Submitted by Micah Smith on Mon, 01/15/2018 - 13:28
The Kaspersky Connection.
The Kaspersky Connection.

Did you hear that the US government banned Kaspersky anti-virus software from all government computers?

If you read these posts, you will have noticed the Kapersky name mentioned frequently.

Kaspersky Labs, a heavyweight in the provision of cyber security products is headquartered in Russia and operated through the United Kingdom. Their comments, investigations and position on cyber security situations are taken very seriously and they have international prestige and standing. Unfortunately, the eye of doubt may need to be cast over Kaspersky’s political independence, for the sake of cyber security.

It seems that the U.S. Government are afraid that the Moscow based firm were using their software for some clandestine spying on the NSA. The ban, spurred by an incident involving an unidentified NSA employee transferring highly classified information from the NSA computer to his personal laptop. Subsequently, it was believed that Kaspersky stole that same classified information from the employee’s laptop.

The NSA and Kaspersky have a rough history. In 2014 the company received several confidential NSA materials from poorly secured computers in the US. Kaspersky also exposed the Equation Group, a 14-year-old NSA’s elite hacking group back in 2015, uncovering some of their cyber weapons.

Kaspersky commented on the most recent upset that “As a private company, Kaspersky Lab holds no inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight”.

Being investigators themselves, Kaspersky did their own internal investigation. What they found out was that that there were a ton of malware files on the employee’s laptop that acted as a backdoor through which information could be stolen.

The company’s report on this is truly head-turning. It has become clear that the employee installed a pirated version of Microsoft Office 2013 which contained a backdoor called Mokes. In essence, several other hackers could have used this to steal sensitive information from his computer.

The report stated that the company deleted all of the classified information as soon as they received it, although we aren’t sure if there is a way to verify this.

Would it be wise for the NSA to trust a company that is located in Moscow, especially when we now know that the Russian government could be responsible for hacking the U.S Presidential elections?

But we are not sure if Kaspersky is to blame. There could be many different ways that Russian government-backed hackers could steal the information from Kaspersky’s servers. For one, they could exploit vulnerabilities in the Kaspersky Lab software. Another way is for Russian hackers to upload suspicious files onto the company’s server.

Kaspersky CEO Eugene Kaspersky protests that his company “has not been provided with any evidence substantiating the company's involvement in the alleged incident.” So there is really no conclusive evidence linking the company to Russian hacking activities.

Nothing conclusive that’s true, but what’s really interesting is that Kaspersky himself (the CEO of the company) has been an advocate for an international treaty that would prohibit cyber warfare. That’s part of the reason that the company discovered and publicised NSA’s Equation Group and part of the reason the U.S. government has enacted a shutdown on Kapersky involvement.  One of the company’s goal is to expose as many hacking groups and their cyber weapons as possible, so to suggest Kaspersky is A-political doesn’t match with its leaders agenda or previous actions.

At this stage, the Kaspersky-Russian connection remains unclear and we don’t know if Kaspersky Lab is collaborating with the Russian government-backed hacking initiatives.

Regardless, it is definitely a liability for the US government to keep the antivirus software on its computers in the event that a hacking group uploads some malware or tampers with the company’s servers.