You don’t particularly need anti-virus software, but it helps a lot of people surf the web with confidence. One of the most popular anti-virus programs comes courtesy of Kaspersky Labs, which is one of the most respected commercial computer security firms out there. Or, rather, it was, as it’s been revealed the company’s programs doubled as a Trojan horse for Russian espionage.
The Wall Street Journal is reporting that Kaspersky appears to have modified their software to scan any computers using it for US government documents and data, searching for specific terms as it supposedly ran anti-virus checks. And worse, this appears to have been done specifically by the company for the Russian government:
Kaspersky Lab, founded by an engineer trained at a KGB technical school, has long insisted that it doesn’t assist the Russian government with spying on other countries. But many U.S. officials now think the evidence the U.S. has collected shows the company is a witting partner, said people familiar with the matter. “There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” said a former U.S. official with knowledge of information gleaned in 2015 about how the software was used to search for American secrets.
It appears this is how the unnamed NSA contractor accidentally provided Russian spies with top-secret US cyber-espionage tactics. But this could go much deeper. It’s not clear precisely how long this operation ran, or if it was limited to the United States government. Anti-virus software works by scanning practically every file in your computer, so Russian operations could have stolen anything from credit card information to corporate secrets. Kaspersky has, by its own estimation, 270,000 corporate clients. Every last one of them now has to not only find a new anti-virus provider but also conduct forensic investigations as to whether its operations were compromised.
It should be noted that the dossier assembled by Christopher Steele has claimed Russian cyberespionage has had more success with private networks than government ones. The witting assistance of Kaspersky would help explain that particular degree of competence. Either way, Kaspersky is likely to face legal action both from world governments and its clients, and it’s unlikely we’ve heard the last of this scandal.
(via Wall Street Journal)