LONDON -- Keir Giles first thought was that the mans suit looked too cheap for a private equity executive. The man seated in front of him at the London hotel claimed to live in Hong Kong, but didnt seem overly familiar with the city. Then there was the awkward conversation, which kept returning to one topic in particular: the Russian antivirus firm Kaspersky Lab.
He also asked Giles to repeat himself or speak louder so persistently that Giles said he began wondering whether I should be speaking into his tie or his briefcase or wherever the microphone was.
He was drilling down hard on whether there had been any ulterior motives behind negative media commentary on Kaspersky, said Giles, a Russia specialist with Londons Chatham House think tank who often has urged caution about Kasperskys alleged Kremlin connections. The angle he wanted to push was that individuals — like me — who had been quoted in the media had been induced by or motivated to do so by Kasperskys competitors.
The Associated Press has learned that the mysterious man who presented himself as a private equity partner named Lucas Lambert spent several months last year investigating critics of the Kaspersky Lab, organizing at least four meetings with cybersecurity experts in London and New York.
Giles said he met with Lambert twice last year, ostensibly to discuss Giles speaking at a cybersecurity conference that Lamberts company was organizing. But he said Lambert seemed far more interested in asking whether anyone had been paid to publicly undermine Kaspersky.
Kaspersky Lab declined to answer questions from the AP about whether it had any involvement with the meetings.
The operation targeting Giles and others came at a sensitive time for the Moscow-based company, which boasts one of the worlds most popular consumer antivirus products and a research unit widely respected for routinely exposing elite hacking groups.
U.S. officials had occasionally expressed wariness about the firm over the years, but criticism of the company intensified in the aftermath of Russian intervention in the 2016 presidential election.
U.S. lawmakers began calling for restrictions on Kaspersky, contending a Russian firm could not be trusted to keep American networks safe, and the U.S. Department of Homeland Security ordered federal agencies to remove the firms antivirus software from their computers.
By the time Giles met with Lambert, Kaspersky was suing the U.S. government over its decision, arguing that it never helped hackers and was being considered guilty until proven innocent. U.S. judges later dismissed the lawsuit.
The AP learned that Lambert also targeted Michael Daniel, who served as former president Barack Obamas cybersecurity czar, though it is unclear whether he actually managed to meet with Daniel.
In an email exchange with the AP, Lambert insisted that he and his company were genuine, but he did not reply to follow-up questions about the discrepancies in his story or make himself available for an interview. The AP could find no evidence of the existence of the firm he said he worked for, Tokyo- and Hong Kong-based NPH Investments.
Research by Citizen Lab, an internet watchdog group based at the University of Torontos Munk School, suggests Lucas Lamberts operation is linked to an almost identical one involving a man calling himself Michel Lambert. His bungled attempt in a Manhattan restaurant to entrap John Scott-Railton, a senior researcher at the lab, was caught on camera by AP reporters two months ago.
The two Lamberts appear to be different individuals. A few days after the AP published his photo, Michel was outed as former Israeli intelligence officer Aharon Almog-Assouline. In a Canadian court filing, a Toronto attorney said Assouline bears a striking similarity to a man he identified as an operative for Black Cube, an Israeli intelligence firm.
Black Cube has denied any connection to the operation targeting Citizen Lab or to Michel Lambert. Its Israeli law firm, Cassouto & Co., said in a letter that it had absolutely no link to Lucas Lambert.
Black Cube denies it ever worked — directly or indirectly — for or on behalf of Kaspersky Lab, the letter said.
Giles said Lucas Lambert first reached out to him in April 2018, offering him 10,000 to deliver a keynote speech at an investor conference being organized by his company. But when they met the next month to discuss the idea, Giles said Lambert spent more time quizzing him on his attitude toward Kaspersky.
Giles had given interviews suggesting Kasperskys claims to be neutral should be taken with a grain of salt, saying it wouldnt be unusual for the company to cooperate with Russian spies in the same way that U.S. companies have been caught giving discreet assistance to the National Security Agency.
At their meeting, Giles said, Lambert asked him whether doubts about Kaspersky were being sown by jealous industry rivals and whether Giles and others were being induced by anyone to denigrate the company. I told him repeatedly that that was not the reason, Giles said.
In his second meeting with Lambert a month later, he said Lambert asked the same questions and also claimed Giles had told him Kasperskys critics had been paid to slam the company in the media.
That removed my remaining doubts that this was to hear — and possibly record — my comments on Kaspersky, Giles said.
Lambert also met with an American cybersecurity expert in New York in late May and in July, again touching on criticisms of Kaspersky.
He brought it up more than once, the expert said, speaking on condition of anonymity because his employer had asked him not to identify himself publicly. He asked whether economic competitors were trying to gin up the security threat.
After Lambert wrote Giles on Oct. 15 to tell him the conference would be postponed indefinitely because a major client had an unplanned board meeting, Giles recalled feeling relieved.
This was a kind of go-through-the-mirror experience, he said, warning others to be on their guard. Its really important for us to stay on the right side of the looking glass.
Kin Cheung in Hong Kong and Kaori Hitomi in Tokyo contributed to this report.
Documents linked to this story: https://www.documentcloud.org/search/projectid:42174-Citizen-Lab-Undercover-Op
Know anything more about these undercover operatives? Raphael Satter can be reached at: http://raphaelsatter.com