Dutch hacker, big cyber-politics, and the anatomy of ‘real’ fake news.

Kaspersky Lab filed a complaint for defamation against Dutch daily newspaper De Telegraaf and a Dutch politician

Almost 21 years ago, I embarked on a mission to make the world a safer, better place. Today, we’re proud to protect with our cybersecurity solutions the digital lives of over 400 million consumers and 270,000 organizations around the world. Like many other companies whose aim is enhancing people’s lives, we also know that the higher you go, the stronger the winds can be. For us these winds include false media reporting. And in today’s environment of ‘media-ocracy’ and fake news, the situation is getting worse.

For nearly four years now, certain U.S. media outlets have been printing outlandishly preposterous false stories about cyber-conspiracies concocted between secret service folks and Yours Truly against the ‘free world’.

Evidence suggests that a Dutch politician is behind a fake story about Kaspersky Lab in the biggest Dutch daily newspaper

These tales from the paranoid side about us all fit the same template. Accordingly, their basic structure and rhetoric are always identical:

  • Unnamed U.S. intelligence officials share certain ‘shocking details’ about [insert as applicable] with a select few representatives of a given media outlet;
  • Anonymous sources are mostly used; any ‘sources’ cited are incompetent/unqualified to be sources;
  • Zero evidence of any wrongdoing on our part is presented (logical: there is no wrongdoing);
  • Distortion of reality based on the Pareto principle (80% truth + 20% fiction = monstrous lie);
  • These media stories are then used as a basis for taking political decisions (proof).

Incidentally, you may be wondering why, if all the stories about us are indeed false, we’ve never taken legal action in the U.S. The short answer to that is that U.S. legislation makes establishing the truth of a media story very difficult. Meanwhile, we get a ‘media-ocracy’ – with ‘news’ that isn’t news at all, just a vehicle for instilling in readers’ minds images of an ‘enemy’, so as to influence the underlying opinions of the people reading those media. But it doesn’t stop there. This non-news is used to justify high-level political moves against the next-in-line-to-be-out-of-favor company. Yes, of late it’s not just KL being pinpointed; this is growing bigger and bigger every month, affecting other companies too.

Worryingly, this media-ocracy is very influential – and highly contagious; so much so that it can now be felt all around the world, not just in America. And that now includes even the Netherlands.

Media-ocracy: vehicle for instilling in readers’ minds images of an ‘enemy’ and using false allegations for taking political decisions. Alas, it’s highly contagious.

On February 3 of this year, the largest Dutch national daily newspaper, De Telegraaf, published a ‘sensational’ article about a hacker who, allegedly, had claimed to have hacked into the network of our Dutch office (from just outside the building) and managed to obtain a number of IP addresses – all as part of a supposed investigation to help uncover a leak in the Dutch parliament – a leak organized to help ‘the Russians’. Inevitable questions like why specifically we were hacked, why those particular IP addresses were obtained, etc. are left unanswered, but for us the key thing to be addressed was the claim that someone had breached our own highly secure corporate network.

So yes, we took the claims very seriously. We’re a cybersecurity company, remember?! So naturally we carried out an internal investigation. And guess what it showed. No hack occurred. But that’s only the start of this sorry tale.

Going back to the hacker who, according to the news story, said she had broken into our network, it turns out she denies both telling anyone she breached us and actually doing so.  That means the story must have been fabricated – and this is confirmed by the hacker’s witness testimony, her archive of electronic messages and personal recordings of phone conversations, and another witness’s testimony.

Wait. It gets even more ridiculous…

The threads of this bewildering story lead to none other than a former Dutch minister, Willem Vermeend, who, incidentally, together with the above-mentioned hacker, had previously written a book about cybersecurity – but which was later withdrawn from circulation due to plagiarism. De Telegraaf claims that an anonymous source told their journalists about the hacking of KL’s Dutch office, and evidence points to Vermeend as the anonymous source, who supposedly whispered the fake narrative to the newspaper. Vermeend in his turn has repeatedly denied doing so.

This story is merely a symptom of a large-scale disease, which has by no means struck just the Netherlands

And let’s not forget De Telegraaf’s journalists themselves. Despite striking differences in the various claims regarding the article’s sources, the groundlessness of the accusations themselves, plus the brazen total lack of adherence to journalistic ethics, they – put candidly – lied to their readers with an opportunistic, self-serving – false – article.

It all adds up to a veritable cyber soap opera of the digital age!

After exhausting all other possibilities to resolve the issue directly with the Dutch newspaper, we decided that the only option left for us was to turn to court. Fortunately, European legislation offers organizations the chance to defend their reputation by doing so. So, on May 25 we filed a complaint for defamation against both the newspaper and Mr. Vermeend, with a demand for the newspaper to publish a rectification. I’ll keep you informed of how things go.

Actually, the main thing here isn’t the story itself. The story is merely a symptom of a much larger-scale disease, which has by no means struck just the Netherlands. That disease is the incitement of hysteria in society, which, just as witch-hunts did in the Middle Ages, labels those guys – from those countries – bad, and these guys – from these countries – good; all based on, to put it mildly, dubious arguments and standards. One recent example of this is the absurd media-ocracy-driven restrictions by the Dutch politicians: basing national-level political decisions on lies in the media and hypothetical threats in the style of Minority Report.

And finally…

The risks of using our software are purely hypothetical. Just as hypothetical as with any other cybersecurity software of any country. But the risk of becoming a victim of a genuine cyberattack is real – and extremely high. And not only cyberattacks carried out by very nasty criminals, but also unexpected ones from seemingly benign groups or individuals. And in such an environment only the very best technologies of truly independent developers can help – those verified in independent tests and having a proven track record of ability to protect against any cyberthreat no matter where it may come from.

It makes me proud that nearly 4000 colleagues here at KL, dotted all around the world, fully share my personal mission to make the world a safer, better place. And I think I speak for all 4000 of us when I say that that’s just what we’re going to carry on doing – even when the going gets tough.