Security news is currently awash with a series of accusations against one of the world’s leading antivirus developers, Kaspersky Lab. The claims come on the back of months of speculation regarding Russian intent in foreign political events. This article isn’t delving into those accusations.
This article is focusing on the allegations leveled at Kaspersky Lab, and whether it is safe to use their security products.
The Wall Street Journal reports that Kaspersky Lab is merely a tool of the Russian security services and is undermining U.S. government agencies by stealing data. Hackers targeted a specific contractor after identifying critical files scanned on his computer by a Kaspersky antivirus product. The stolen files contain details of how the U.S. penetrates foreign computer networks and defends against cyber attacks — after the contractor removed the highly classified files from the NSA and stored them on his computer (another massive security failing).
Israeli spies found the stolen material on the Kaspersky Lab network in 2015. The issue came to light back in October. Since then, the U.S. and U.K. governments have both issued warnings about the security risks of using Russian antivirus software. Both governments specifically reference Kaspersky but have expanded their warning to all cybersecurity products with a Russian developer.
The Department of Homeland Security issued the following statement:
“The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.
The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
How Did Kaspersky Respond?
Well, understandably, Kaspersky Lab founder and CEO Eugene Kaspersky strongly refuted the accusations, stating that “Kaspersky Lab doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company.” The “credible evidence” aspect of the company declaration is important.
While the US and UK governments have quickly condemned Kaspersky, there is little in the way of factual evidence. Kaspersky further pointed out that over 85 percent of their income comes from overseas markets. Working with individual governments against others would be severely detrimental to their bottom line. Evidence or not, it is being eroded.
Audit the Software
In fact, in the interest of protecting the Kaspersky name and global reputation, Eugene Kaspersky has repeatedly offered to allow independent auditors review the antivirus and other software source code. The Russian cybersecurity firm believes they “need to reestablish trust in relationships between global companies, governments, and citizens” before they can clear their name.
The nature of antivirus software means that any suite has near total control over its host machine. Antivirus software must scan deep into the root of the device to uncover hidden malware and other nasties. Uncovering extremely well-hidden malware is what gave Kaspersky its name, after all. Kaspersky, however, realizes that “trust is not a given” and that there is a path to climb, regardless of their involvement.
The Cybersecurity Experts Weigh In
Cybersecurity experts are somewhat split over the contentious issue of Kaspersky antivirus delivering details of highly classified NSA files.
It boils down to two hypotheticals:
- Kaspersky did knowingly alert Russian authorities or hackers as to the presence of highly classified yet insecure NSA documents on a contractors’ personal computer.
- Kaspersky knew the highly classified files were there because the antivirus scan returned positive with some variety of NSA hacking tool, hence their appearance in the Kaspersky network.
Many cybersecurity experts believe the second scenario is more likely. Matthew Green, a cryptography professor at John Hopkins University, offered another stance: “Consensus on infosec Twitter is that Kaspersky may not have colluded with [the Russian government]; just maybe their product may be horrendously compromised.”
Consensus on infosec Twitter is that Kaspersky may not have colluded with RU gov; just maybe their product may be horrendously compromised.
— Matthew Green (@matthew_d_green) October 5, 2017
However, other security experts chimed in with their support for the second scenario. Furthermore, while Kaspersky doesn’t directly work with individual governments, they almost certainly analyze their heuristic scans. And if those scans turn up highly classified NSA hacking tools, who is to say a hacker (or hackers) already within the Kaspersky network were not instantly made aware.
Not the consensus. https://t.co/4qCmCAdvSE
— systemb (@brysonbort) October 7, 2017
After all, Israeli spies broke the news to the NSA regarding their compromised files. We don’t know who else has broken into the network.
In the Clear
Kaspersky is one of the best antivirus products on the market. Kaspersky Lab has seen stratospheric rise under the stewardship of Eugene Kaspersky, all while under notoriously restrictive Russian governments. Eugene Kaspersky is himself a former KGB signals-intelligence software engineer. His critics have long accused him of using Kaspersky as a Russian intelligence tool. Kaspersky freely admits that they work with the FSB when called upon — it would be against company interests not to.
Conversely, the anti-Russian sentiment is at a recent high. Accusations of high level Russian military experts switching to civilian cybersecurity are just as easily leveled at American, British, and European companies. Similarly, U.S.-developed Norton Antivirus frequently works closely with the FBI. Should the U.S. public mistrust Norton for assisting their government?
Okay, Just Tell Me: Can I Use Kaspersky or Not?
Well, how patriotic are you? I’m kidding.
But a clear line the in the sand has been drawn. Certain U.S. government agencies have long suggested their employees and contractors stop using Russian-made antivirus products. But the addition of the U.K. government and the withdrawal of Barclays free 12-month Kaspersky free trial offer has raised more than a few eyebrows.
Let me stress: there is *no* ban for KL products in the UK. We are in touch with @NCSC regarding our Transparency Initiative and I am sure we will find the way to work together
— Eugene Kaspersky (@e_kaspersky) December 2, 2017
Of course, what businesses do doesn’t necessarily apply to the public. So, on the one hand, we have Ciaran Martin, director of the UK National Cyber Security Centre advising government departments against using Russian-developed cybersecurity products. On the other hand, we have Ian Levy, the NCSC’s technical director, confirming that there is “no compelling case at present to extend that advice to [the] wider public sector, more general enterprises, or individuals.”
Kaspersky cybersecurity products are clear for use if you’re not a government agency, working for the NSA or another U.S. government department, or a government contractor. In fact, Kaspersky cybersecurity products frequently receive extremely positive feedback. They’re well known for removing stubborn malware, as well as offering a wide range of ransomware and rootkit removal tools.
The first phase of Kaspersky’s transparency initiative will commence in the first quarter of 2018. You can be sure that we’ll be there when it happens!
Do you now mistrust Kaspersky cybersecurity products? Have you always? Or as a private citizen, does it simply not matter?