The allegations that Kaspersky Lab spied on its customers on behalf of Russian intelligence services, as was reported in top American newspapers these past few weeks, are very serious and threaten the future of the antivirus maker — even if no conclusive proof has been offered and no one making the accusations has been willing to speak up in public.
Most security experts agree that people who work in government, financial, healthcare or critical-infrastructure industries should not use Kaspersky software. Some have even gone so far as to recommend everyone remove it which is probably a good idea at this point.
Other security experts aren’t ready to condemn the company without seeing hard evidence. But they added, we’ve got just as much to fear from Chinese vendors — and that most modern antivirus software, not just Kaspersky’s, could be abused to become an espionage tool.
Strong, but unproven, accusations
The Wall Street Journal, citing unnamed current and former government officials, reported that in 2015, Kaspersky antivirus software running on the home computer of an unnamed NSA staffer spotted NSA files that the staffer had brought home and put on his or her machine. (The staffer broke the rules by taking the files home, but he or she is not suspected of espionage.)
The Kaspersky antivirus software somehow alerted Russian intelligence to the presence of the NSA files, and Russian spies then targeted the NSA staffer’s computer and copied files from the machine, according to the WSJ It’s not clear exactly how Russian intelligence got access to Kaspersky data, or exactly what kind of NSA files the staffer had on his machine. (NSA-made malware would have been noticed by many antivirus products.)
The New York Times, also quoting anonymous sources, reported that Israeli spies who had hacked into Kaspersky’s internal networks in 2014 were the first to see evidence that Kaspersky software had been used to spy on the NSA staffer. The Israelis apparently turned what they had found over to the NSA.
The Washington Post backed that allegation with its own story, and in 2015, Kaspersky Lab itself had disclosed the Israeli hack of its own networks.
The Wall Street Journal came back with a second story, in which more (or perhaps the same) unnamed government officials told the paper that Kaspersky’s malware database, which looks for certain snippets of code in an attempt to catch malware, had been updated at a certain point to look for text strings that indicated U.S. intelligence documents. Such a text string might be “TOP SECRET,” or the code name of a known NSA or CIA operation or program.
Turn off antivirus data collection
Telemetry is a feature of most antivirus programs that sends data about the customer’s machine to the antivirus company’s servers for analysis, which, in turn, leads to quick responses to new malware.
Kaspersky’s telemetry functions reportedly tipped off the Russian spies to the presence of NSA software on the NSA staffer’s home computer. Most antivirus software, including Kaspersky’s, lets you toggle off telemetry so that your machine, at least in theory, receives data from the antivirus company without sending anything back.
Happy to work with the authorities – of all nations
As a young man, Eugene Kaspersky was educated at a KGB-run technical academy, then served in Soviet military intelligence.
Within the global information-security community, Kaspersky Lab is highly respected for the quality of its research, as well as for its willingness to share its findings, work with other antivirus companies and collaborate with police agencies against cybercrime.
Kaspersky Lab and McAfee, along with Europol and the Dutch national police, created and run the NoMoreRansom.org website to help victims of encrypting ransomware protect and recover their data.
Who should NOT be using Kaspersky software?
Anyone worried about the Russian government or Russian organized crime might want to look elsewhere.
In September, the Department of Homeland Security ordered the removal of Kaspersky software from U.S. government agencies. Best Buy and Office Depot announced they would no longer sell Kaspersky software and offered to remove it from customer machines for free. Eugene Kaspersky has offered to testify before Congress and to let American officials read his company’s source code. The U.S. government hasn’t taken him up on either offer yet.
John E. Pike, founder and director of GlobalSecurity.org, a national-security think tank, said Kaspersky antivirus and other such products have too much spaghetti code for anyone to have confidence that they understand all that is going on under the hood.
The dust hasn’t settled around this yet – time will tell.
