more like a grad school, with tattooed twentysomethings from across the former Soviet Union roaming the curved halls. The school mascot seems to be Kaspersky himself. Some employees wear Che Guevara T-shirts—with the boss’s face replacing the revolutionary’s. On the walls are black-and-white photos of long-serving employees dressed in war paint and moccasins like Native Americans. “Eugene the Great Virus Hunter,” reads the caption under the CEO’s image—in which he’s drawing a bow and arrow. Some 12,543 emails about suspicious programs came into the company just this morning, bringing the grand total to nearly 7.8 million.

The accumulation happens automatically. When a user installs Kaspersky software, it scans every application, file, and email on the computer for signs of malicious activity. If it finds a piece of known malware, it deletes it. If it encounters a suspicious program or a message it doesn’t recognize—and the user has opted to be part of the Kaspersky Security Network—it sends an encrypted sample of the virus to the company’s servers. The cloud-based system automatically checks the code against a “whitelist” of 300 million software objects it knows to be trustworthy, as well as a “blacklist” of 94 million known malicious objects. If the code can’t be found on either of these lists, the system analyzes the program’s behavior—looking at whether it’s designed to make unauthorized changes to the computer’s configuration options, for example, or whether it constantly pings a remote server. Only in the rare instance that the system is stumped will one of Kaspersky’s T-shirt-clad virus researchers step in. They’ll characterize the code by function: password stealer, bogus web page server, downloader of more malicious programs. Then they’ll suggest a “signature” that can be used to spot and filter out the malware in the future. In just minutes, a software update that incorporates these new signatures can be pushed out to Kaspersky’s tens of millions of users.

This is the core of the $600-million-a-year business that grew out of Kaspersky’s virus hobby. It’s really not all that different from the way US security companies like Symantec or McAfee operate globally. Except for the fact that in Russia, high tech firms like Kaspersky Lab have to cooperate with the siloviki, the network of military, security, law enforcement, and KGB veterans at the core of the Putin regime.

The FSB, a successor to the KGB, is now in charge of Russia’s information security, among many other things. It is the country’s top fighter of cybercrime and also operates the government’s massive electronic surveillance network. According to federal law number 40-FZ (.pdf), the FSB can not only compel any telecommunications business to install “extra hardware and software” to assist it in its operations, the agency can assign its own officers to work at a business. “Rule number one of successful companies here is good relations with the siloviki,” says one prominent member of Russia’s technology sector.

Kaspersky says the FSB has never made a request to tamper with his software, nor has it tried to install its agents in his company. But that doesn’t mean Kaspersky and the security agency operate at arm’s length. Quite the opposite: “A substantial part of his company is intimately involved with the FSB,” the tech insider says. While the Russian government has used currency restrictions to cripple a firm’s international business in the past, Kaspersky faces no such interference. “They give him carte blanche for his overseas operations, because he’s among the so-called good companies.”

Next door to the Moscow virus lab is the home base for another arm of the operation—a team of elite hackers from around the world that Kaspersky hand-selected to investigate new or unusual cybersecurity threats. Kaspersky calls this his Global Research and Expert Analysis Team—GREAT, for short. Two of them are waiting for me in their office. Sergei Golovanov sports rectangular glasses and a beard out of a ’90s nu-metal video. Aleks Gostev is skinny as a rope and has dark circles under his eyes.

With Kaspersky’s encouragement, GREAT has become increasingly active in helping big companies and law enforcement agencies track down cybercriminals. Gostev assisted Microsoft in its takedown of the Kelihos botnet, which churned out 3.8 billion pieces of spam every day at its peak. Golovanov spent months chasing the Koobface gang, which suckered social media users out of an estimated $7 million.

One of GREAT’s frequent partners in fighting cybercrime, however, is the FSB. Kaspersky staffers serve as an outsourced, unofficial geek squad to Russia’s security service. They’ve trained FSB agents in digital forensic techniques, and they’re sometimes asked to assist on important cases. That’s what happened in 2007, when agents showed up at Kaspersky HQ with computers, DVDs, and hard drives they had seized from suspected crooks. “We had no sleep for a month,” Golovanov says. Eventually two Russian virus writers were arrested, and Nikolai Patrushev, then head of the FSB, emailed the team his thanks.

