Kaspersky Lab launches a PR campaign
Kaspersky is popular in Russia, less so elsewhere. Vladimir
Putin called the cybersecurity company’s founder, Eugene Kaspersky, Russia’s
answer to Elon Musk. The KGB-trained software expert founded the company (then
known as Kaspersky Lab) in 1997; it became one of the most popular antivirus
program providers in the world.
Recently, it has had a rough ride. The U.S. has banned its
software for government use. The European Parliament demanded that EU
institutions stop using the company’s products. Some other countries have taken
similar steps.
Now Kaspersky is pushing back, with what it calls its “Cyber
Security Capacity Building Programme” (a term used eight years ago for a
British Foreign Office initiative). The target audiences of the new project are
state agencies, national cybersecurity regulators, as well as academia, the
media, and information security community experts.
In the Baltic states, Kaspersky is promoted intensively in
articles published on popular online news portals. Topics include how to
increase your personal IT-resilience; how to care about elderly people going
online as a result of self-isolation; how to protect children having
online-learning; how to disinfect your smartphone or to have a safe Zoom
meeting. None of the articles were marked as sponsored content or as
commercials.
Lithuania’s public service portal LRT, for example, gave
advice on online safety based exclusively on Kaspersky expertise, quoting the
company’s specialists in three articles within the last few months. Lithuania
is the only country among the Baltic states that has named Kaspersky as a
potential national security threat. The decision to cancel the use of Kaspersky
for critical importance infrastructure came at the same time as in the U.S.
Mindaugas Jackevičius, editor-in-chief of LRT portal, says
publishing these articles was a mistake to be learned from. A young journalist
was trapped by good PR: “they take ‘innocent’ topics and prepare high-quality
production,” says Jackevičius.
An even more striking example was from Latvia, where on
April 18, Delfi, the country’s most popular portal, published an opinion piece
written by Eugene Kaspersky himself, inviting doctors and health care
organizations to take up a special covid-19 related package, which offers the
company’s products with a free six-month license. Kaspersky underlined the
vulnerabilities of healthcare systems to cyber attacks, and recent breaches
suffered by medical organizations, including in the U.S.
Last December Delfi.lv published a series of advertisements
made for Kaspersky featuring Latvian influencers. Delfi’s editor-in-chief in
Latvia, Ingus Bērziņš, insists that the company has strictly divided commercial
and editorial content. In regards to publishing the Kaspersky op-ed he says
editorial decision making did not include reacting to a hypothetical security threat.
The threat is serious, says Jānis Kažociņš, national
security adviser to Latvia’s president and the former chief of the country’s
foreign intelligence service. He notes that individuals’ medical data can
reveal physical, psychiatric, or emotional vulnerabilities that can be used by
hostile intelligence services or for criminal purposes. These might be
exploited either directly against a person (for blackmail) or indirectly
(against an individual’s friends, colleagues, or family). Medical data should be
protected like security-vetting information, he says. “particularly in the case
of those with security clearances or in key appointments.”
Bearing in mind the close and unavoidable association in
undemocratic states between business, government, intelligence services, and
organized crime, Kažociņš says the use of data protection services from
countries such as China and Russia should be viewed as a serious threat. Giving
a hostile foreign state access to these data, in short, is as risky as giving a
Chinese technology giant like Huawei a role in the next-generation 5G mobile
data network.
A representative of Latvia’s CERT (the institution that
deals with cyber-emergencies), Līga Besere, says that just as individuals must
be able to evaluate online risks, medical companies should also be able to
evaluate advantages and disadvantages of any offer, including Kaspersky’s.
The issue is seen differently in Estonia. Lauri Aasmann,
Director of Cyber Security at the Estonian Information Systems Authority, says
public authorities and companies providing critical services have been advised
to consider the risks involved in using any software, including antivirus
software. “We have also pointed out that there have been security concerns over
Kaspersky products,” he says, referring to a trial when an ex-NSA hacker was
jailed in a case involving Kaspersky software.
Kaspersky’s publicity efforts in Latvia give few clues about
its Russian origins. The company describes itself as “an international
cybersecurity organization established in 1997” registered in the UK with
infrastructure in Switzerland and research centers in Europe, the U.S., Russia,
and elsewhere. No controversy is mentioned.
Offering products with a prolonged free-of-charge trial to
vulnerable groups creates the perception of altruistic behavior and thereby
legitimation, for commercial or other purposes. Pascal Boyer, a cognitive
anthropologist, explains in his book “Minds Make Societies” that announcing a
threat can establish trust.
Kaspersky denies any ties with Russian security services and
insists that consumer data are safe. A company PR representative dealing with
the Baltic states promised a prompt reply to questions but sent nothing.
For critics, Kaspersky’s campaign echoes the patient opportunism
practiced for decades in the Baltic states by the Kremlin: remain on the
sidelines for a moment, wait for (or contribute to creating) the right moment
to become needed and then set your own agenda.
Comments
Post a Comment