What’s going on? Why are the media writing about Kaspersky?
From time to time, English-speaking media raise claims that Western intelligence agencies suspect Kaspersky Lab has been working for intelligence services. This time, the situation has escalated. In a nutshell, several English-language media outlets simultaneously wrote that a Kaspersky Lab security solution was allegedly used to steal secret NSA files. According to the story, these files were brought home by an NSA contractor (or employee) who had a Kaspersky Lab product installed on his home computer. Then some Russian hackers working either for the FSB or GRU — no specifics were provided — allegedly gained possession of these files.
So, this contractor just took secret files and brought them home?
All of these publications are based on information from anonymous sources, so that is impossible to verify. However, that is indeed what they are saying: that the NSA contractor just copied top secret information onto a thumb drive and brought it home. And here they also say that carrying secret information out of an elite department of NSA hackers is child’s play.
What kind of secret files were they?
No specific information on that. It’s possible that it was some kind of cyberweapon — military/spy malware. It sounds like this contractor decided to work on a cyberweapon from home, and our antivirus detected it. What a surprise!
What does Israel have to do with it?
In the latest news, an unnamed source told reporters that Israeli intelligence, which allegedly hacked Kaspersky Lab in 2015, saw and confirmed that our antivirus helped Russian hackers get a hold of those very secret files that the unnamed NSA contractor brought home.
But what evidence has been provided?
No one has provided any evidence at all.
Where did the reporters get their information?
That wasn’t specified either. The media fall back on wording like “according to multiple people with knowledge of the matter.” No names, no titles, nothing. Moreover, the reporters themselves haven’t succeeded in getting any official confirmation or commentary — except for our comments denying this nonsense.
Having an anonymous source means there is no publicly available evidence, no one takes responsibility for their words; there is no way to verify the information, and one must simply decide whether to believe the story without any proof.
Which part of it is true?
That is also unclear, because — you guessed it — the source is anonymous and no evidence is available. There was a mention of it happening in 2015, and that was indeed the year our internal network got hacked. You can read more about that here. Amusingly, our report on Duqu 2.0 is the only part of the story with verifiable facts. To investigate the rest, we have to ask involved authorities and other organizations to inquire about the facts reported by the media.
If we are talking not about facts, but rather opinions, then we must note that one side of the story has several US media referencing anonymous sources in intelligence agencies, and the other side has very specific statements made by reputable people and organizations, such as Interpol and BSI. In the latter case, the specialists state that there is no supporting evidence about Kaspersky Lab performing espionage, that there is no reason to sound any alarms about Kaspersky Lab products, and that we do have a common goal — fighting cybercrime.
Russian hackers, you say? Is Kaspersky really working with Russian intelligence agencies?
We help law enforcement agencies (globally, not only in Russia), but with only one thing —catching cybercriminals.
This collaboration sometimes helps us create, for example, ransomware decryptors, helping victims recover lost files (free; we don’t get paid for that). We also create other useful things, such as a website one can use to check whether their computer is a part of a botnet.
We’ve never assisted any cyberspies or military intelligence. That would go against our principles. We do not participate in spying.
Is it true that Kaspersky Anti-Virus collects data from your computer?
Yes, it is true, but it doesn’t collect personal data such as documents and photos. Our products, much like antivirus software from most other companies, have a cloud protection component. It quickly reacts to any new threats and protects all of our users quite literally within a minute. We call this Kaspersky Security Network (KSN). As KSN works, the antivirus may actually transfer files to the cloud, but only if they’re related to malicious or suspicious files. More detail about this may be found here.
And you can turn KSN off when installing the product or at any time after installation in the protection settings. If you like to develop cyberweapons on your home computer, it would be quite logical to turn KSN off — otherwise your malicious software will end up in our antivirus database and all your work will have been in vain. Our corporate customers can choose to use KPSN, our Private Security Network, instead, which provides the same level of protection, but does not transmit data to Kaspersky Lab’s servers.
Government agencies in the US are turning away from using Kaspersky products. Should I do the same?
All of this nonsense is just geopolitics, which has nothing to do with whether we make good security solutions. According to data from independent research — independent from both Russian hackers and American politicians — our solutions are among the best, and in terms of comprehensiveness, the best overall. So decide for yourself.
So, what really happened?
We couldn’t leave those allegations unanswered, so we ran an internal investigation to gain a better understanding and get the actual facts. The results of this investigation turned out to be very interesting. We have a special post dedicated to our findings.
We hope this post makes it easier for you to understand what’s really going on.