Kaspersky’s public-sector work, however, goes well beyond Russia. In May, Gostev and Kaspersky were summoned to the Geneva headquarters of the International Telecommunication Union, the UN body charged with encouraging development of the Internet. The Russians were ushered into the office of ITU secretary-general Hamadoun Touré, where the Soviet-educated satellite engineer told them that a virus was erasing information on the computers of Iran’s oil and gas ministry. This was coming just two years after the discovery of the Stuxnet worm, which had damaged Iran’s centrifuges. Touré asked Kaspersky to look into it.

Back at the lab, analysts from GREAT began combing through archived reports from customers’ machines. One file name stood out: ~DEB93D.tmp. The virus was eventually found on 417 customers’ computers—398 of which were in the Middle East, including 185 in Iran. Some machines had been infected since 2010, but the file had never been deeply analyzed. The researchers were able to isolate one piece of the malicious code—and then another and another.

One module of the software surreptitiously turned on a machine’s microphone and recorded any audio it captured. A second collected files, especially design and architectural drawings. A third uploaded captured data to anonymous command-and-control servers. A fourth module, with the file name Flame, infected other computers. The analysts discovered about 20 modules in all—an entire toolkit for online espionage. It was one of the biggest, most sophisticated pieces of spyware ever discovered. In honor of the transmission program, the researchers called it Flame. On May 28, a Kaspersky analyst announced what the team had found.

The spyware was too complex for simple crooks or hacktivists, the researchers said. Flame had been coded by professionals, almost certainly at a government’s behest. The company called it a cyberweapon and speculated that it was related to Stuxnet.

On June 1, The New York Times revealed for the first time that the White House had, in fact, ordered the deployment of Stuxnet as part of a sophisticated campaign of cyberespionage and sabotage against Tehran. Then, on June 19, The Washington Post was able to confirm that Flame was yet another part of this shadow war against Iran. Kaspersky had outed—and in effect killed—it.

For Kaspersky, exposing Flame reflects his company’s broader ambition: to serve as a global crime-stopper and peacekeeper. Malware has evolved from a nuisance to a criminal tool to an instrument of the state, he says, so naturally he and his malware fighters have grown in stature and influence too. “My goal is not to earn money. Money is like oxygen: Good idea to have enough, but it’s not the target,” he says. “The target is to save the world.”

In a locked room down the hall from his office, Kaspersky is working on a secret project to fulfill that lofty ambition. Not even his assistant has been allowed inside. But after we’ve spent a day together—and knocked back a few shots of Chivas 12—he unlocks the door and offers me a peek. It’s an industrial control system, a computer for operating heavy machinery, just like the ones that Stuxnet attacked (and, Kaspersky researchers believe, Flame may also have targeted). Kaspersky’s team is quietly working on new ways to harden these systems against cyberattack—to protect the power grids and prisons and sewage plants that rely on these controllers. The idea is to make future Stuxnets harder to pull off. The controllers haven’t been engineered with security in mind, so the project is difficult. But if it succeeds, Kaspersky’s seemingly outsize vision of his company’s role in the world might become a little less outlandish.

In the meantime, there’s always politics.

Kaspersky has cultivated the image of a wild man with cash to burn—the flamboyant say-anything, do-anything, drink-anything gazillionaire. In Asia, he’s clowned around in TV commercials with Jackie Chan. In Europe, Kaspersky sponsors the Ferrari Formula One team and goes on Dublin pub crawls with Bono. Back in Russia, he throws New Year’s parties for 1,500. The most recent one had a rock-and-roll theme; Kaspersky took the stage in a Harley jacket. Last summer he took some 30 people to Russia’s Kamchatka Peninsula for a volcano-hiking excursion. Then there are the Kaspersky Lab conferences disguised as boozy getaways (or perhaps vice versa): the “analysts’ summit” on Spain’s Costa del Sol, the “VIP executive forum” in Monte Carlo, the “press tour” in Cyprus, the whatever-it-was thing in Cancun.

All of this might lead some to dismiss Kaspersky as a dilettante plutocrat who drinks single-malt and gets made up for TV while his employees do the real technical work. But the critics would be missing the point: One of the systems Kaspersky is now trying to hack is politics, and his antics are part of the act. Every trip to Shanghai’s Formula One race or the London Conference on Cyberspace is another chance to court diplomats and politicians, another chance to extend his company’s influence. And one of his goals is to persuade policymakers to refashion the Internet into something more to his liking—and, as it happens, something more to the liking of the Putin government as well.

