Scary Kaspersky Stories – Ghost in the Machine

Happy Halloween!  Nothing like a scary story to end the holiday.  The scary story in cybersecurity is that Kaspersky anti-malware and security products are in league with the Putin government and the FSB in Russia.  The FBI is advising government agencies to drop Kaspersky and find a new endpoint security solution.

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated through a holding company in the United Kingdom. Kaspersky was founded by Eugene Kaspersky in 1997, and is the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. (Wikipedia)

Kaspersky expanded internationally from 2005–2010 and grew to more than $700 million in annual revenues by 2014. As of 2016, the software has about 400 million users and has the largest market-share of cybersecurity software vendors in Europe.  Kaspersky Lab ranks fourth in the global ranking of antivirus vendors by revenue.(Wikipedia)  Keep these numbers in mind as we delve into this issue.

In addition to the FBI advisory, there have been other articles about Kaspersky hacks.  From the BBC World News, we hear how Israeli spies looked on as Russian hackers breached Kaspersky cyber-security software two years ago.  And a new article on Bruce Schneier’s Crypto-Gram blog titled Yet Another Russian Hack of the NSA — This Time with Kaspersky’s Help tells how the NSA was breached through Kaspersky products.

This has always been an issue with me regarding Kaspersky.  Any product that can be fundamentally changed through the update process can become a weapon or exploit without warning.  There are inherent security issues using a product manufactured in a country that is not necessarily an ally.  To be fair, I am also concerned that all the motherboards and chips that go into the routers that run the internet are manufactured and assembled in China.  What if they are secretly including hard-coded back doors into these devices?

Why such a ruckus about Kaspersky now?  The fact that Kaspersky is a huge source of hard currency revenues for Russia (in excess of $700 million annually) may be the main reason.  Historically, when the US and the west want put the screws to Russia, it has been through the application of economic rather then military pressure.  Just saying, there may be some subtext here that is not being reported.  How much do we trust our own government to be truthful with us?

So there is a possibility that Eugene Kaspersky’s protestations of innocence are genuine.  Nevertheless, I have never advised a client to use Kaspersky products, and the new stories just provide clarity as to the reasons why.  Even if these stories are complete government fabrications, which they probably are not, they are plausible, and if not actually happening now, could happen in the future.

Stay tuned, this is bound to be messier than it is already.  And if you are running Kaspersky, uninstall it and use something else, like the free Windows Defender that comes bundled with Windows 10.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.