Russian cybersecurity firm Kaspersky seems to be in the big soup. Several reports from US-media suggest that its network were used by Russian agencies to spy on US government. Recently, The New York Times reported that Israeli intelligence officials spying on Russian government hackers had found that Russian’s agencies were using Kaspersky Lab antivirus software that is used by 400 million people globally, including U.S. Government agencies to hack their system.
The paper reported that Israeli officials who had hacked into Kaspersky’s network over two years ago had warned their U.S. counterparts of the Russian intrusion at that time but decision to remove Kaspersky software from government computers were taken last month only after it became clear to the US officials that Russia’s FSB intelligence service had “probable access” to Kaspersky customer databases and source code.
The NYT said the Russian operation, according to multiple people briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, which had Kaspersky antivirus software installed on it.
It is not yet publicly known what other U.S. secrets the Russian hackers may have discovered by turning the Kaspersky software into a sort of Google search for sensitive information, the Times said. The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules, the Times said.
Russians used Kaspersky software to hack
According to Washington Post, last month U.S. National Intelligence Council completed a classified report that it shared with NATO allies concluding that Russia’s FSB intelligence service had “probable access” to Kaspersky customer databases and source code. That access, it concluded, could help enable cyber attacks against U.S. government, commercial and industrial control networks.
However, when Wall Street Journal run this story on October 5, the Kaspersky CEO and co-founder, Eugene Kaspersky denied the report stating “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”
“We make no apologies for being aggressive in the battle against malware and cybercriminals. The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests. It’s also important to note that Kaspersky Lab products adhere to the cybersecurity industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world,” he added.
Kaspersky US ban: Impact on India
Government of India has not said anything on these development but according to one person who is familiar with the case, said that the Indian Computer Emergency Response Team (CERT-In), the nodal agency to deal with cyber security threats like hacking and phishing is closely monitoring the development and may issue advisory, if needed.
Kaspersky’s most of the revenue comes from selling anti-virus software to consumers and small businesses. In recent past, it has also introduced its industrial security solution in India which aimed to provide cybersecurity tools to government and private enterprises in India.