In one hotel ballroom after another, Kaspersky insists that malware like Stuxnet and Flame should be banned by international treaty, like sarin gas or weaponized anthrax. He argues that the Internet should be partitioned and certain regions of it made accessible only to users who present an “Internet passport.” That way, anonymous hackers wouldn’t be able to get at sensitive sites—like, say, nuclear plants. Sure, it might seem like we’d be sacrificing some privacy online. But with all the advertisers, search engines, and governments tracking us today, Kaspersky argues, we don’t really have any privacy left anyway. “You can have privacy if you live somewhere in the jungle or the middle of Siberia,” he recently told a confab in the Bahamas.

The Internet grew from a network of researchers to the global nervous system in large part because practically anyone was able to access any part of it from anywhere—no ID needed. And the values of openness, freedom, and anonymity became deeply embedded in net culture and in the very architecture of the network itself. But to Kaspersky, these notions no longer work: By “protecting our right to freedom we actually sacrifice it! We sacrifice the right to safe Internet surfing and to not get infected by some nasty piece of malware at every step.”

The idea of stripping some amount of privacy from the Internet is gaining traction in many sectors, thanks at least in small part to Kaspersky’s lobbying. In Cancun, he was joined onstage by Alexander Ntoko, a top official at the International Telecommunication Union. “Why don’t we have digital IDs as a de facto for everybody?” he asks. “When I’m going to my bank, I’m not going to cover my face.” In other words, why should things be any different online?

The ITU was once a bureaucratic backwater. In recent years, however, the Russian and Chinese governments have been pushing to give the agency a central role in governing the Internet. Instead of the US-dominated nonprofits that currently coordinate domain names and promote technical standards, they want to turn authority over to a gathering of national governments represented by the ITU. It’s a move that one of the Internet’s creators, Vint Cerf, told Congress risks “losing the open and free Internet,” because it would transfer power from geeks to government bureaucrats. The ITU is set to revisit the 24-year-old treaty governing international telecommunications in December.

Whether or not it secures this power, the ITU has found a willing ally in Kaspersky. When he traveled to ITU headquarters in Geneva, a few months after Cancun, Kaspersky not only agreed to look into the attacks on the Iranian oil ministry, he also told ITU chief Touré that he would assign some of his top researchers to be on call to help the organization with any future investigations. It’s a good deal for both men. Kaspersky gets to extend his influence—and maybe catch the next big cyberweapon. Touré and the ITU get a personal cybersecurity team.

But Kaspersky’s closest political ties remain in Russia. As one of his country’s most successful technology entrepreneurs—and, in many ways, Russia’s spokesman for all things Internet—Kaspersky has hosted former president and current prime minister Dmitry Medvedev in his offices (see video below); Medvedev, in turn, appointed Kaspersky to serve in Russia’s Public Chamber, which is charged with monitoring the parliament.

Kaspersky and the Moscow government have espoused strikingly similar views on cybersecurity. This goes beyond the security industry’s basic mission of keeping data safe. When Kaspersky or Kremlin officials talk about responses to online threats, they’re not just talking about restricting malicious data—they also want to restrict what they consider malicious information, including words and ideas that can spur unrest.

Kaspersky can’t stand social networks like Facebook or its Russian competitor, VK (formerly known as VKontakte). “People can manipulate others with the fake information,” he says, “and it’s not possible to find who they are. It’s a place for very dangerous action.” Especially dangerous, he says, is the role of social networks in fueling protest movements from Tripoli to Moscow, where blogger Alexei Navalny has emerged as perhaps the most important dissident leader and sites like VK and LiveJournal have helped bring tens of thousands of people into the streets. Kaspersky sees these developments as part of a disinformation campaign by antigovernment forces to “manipulate crowds and change public opinion.”

Nikolai Patrushev—the former FSB chief who now serves as Putin’s top security adviser—makes a nearly identical case. In June he told a reporter that outside forces on the Internet are constantly creating tensions within Russian society. “Foreign sites are spreading political speculation, calls to unauthorized protests,” he says.

Russia’s government and its most famous technology entrepreneur have long had each other’s backs, cooperating on cybercrime investigations and supporting each other’s political agendas. But the two became utterly intertwined at 6:30 in the morning on April 19, 2011, when Kaspersky’s cell phone rang in his London hotel room. According to the caller ID, it was Ivan, Kaspersky’s 20-year-old son. But the voice on the other end was not Ivan. It was an older man who politely told Kaspersky: “We’ve got your son.”

