In the past few months, we’ve seen the US government making a call to remove all Kaspersky software from government computers, although it was unclear why this was happening because Eugene Kaspersky offered to fully collaborate with the US officials on their concerns regarding Russia’s involvement with the AV maker, saying it goes against the business interests of the company to allow such a thing. Yet, now we know what caused the widespread call for Kaspersky to be uninstalled.
According to a report published by the New York Times, Israeli intelligence officers cracked open the Kaspersky network and discovered that Russian hackers had done the same and were using the Kaspersky antivirus, installed on some 400 million devices, as a search engine of sorts looking for NSA’s surveillance tools.
It seems the Russian operation has been successful to some extent as they managed to steal classified documents from an NSA employee that had improperly stored them on his home computer that was supposed to be protected by Kaspersky. It is not known what else the Russian may have gotten their hands on.
The way the Russians operatives managed to use Kaspersky as a search engine is through the software’s actual way of operating. Like any other AV, Kaspersky requires access to everything that’s stored on the computer, from the smallest to the largest files, so it can search for viruses and other dangers that may be packed inside. The AV runs constant scans for the signatures of known malware, removes them, and sends a report to the main servers. It seems this was perfect for the Russian intelligence agents who wanted to look for anything they found of value across the world.
It seems that it was the Israeli who tipped off the NSA about the Kremlin agents using Kaspersky’s code, which led, in turn to the US government demanding that all computers of the administration using Kaspersky turn to some other AV.
Kaspersky once more denied any relation to the Russian intelligence services, despite the fact that the company is based in the country. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts.”
Eugene Kaspersky also wrote on Twitter that they were launching an investigation into these allegations and asked anyone with knowledge of the situation, including American services, to come forward.
This entire scandal has pushed AV vendors to recheck their policies regarding the code review. Specifically, they’re starting to feel like allowing governments to check the source code may not be the best policy to have as it opens the door for abuse. Symantec already expressed its concern for this, telling Reuters that it poses an unacceptable risk to customers.