Russian cybersecurity company Kaspersky Lab has fallen victim to a witch hunt in the US for doing its job too well, the company’s CEO Eugene Kaspersky said. He added that his firm might have stumbled upon some secret US business.
The whole situation around the US ban on the use of Kaspersky Lab antivirus products by federal agencies “looks very strange,” Kaspersky told Germany’s Die Zeit daily, adding that the whole issue in fact lacks substance. “It was much more hype and noise than real action,” he said.
Kaspersky then explained that the US authorities ordered all governmental agencies to remove all the company’s software from their computers, even though “we had almost zero installations there.” With little real need for such measures, they were apparently aimed at damaging the company’s reputation.
“It seems that we just do our job better than others,” Kaspersky said of the motives behind the US government’s move. “We detected some unknown or probably very well-known malware, and that made someone in the US very disappointed.”
At the same time, he stressed that his company does not collect “any sensitive personal data,” not to mention any classified documents, adding that the only data Kaspersky Lab is hunting for is “new types of malware, unknown or suspicious apps.”
The Russian cybersecurity company was indeed accused by the US media of using its software to collect the NSA technology for the Russian government – something that Kaspersky Lab vehemently denied.
According to US media reports in October 2017, an employee from the National Security Agency (NSA) elite hacking unit lost some of the agency's espionage tools after storing them on his home computer in 2015. The media jumped to blame Kaspersky Lab and the Kremlin.
Following the reports, the company conducted an internal investigation and stumbled upon an incident dating back to 2014. At the time, Kaspersky Lab was investigating the activities of the Equation Group – a powerful group of hackers that later was identified as an arm of the NSA.
As part of Kaspersky’s investigation, it analyzed information received from a computer of an unidentified user, who is alleged to be the security service employee in question. It turned out that the user installed pirated software containing Equation malware, then “scanned the computer multiple times,” which resulted in antivirus software detecting suspicious files, including a 7z archive.
“The archive itself was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts. Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware,” the company’s October statement explained.
The analyst then reported the matter directly to Eugene Kaspersky, who ordered the company’s copy of the code to be destroyed.
On Thursday, Kaspersky Lab issued another statement concerning this incident following a more extensive investigation. The results of the investigation showed that the computer in question was infected with several types of malware in addition to the one created by Equation. Some of this malware provided access to the data on this computer to an “unknown number of third parties.”
In particular, the computer was infected with backdoor malware called Mokes, which is also known as Smoke Bot and Smoke Loader. It is operated by an organization called Zhou Lou, based in China.
Kaspersky Lab, a world leader in cybersecurity founded in Moscow in 1997, has been under pressure in the US for years. It repeatedly faced allegations of ties to the Kremlin, though no smoking gun has ever been produced.
In July, Kaspersky offered to hand over source code for his software to the US government, but wasn't taken up on the offer. In October, the cybersecurity company pledged to reveal its code to independent experts as part of an unprecedented Global Transparency Initiative aimed at staving off US accusations.
Kaspersky has been swept up in the ongoing anti-Russian hysteria in the US, which centers on the unproven allegations of Russian meddling in the 2016 presidential elections. In September, the US government banned federal agencies from using Kaspersky Lab antivirus products, citing concerns that it could jeopardize national security and claiming the company might have links to the Kremlin. Eugene Kaspersky denounced the move as “baseless paranoia at best.”
Even as Kaspersky Lab is offering its cooperation to US authorities, on Thursday, WikiLeaks published source code for the CIA hacking tool “Hive,” which was used by US intelligence agencies to imitate the Kaspersky Lab code and leave behind false digital fingerprints.
The US might be targeting Kaspersky Lab in its witch hunt because the company might be able to disprove American allegations against Russia, experts told RT. “We have Kaspersky saying, 'We can do this. We can prove some of these hacks are not Russian, they are American,’ when it comes to the presidential elections. And so they needed to discredit them,” former MI5 analyst Annie Machon said.
The campaign against the Russian cybersecurity firm could go back as early as to 2010, when Kaspersky Lab revealed the origin of the Stuxnet virus that hit Iran's nuclear centrifuges, she told RT. Back then, Kaspersky Lab stated that “this type of attack could only be conducted with nation-state support and backing.” Nobody claimed responsibility for the creation of the malware that targeted Iran. However, it is widely believed that the US and Israeli intelligence agencies were behind Stuxnet.