Threat Intelligence, Malware, Network Security

Kaspersky blames U.S. for cyberespionage accusations


Eugene Kaspersky Tuesday claimed that the U.S. government and media have attempted to destroy Kaspersky Lab's reputation by implying that it was a tool of Russian intelligence and not to be trusted.

“This media attack and government attack from the United States, it was designed and orchestrated,” the company co-founder and CEO said at a London press conference, noting that as the government questioned the security of Kaspersky products and then banned federal agencies from using it the FBI and media launched attacks as well, the former raiding the homes of company employees. “That is expensive … I mean all kinds of resources: political influence, money, lobbyists, the media etc.,” he said.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” according to a September DHS statement banning the used of the company's software.

Kaspersky has maintained that his company has never come to the aid or done the bidding of Russian intelligence, which he reiterated to reporters, according to a report in The Guardian.

“They have never asked us to spy on people. Never,” he said, contending that if such an expectation ever arose, he would “move the business out of Russia.”

Kaspersky said the company does “assist Russian intelligence to investigate cybercrime,” noting that it in particular it has worked with the FSB in Russia, which handles “high-profile cybercrime and for international investigation.”

It was Israel's discovery that Russian hackers had used Kaspersky Lab's antivirus software to search computers worldwide for information on U.S. intelligence programs that prompted the U.S. government in September to ban the security company's software from all federal agencies. 

Russia's efforts were uncovered by that country's intelligence officers who hacked into Kaspersky's networks and spied on the Russian spies in real time. 

While it's not known the extent of the information the hackers gleaned, reports claimed they did successfully pilfer classified data from the home computer of a National Security Agency (NSA) worker outfitted with Kaspersky AV software. 

In October, to prove that its products and services are trustworthy and to counter implications to the contrary after the U.S. government banned federal agencies from using its solutions, Kaspersky Lab launchedGlobal Transparency Initiative, providing its source code for third-party review and opening three transparency centers around the globe.

The company also said that a 2014 analysis of a malicious zip file found on a computer in the U.S. showed that the consumer version of Kaspersky Lab's antivirus software had picked up the source code for surveillance tools used by the Equation Group, the National Security Agency's elite hacking arm, and the file was immediately deleted, according to Kaspersky.

The results of an internal review by the company showed that Kaspersky detected Win32.Mokes.hvl  malware in the file on a computer used by an NSA worker who had downloaded and installed a pirate copy of Microsoft Office at home “as indicated by an illegal Microsoft Office activation key generator,” or keygen.

Seeking to dispel allegations that its anti-virus software helped Russian cyber spies identify and steal U.S. hacking tools from the NSA contractor's laptop, Kaspersky Lab in mid-November released findings from its own internal probe, including apparent evidence that the laptop had been infected with malware.

Kaspersky believed it pinpointed the contractor's computer system in question, after its investigators linked said system to an unusually large volume of Equation Group malware signatures that were recorded by its anti-virus software and saved to the company's server. (The Equation Group APT has been widely linked to the NSA.)

If, indeed, this is the contractor's computer system, then the hacking incident appears to have taken place sometime between Sept. 11, 2014 and Nov. 17, 2014, Kaspersky explained in an online report. However, this assessment does not jibe with previous accounts that said the incident took place in 2015 -- an inconsistency that could theoretically weaken the Russia-based company's defense.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.