Bloomberg reports: The previously unreported emails, from October 2009, are from a thread between Eugene Kaspersky and senior staff. In Russian, Kaspersky outlines a project undertaken in secret a year earlier “per a big request on the Lubyanka side,” a reference to the FSB offices. Kaspersky Lab confirmed the emails are authentic.
The software that the CEO was referring to had the stated purpose of protecting clients, including the Russian government, from distributed denial-of-service (DDoS) attacks, but its scope went further. Kaspersky Lab would also cooperate with internet hosting companies to locate bad actors and block their attacks, while assisting with “active countermeasures,” a capability so sensitive that Kaspersky advised his staff to keep it secret.
“The project includes both technology to protect against attacks (filters) as well as interaction with the hosters (‘spreading’ of sacrifice) and active countermeasures (about which, we keep quiet) and so on,” Kaspersky wrote in one of the emails.
“Active countermeasures” is a term of art among security professionals, often referring to hacking the hackers, or shutting down their computers with malware or other tricks. In this case, Kaspersky may have been referring to something even more rare in the security world. A person familiar with the company’s anti-DDoS system says it’s made up of two parts. The first consists of traditional defensive techniques, including rerouting malicious traffic to servers that can harmlessly absorb it. The second part is more unusual: Kaspersky provides the FSB with real-time intelligence on the hackers’ location and sends experts to accompany the FSB and Russian police when they conduct raids. That’s what Kaspersky was referring to in the emails, says the person familiar with the system. They weren’t just hacking the hackers; they were banging down the doors. [Continue reading…]