Outwardly, Kaspersky didn’t react to the news of Ivan’s kidnapping. He said he was tired and asked the caller to ring him back later in the morning—which the caller did, from another number. This time, Kaspersky said he was in an interview and told the guy to make a third call.

It was a ploy, a stall for time while Kaspersky hurriedly reached out to his corporate security manager, who reached out to the FSB. Ordinarily the Russian intelligence service isn’t in the business of freeing kidnap victims. But Ivan Kaspersky wasn’t your average abductee. “My first thought was that this is serious. Second, immediately call the FSB. And third, they are stupid to attack me,” Kaspersky says. “I was 100 percent sure—well, 99 percent sure—that FSB and police would find them. We have very good relations with both the FSB cybersecurity department and the Moscow police department. They know us. They know us as people who support them when they need it. They started to work like crazy.”

That night Kaspersky took the red-eye back to Moscow. He plodded his way through the morning rush hour, his phone ringing every few minutes. As the kidnappers made their demands—3 million euros in denominations of 500—they tried to cover their tracks, switching cell phones and SIM cards constantly. But with every call, the kidnappers were giving the FSB more data to track them down.

Kaspersky arrived at a police station in central Moscow and promptly passed out from anxiety and exhaustion. He and his ex-wife stayed there for the next four days, pacing the halls while the FSB pored through call records and the Moscow cops staked out a suburban cabin where they believed Ivan was being held. After a few days, the officers lured the kidnappers out of the house with the promise of a ransom payment. They were captured without a shot. Ivan was freed, a little grimy—there was no running water in the cabin—but otherwise fine. “It was probably the only period in his life when he was reading books,” jokes his mother, Natalya Kaspersky, who met him at the scene.

At first, Kaspersky publicly blamed himself for not adequately protecting his family. But later he started blaming something else: VK. Kaspersky said that the Russian social network had tempted Ivan into posting his address, phone number, even details of his internship at InfoWatch, Natalya’s security company. “Social networks shouldn’t encourage users to post that sort of information. If a site asks for private information, then criminal charges should be brought against it in the event of a leak,” Kaspersky told Russia’s RT television channel in October. Widely viewed as a Kremlin propaganda outlet, RT aired the remarks as part of a documentary on the death of online privacy and the dangers of social networks, with Ivan’s kidnapping as a primary example. The program encouraged people to protect themselves by dropping offline completely. As it happened, the documentary ran just as online opposition to the ruling party was starting to bubble up. In the months that followed, top bloggers and activists were detained by the government, and the FSB tried (unsuccessfully) to force VK to purge the pages of some groups from its network.

The Kaspersky kidnapping ended up being a tool for the ruling party. But according to Natalya, the whole kidnapped-because-of-VK story is nonsense. “They found him on social networks? It’s not true. They followed him for a month or more. They knew all his ways, where he is going, whom he contacts,” she says. Yes, Ivan posted an address online—”a false address from an old house.” There’s no way, she says, that this helped the kidnappers.

So why did Eugene Kaspersky publicly blame VK? Perhaps Kaspersky simply let his emotions get the better of him—his son had been kidnapped, after all. Perhaps he mistook the fake address Ivan posted for a real one. Whatever the reason, in the end, the son’s kidnapping became a way to attack the father’s political foes.

Eugene Kaspersky now travels in Moscow with a team of bodyguards. He moved to a duplex in a gated community bordering a park—better for keeping his girlfriend and their infant son safe, he explains. A wraparound balcony overlooks the still-frozen Moskva River and the site of Kaspersky Lab’s new five-story headquarters. To the left you can almost see Kaspersky’s childhood home: a one-room shack originally built for prison laborers in the Stalin era.

It’s an early Sunday afternoon in late April. Kaspersky, smoking a Chinese cigarette, is wearing the same bargain-rack striped shirt he was wearing Friday. His mother, who also lives in the complex, heats up blintzes and opens some canned caviar. Up close it becomes clear that Kaspersky’s image as a mega-rich, hyperconnected playboy is mostly an act. In truth, he stays away from Russia’s oligarchs, whom he sees as little different from the cybercrooks he chases. He views his move into politics as a necessary evil, an offer he’s in no position to refuse. Kaspersky doesn’t bother with political rallies or Moscow’s famously immoderate nightlife; he’d rather be in an airplane seat on his way to some conference to share ideas with other technophiles. When he goes to places like Kamchatka, he says, he takes employees or clients. “I don’t have any friends outside of work.”

