Over the last few years, there have been persistent concerns about Kaspersky Lab and its relationship with the Russian government. Earlier this summer, the Trump Administration announced Kaspersky’s various antivirus and security programs would no longer be allowed on any US government systems. Multiple stores have pulled their products from store shelves. It’s been clear high-level sources in the US government had serious evidence of wrongdoing, but the specifics weren’t public knowledge until yesterday.
On Tuesday, the New York Times reported how the United States government learned one of the world’s largest antivirus providers was connected to Russian intelligence. Israeli counterintelligence officers had pulled off their own hack of Russian assets and literally watched Russian government hackers searching US-based computers for keywords and code names linked to US intelligence programs in real time.
Russian black hats were able to use Kaspersky antivirus software as a sort-of Google search engine, scanning computers across the country for keywords and phrases. Last year, the NSA charged one of its contractors, Harold Thomas Martin III with having improperly retained terabytes of classified information on a computer in his home. His machine is one of the computers the Russians could access, and sources have told the New York Times key NSA information was exfiltrated from his machine. Here’s how the NYT described the situation:
Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.
Kaspersky Lab continues to deny collaboration with the Russian government. Several years ago, the company replaced certain executives with other men who had ties to either the FSB (the successor to the KGB) or to Russian government in general. Its owner graduated from a KGB Academy. And both the United States government and various US companies have pulled the software from their shelves. These attacks, however, are not linked to the Shadow Broker leaks from earlier this year. The company’s response is shown below.
Nonetheless, ExtremeTech strongly recommends uninstalling Kaspersky’s antivirus and security products and using different solutions. If you want to compare other software products, both PCMag (our sister site) and AV-Comparatives offer reviews and real-world tests to measure antivirus and malware protection.
In situations like this, where verification of a situation is impossible, there’s simply no reason to take a chance the report is true. Now that it’s known Kaspersky Lab’s software may have a backdoor, it’s highly likely other hackers will try to find and take advantage of it. There are many potential antivirus solutions on the market and no reason to risk having your data exfiltrated by using a potentially unsafe application.