Scary Kaspersky Stories – Ghost in the Machine

Happy Halloween!  Nothing like a scary story to end the holiday.  The scary story in cybersecurity is that Kaspersky anti-malware and security products are in league with the Putin government and the FSB in Russia.  The FBI is advising government agencies to drop Kaspersky and find a new endpoint security solution.

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated through a holding company in the United Kingdom. Kaspersky was founded by Eugene Kaspersky in 1997, and is the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. (Wikipedia)

Kaspersky expanded internationally from 2005–2010 and grew to more than $700 million in annual revenues by 2014. As of 2016, the software has about 400 million users and has the largest market-share of cybersecurity software vendors in Europe.  Kaspersky Lab ranks fourth in the global ranking of antivirus vendors by revenue.(Wikipedia)  Keep these numbers in mind as we delve into this issue.

In addition to the FBI advisory, there have been other articles about Kaspersky hacks.  From the BBC World News, we hear how Israeli spies looked on as Russian hackers breached Kaspersky cyber-security software two years ago.  And a new article on Bruce Schneier’s Crypto-Gram blog titled Yet Another Russian Hack of the NSA — This Time with Kaspersky’s Help tells how the NSA was breached through Kaspersky products.

This has always been an issue with me regarding Kaspersky.  Any product that can be fundamentally changed through the update process can become a weapon or exploit without warning.  There are inherent security issues using a product manufactured in a country that is not necessarily an ally.  To be fair, I am also concerned that all the motherboards and chips that go into the routers that run the internet are manufactured and assembled in China.  What if they are secretly including hard-coded back doors into these devices?

Why such a ruckus about Kaspersky now?  The fact that Kaspersky is a huge source of hard currency revenues for Russia (in excess of $700 million annually) may be the main reason.  Historically, when the US and the west want put the screws to Russia, it has been through the application of economic rather then military pressure.  Just saying, there may be some subtext here that is not being reported.  How much do we trust our own government to be truthful with us?

So there is a possibility that Eugene Kaspersky’s protestations of innocence are genuine.  Nevertheless, I have never advised a client to use Kaspersky products, and the new stories just provide clarity as to the reasons why.  Even if these stories are complete government fabrications, which they probably are not, they are plausible, and if not actually happening now, could happen in the future.

Stay tuned, this is bound to be messier than it is already.  And if you are running Kaspersky, uninstall it and use something else, like the free Windows Defender that comes bundled with Windows 10.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at


Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.