While critics assume that Kaspersky’s company is a virtual arm of Russian intelligence, he and his staff insist, not unconvincingly, that their work with the FSB has its limits. They argue that using its software to spy on users would undermine the company’s credibility worldwide; it would be like the local locksmith moonlighting as a cat burglar. That credibility is at the heart of Kaspersky Lab’s business. Without lots of customers, there would be no Kaspersky Security Network, no database of known threats or tally of infected machines.

Yes, Kaspersky publicly touts a Kremlin-friendly line. But in Putin’s Russia, executives who neglect to do so have a disturbing habit of winding up in jail or being forced into exile. Besides, you don’t need to be a Moscow crony to push against free speech and privacy online. Plenty of Western officials are doing that too. Until 2011, Italians had to present their ID cards before using Wi-Fi at an Internet café. The European Commission is now mulling a continent-wide system of “electronic authentication.” British prime minister David Cameron contemplated cracking down on social media after the 2011 London riots. And retired US vice admiral Mike McConnell wrote in The Washington Post about the “need to reengineer the Internet to make attribution … more manageable.” He previously served as US director of national intelligence—America’s top spy.

In many ways, the relationship between the Kremlin and Kaspersky Lab is the same as the one between Washington and the big US security companies. Moscow gives millions to Kaspersky to help secure government networks—much as the Pentagon pours millions into contracts with McAfee and Symantec. Kaspersky helps the FSB track down cybercrooks; McAfee and Symantec work with the FBI. Kaspersky employees brief the Duma, Russia’s parliament; American researchers brief Congress and the White House. These security firms have all become key players in their home countries’ network defenses and in cybersecurity investigations worldwide.

But while the American and Russian companies are similar, there are important differences. Stuxnet was a highly classified US operation serving one of the government’s top geopolitical goals. Symantec, a US company, went after it anyway. It’s hard to find a similar case of Kaspersky and the Kremlin working at cross-purposes.

In December 2011, Kaspersky came under criticism for appearing to do the opposite—ignoring an act of online criminality when it was politically convenient. On the eve of Russia’s parliamentary elections, massive denial-of-service attacks brought down social networks like LiveJournal, media outlets like Kommersant.ru, and the independent election watchdog Golos. It seemed to be a politically motivated hit on potential opponents and critics of the ruling regime. Yet Kaspersky Lab—which boasts that its software can spot and fight DDoS attacks—denied the existence of any such activity. “We detected none. Very strange,” Kaspersky tweeted. The next day he wrote on his blog that the attacks actually had been detected, but he speculated that many of the sites were victims of technical problems or perhaps their own popularity.

Kaspersky denies that he blew off the DDoS attacks in an attempt to curry favor with the ruling powers. (Then he claims that pro-Putin sites got hit by the online strikes as well.) But Andrei Soldatov, a muckraking investigative journalist whose Agentura.ru site was hammered in the attacks, has a very different view: “I cannot explain Kaspersky’s ignorance by anything but conscious intention to take the Kremlin’s side, a position very weird for the independent expert he claims to be.”

Kaspersky’s office has just the trappings you’d expect for someone who rose from a kid in a shack to become a continent-hopping mogul: a Ferrari racing jacket, boxes of his software in Chinese and German, a model of SpaceShipTwo, the aircraft that’s going to fly well-heeled tourists to the edge of the atmosphere (Kaspersky already has a $200,000 ticket). Late one afternoon, he reaches into a small closet and pulls out a lab coat with his company’s logo to show me. Behind that is a basketball jersey from the New Jersey Nets, the NBA team owned by Russian billionaire Mikhail Prokhorov. At the very back of the closet I glimpse the dark green dress jacket from Kaspersky’s Soviet Army uniform. The garment is in pristine condition; it looks like it could still be worn in a military parade.

There are plenty of Russian magnates content to use their Kremlin connections and corruption-fueled profits to bully and buy their way into the global arena. Kaspersky has long tried to play a different game: He’s an international entrepreneur and thinker who is from Putin’s Russia, but not of it. Kaspersky’s financial success and influence is a testament to how skillfully he has walked this fine line. Yet the questions endure: Can a company so valuable to Moscow’s government ever be truly independent of it? And what else is hidden in the back of the closet, that the rest of the world can’t see?

I go in for a closer look at the jacket. Kaspersky shuts the door. “It’s nothing,” he says, walking out of the room. “Let’s find a drink.”


关键字: 卡巴斯基 科技行业 杀毒软件
分享到: