The allegations that Kaspersky Lab spied on its customers on behalf of Russian intelligence services, as was reported in top American newspapers this past week, are very serious and threaten the future of the antivirus maker — even if no conclusive proof has been offered and no one making the accusations has been willing to speak up in public.
Credit: Jaggat Rashidi/ShutterstockHere at Tom’s Guide, we still recommend Kaspersky antivirus software for home users who don’t work in any industries involved with national security. But we sent questions to several information-security experts, ranging from a former NSA staffer to a lawyer for the Electronic Frontier Foundation, for their opinions on whether they considered Kaspersky software safe to use.
“My firm is recommending that our customers, who largely are financial companies, uninstall Kaspersky AV.”
— Dave Aitel, Immunity Inc.
Most of our respondents agreed that people who work in government or critical-infrastructure industries should not use Kaspersky software. One said he was telling everyone to remove it.
“My firm is recommending [that] our customers, who largely are financial companies, uninstall Kaspersky AV,” said Dave Aitel, a former NSA staffer and the founder, owner and chief technology officer of Immunity Inc., an information-security consultancy. “There is no plausible innocent explanation for the information that has been presented.”
Other security experts we spoke to weren’t ready to condemn the company without seeing the evidence. But they added that we’ve got just as much to fear from Chinese vendors — and that most modern antivirus software, not just Kaspersky’s, could be abused to become an espionage tool.
“I haven’t seen anything which makes me think that it’s any more dangerous to run Kaspersky than any other major antivirus product.”
— Graham Cluley, independent security consultant
“I haven’t seen anything which makes me think that it’s any more dangerous to run Kaspersky than any other major antivirus product,” Graham Cluley, an independent security blogger and former staffer at the antivirus maker Sophos, told us. “Kaspersky might be being singled out … because the company is Russian, and that doesn’t sit too well in the current geopolitical climate.”
John E. Pike, founder and director of GlobalSecurity.org, a national-security think tank, said Kaspersky antivirus software was “probably” safe to use, but he added that “such products have too much spaghetti code for anyone to have confidence that they understand all that is going on under the hood.”
Strong, but unproven, accusations
On Oct. 5, The Wall Street Journal, citing unnamed current and former government officials, reported that in 2015, Kaspersky antivirus software running on the home computer of an unnamed NSA staffer spotted NSA files that the staffer had brought home and put on his or her machine. (The staffer broke the rules by taking the files home, but he or she is not suspected of espionage.)
The Kaspersky antivirus software somehow alerted Russian intelligence to the presence of the NSA files, and Russian spies then targeted the NSA staffer’s computer and copied files from the machine, according to the WSJ It’s not clear exactly how Russian intelligence got access to Kaspersky data, or exactly what kind of NSA files the staffer had on his machine. (NSA-made malware would have been noticed by many antivirus products.)
“Whichever antivirus product you use, you should configure it to NOT send data back to the vendor.”
— Rob Graham, CTO, Errata Security
Late Tuesday (Oct. 10), The New York Times, also quoting anonymous sources, reported that Israeli spies who had hacked into Kaspersky’s internal networks in 2014 were the first to see evidence that Kaspersky software had been used to spy on the NSA staffer. The Israelis apparently turned what they had found over to the NSA.
The Washington Post backed that allegation with its own story, and in 2015, Kaspersky Lab itself had disclosed the Israeli hack of its own networks.
On Oct. 11, The Wall Street Journal came back with a second story, in which more (or perhaps the same) unnamed government officials told the paper that Kaspersky’s malware database, which looks for certain snippets of code in an attempt to catch malware, had been updated at a certain point to look for text strings that indicated U.S. intelligence documents. Such a text string might be “TOP SECRET,” or the code name of a known NSA or CIA operation or program.
You could try turning off antivirus data collection
Rob Graham, head of information-security consultancy Errata Security and creator of several security tools, had a suggestion for all antivirus users who might be worried about the software spying on them.
“For ordinary consumers, it’s probably as safe using Kaspersky as any other antivirus software,” Graham told us. “Whichever product you use, however, you should configure it to NOT send data back to the vendor.”
Graham was referring to the telemetry, a feature of most antivirus programs that sends data about the customer’s machine to the antivirus company’s servers for analysis, which, in turn, leads to quick responses to new malware.
Kaspersky’s telemetry functions reportedly tipped off the Russian spies to the presence of NSA software on the NSA staffer’s home computer. Most antivirus software, including Kaspersky’s, lets you toggle off telemetry so that your machine, at least in theory, receives data from the antivirus company without sending any back.
Because of telemetry, antivirus products “have access to everything on the system and communicate constantly,” states a blog post co-authored by Roel Schouwenberg, a former Kaspersky Lab malware researcher who is now at Celsus Advisory Group, an information-security consulting firm. “They are effectively ‘trusted implants.'”
Kurt Opsahl, deputy executive director and general counsel at the Electronic Frontier Foundation, a digital-liberties advocacy group, agreed that telemetry is a risk, and not only to Kaspersky customers.
“Cloud-based AV … necessarily allows the AV software to see and report on what’s on your machine — and gives an opening to intelligence agencies to get that information,” he told us. “Kaspersky shows that this can actually happen, though something similar may well have happened elsewhere.”
Happy to work with the authorities – of all nations
Within the global information-security community, Kaspersky Lab is highly respected for the quality of its research, as well as for its willingness to share its findings, work with other antivirus companies and collaborate with police agencies against cybercrime.
We at Tom’s Guide, as well as rival publications, have consistently rated Kaspersky antivirus software well for its excellent malware detection (as borne out in regular lab tests), its low system-performance impact and its useful extra features.
As a young man, Eugene Kaspersky was educated at a KGB-run technical academy, then served in Soviet military intelligence.
Kaspersky Lab and McAfee, along with Europol and the Dutch national police, created and run the NoMoreRansom.org website to help victims of encrypting ransomware protect and recover their data. Just yesterday (Oct. 12), Interpol announced that it was expanding its relationship with Kaspersky Lab to share threat intelligence.
But Kaspersky may not be for everybody
“Kaspersky Lab is an excellent company with a solid reputation for building good security products,” Nicholas Weaver, a researcher at the International Computer Science Institute, an affiliate of the University of California, Berkeley, wrote on the Lawfare blog in July. “But that is only true for most users. … Kaspersky software should be banned from all governmental computers, defense contractors, and related assets.”
“Companies may well be targets of economic spying, while non-profits and activists may be targets of spying on political opposition, and should give a higher weight to the spying risk,” Opsahl said. “Given what’s known, is it worthwhile to stick with [the] software with this news? Probably less so than with consumers.”
How close is Kaspersky to the Kremlin?
There’s always been a bit of suspicion about Kaspersky Lab. The company’s co-founder and owner, Eugene Kaspersky, was educated at a KGB-run technical academy beginning when he was a teenager, and then served in Soviet military intelligence. (Many security experts of all nationalities working in the private sector have similar backgrounds.)
Eugene Kaspersky. Credit: KasperskyThe company’s relationship with the Kremlin has never been clear, though Western experts on Russia think there’s no way Eugene Kaspersky could have become a billionaire without having reached an understanding with the government. Under Russian law, any company must open its communications lines to the authorities upon request.
The Kaspersky company has consistently denied that it assists any government with espionage operations.
Kaspersky Lab was given the contract to run all cybersecurity efforts at the 2014 Winter Olympics in Sochi, Russia, but there may not have been any other Russian company that could have pulled it off. In 2011, Eugene Kaspersky’s eldest son was kidnapped and held for ransom by apparently incompetent abductors, then freed unharmed after a police raid.
“I feel bad for Kaspersky, because they’re probably good guys who are trying to do the right thing, but the forces above them are much more powerful,” Kenneth Geers, a senior fellow at the Atlantic Council and an expert on Eastern European cyberespionage, told The Parallax security blog. “Their software can see nation-state operations because they have deep visibility into enterprise and government networks.”
Does Kaspersky software seek out American spying tools?
Kaspersky Lab was involved in the discovery of several spyware tools thought to be developed and used by the NSA, including the Stuxnet worm that sabotaged an Iranian uranium-enrichment facility in 2010.
For those reasons, the company has been accused of going after American intelligence operations, but it also has discovered and disclosed spyware campaigns thought to be run by Russian and Chinese intelligence. (Kaspersky has a policy of not naming which countries may be behind specific cyberespionage campaigns.)
“Anyone worried about the Russian government or Russian organized crime might want to look elsewhere.”
— John E. Pike, GlobalSecurity.org
“We still don’t have enough solid information to really judge Kaspersky, just hearsay and rumor,” Rob Graham said. “With that said, I wouldn’t trust any company from Russia or China, at least not when important national concerns are at stake.”
“Kaspersky has, in the past, drawn attention to malware campaigns that almost certainly were orchestrated by Russia, and targeted Russia’s enemies,” said Graham Cluley. “Perhaps I’m a bear of very little brain, but I don’t see why a company colluding with the Russian government would be doing that.”
Who should not be using Kaspersky software?
“Anyone worried about the Russian government or Russian organized crime might want to look elsewhere,” Pike told Tom’s Guide. “This is the same issue as Lenovo computers — probably not a problem for most consumers, but anyone who is worried about being targeted by the Chicoms would probably look elsewhere.”
Credit: KasperskyGraham and Weaver agreed that you might need to worry just as much about China as about Russia.
“I don’t think important government entities should trust security products/services from adversarial nations like Russia and China,” Robert Graham said. “It’s unlikely Kaspersky is actually spying for his government, but yet, it’s still an event we would add to our risk matrix and defense against.”
“Anyone who views the Chinese government as an adversary should avoid Huawei, and those who count the Russian government as an adversary should not install Kaspersky products,” Weaver wrote on his blog. “This is why it is shocking me that U.S. government used Kaspersky Lab’s products — including on [Department of Defense] systems.”
None of the suspicions about Kaspersky Lab mattered much until the 2014 popular uprising in Ukraine that removed a pro-Russian president. That, in turn, sparked the Russian forcible takeover of Crimea, the beginning of the ongoing separatist war in eastern Ukraine and the sudden worsening of U.S.-Russian relations.
In 2015, stories began appearing in the U.S. media about Kaspersky Lab’s ties to the Kremlin and to Russian intelligence, including one that said Russian intelligence operatives had been deliberately placed on Kaspersky’s staff in 2012.
The Russian intelligence effort to influence the 2016 U.S. presidential election, and the subsequent American investigations into that effort, have only made things harder for Kaspersky Lab. This spring, several U.S. intelligence-agency heads told Congress that they would not run Kaspersky software on their own computers. FBI agents interviewed Kaspersky employees in the U.S.
In September, the Department of Homeland Security ordered the removal of Kaspersky software from U.S. government agencies. Best Buy and Office Depot announced they would no longer sell Kaspersky software and offered to remove it from customer machines for free.
Eugene Kaspersky has offered to testify before Congress and to let American officials read his company’s source code. The U.S. government hasn’t taken him up on either offer yet.
So far, most of the allegations made against Kaspersky Lab in the American press can be explained. The NSA files on the staffer’s home computer could have been malware, in which case Kaspersky’s antivirus scanners would have picked them up. Kaspersky itself need not have tipped off Russian intelligence about the files; the Russian security services could have been tapping into Kaspersky’s data feeds.
“I’ll leave it to Kaspersky to provide the plausible innocent explanation,” Opsahl told us, but added that “a plausible explanation may not be enough. Kaspersky probably needs to show that it is not just an innocent victim, but actually the better option in the marketplace.”
“If there really is any evidence that Kaspersky has colluded inappropriately with Russian intelligence, then I think we would all welcome seeing it.”
— Graham Cluley, independent security consultant
Even the allegation that Kaspersky’s malware-signatures database was altered to look for “TOP SECRET” and other text strings could be explained if Russian intelligence operatives were working secretly among Kaspersky employees.
Kaspersky management might or might not have known about such possible arrangements. But, given the political climate in Russia, it might not have had a choice.
“If there really is any evidence that Kaspersky has colluded inappropriately with Russian intelligence, then I think we would all welcome seeing it, to put this matter to bed once and for all,” Cluley said.
“I think there’s a danger for other security companies here, though, too,” he added. “Not only are some acting rather shabbily in exploiting Kaspersky’s discomfort, but they might also want to be wary that they are not also targeted by whispers in the future.”
What the future holds for Kaspersky
Eugene Kaspersky seems too gregarious and talkative to be a spy. Until things got hot for him in the U.S., he was a regular fixture at American security conferences. If he wasn’t addressing a conference, he’d be holding court in the hallway, ready to talk to anyone who asked.
Kaspersky the man doesn’t seem to spend much time in Moscow. He sponsors a Formula 1 racing team, an Australian rugby team and a Greek archaeological site; he hikes around volcanoes in the Russian Far East; and he has placed Kaspersky Lab’s holding company in London.
He still holds his own security conference, the Security Analyst Summit, every winter in a tropical tourist resort, although it hasn’t been held on U.S. territory since 2013.
“It will be interesting to see how other Western countries begin to respond to the claims” against Kaspersky, Cluley said. “So far, I haven’t seen other governments sharing America’s nervousness about Kaspersky’s software.”
“The question is whether Kaspersky can save its non-American business based on those markets not believing the damning information in U.S. newspapers,” Aitel told us. “Should any more leaks come out regarding this investigation that indicate Eugene himself knew about this activity, then the company would be kaput.”
Thanks for your visiting on this page Kaspersky Russian Spying Rumors: Should You Use This Antivirus?, We hope this post can be a good reference for you and provide useful information for you :-).
This article is sourced from: Here