Kaspersky Lab is moving its core infrastructure from Russia to Switzerland after reports that the Kremlin used the company’s anti-virus software to steal classified US information.
The move will cost the company around $12m (£8.8m) and will relocate its core business away from the jurisdiction of the Russian government and intelligence agencies by the end of 2019.
More than a data centre in Switzerland, the move of Kapersky Lab’s software build conveyor – where its products are assembled from source code – will see the programming tools which could allow access to users’ computers available for independent audit.
Although the company has vigorously denied claims its software was used by Russian intelligence to steal data from a National Security Agency employee’s home computer, the publicity damage has left it working to address customer fears in a global transparency initiative.
The New York Times cited “multiple people who have been briefed on the matter” in a report that claimed Israeli intelligence discovered Russian counterparts were using the company’s anti-virus software to steal American hacking tools.
That report and another in The Wall Street Journal followed a directive issued by the Department of Homeland Security (DHS) which prohibited use of the firm’s software for all federal agencies – although countries such as Germany have stated that they did not support the American claims.
The ban is understood to have significantly damaged Kaspersky Lab’s business in America, where a large proportion of staff have left the company according to reports.
At the time, cyber security professionals expressed surprise at the ban of what was generally regarded as a quality product.
The company’s researchers had earned a reputation for independence from the Kremlin by detecting and reporting state-sponsored hacking campaigns originating in Russia.
In his first interview after those reports, the company’s chief executive and namesake, Eugene Kaspersky, denied the allegations to Sky News and said: “Of course, if it’s true, it will simply kill our business.”
Anton Shingarev, head of the chief executive’s office, acknowledged to Sky News that the company had received no assurances that the move to Switzerland would see the DHS ban reversed.
“We’ve been in touch with the regulators constantly in the past year,” Mr Shingarev said, adding that he met regularly with senior management at the UK’s National Cyber Security Centre and was “really grateful for their approach” in contrast to the approach “in some other countries where we don’t see any explanations or help from regulators”.
As part of the transparency initiative, the company will set up a separate facility in Switzerland for customers based in Europe, North America, Singapore, Australia, Japan and South Korea.
Mr Shingarev told Sky News that “one of the reasons we have chosen Switzerland is that we feel we can invite regulators from any country to Switzerland” to investigate the source code of its products if they have concerns.
He added: “Switzerland is a country which has hundreds of years of independence, it hasn’t participated in any wars.
“Cyber security must be neutral, cyber security must be far from politics or any alliance, similar to being a doctor.”