Kaspersky #Anti-Virus and the #hunt for #malware

It reads like a John le Carré novel. Israeli spies watch Russian spies steal US National Security Agency secrets about penetrating foreign computer networks. It’s spies watching spies steal secrets on spying.

But in 2017, there’s no James Bond, Aston Martins, dry martinis or beautiful women to bed. This virtual surveillance is in cyberspace.

If you believe the stories, there’s a double-agent at work, antivirus software that’s gone from protecting more than 400 million computers worldwide to uploading users’ secrets.

The story around the alleged hacking of Kaspersky antivirus isn’t just bad news for Eugene Kaspersky and his Moscow-centred company. It’s bad news generally for security software which has the keys to the innermost workings of our computer systems. It exposes the interest hackers have for infiltrating cyber security software.

Kaspersky isn’t alone. Bloomberg has reported that the South Korean military had been hacked via Hauri antivirus software. Last month, CCLeaner went from being privacy friend to fiend, with an apparent ability to send data held on computers back to hackers. New owner Avast swiftly dispatched a security fix.

Then there was a long-operating tool in Microsoft Windows called Application Verifier designed to find and fix bugs. Hackers apparently used it to inject malicious code into applications. It was exposed in March.

There’s too the paranoia around services emanating from countries with totalitarian regimes. Both Kaspersky Lab and China’s Huawei have been the target of repeated claims that their products are used for state-sponsored espionage.

Huawei was banned from supplying telecommunications infrastructure to the National Broadband Network, following a similar ban in the US. But nothing was proved.

Huawei went on to supply telecommunications to Optus and Vodafone for their 4G networks and is now working with Australian telcos as they move towards 5G. There wasn’t a clear indication publicly of anything untoward.

In Kaspersky’s case the allegations are more specific. Last week The New York Times reported that in 2015, Israeli government hackers claimed they had infiltrated Kaspersky Lab’s network and had found Russian Government hackers at work.

The Israelis claimed that the Russians were using Kaspersky software as a tool to scour the world’s computers for classified US documents.

A week beforehand, The Wall Street Journal ran a claim that Russian hackers had successfully stolen documents from a National Security Agency staffer who stored them on his home computer which was running Kaspersky Antivirus.

The episode already has had serious consequences for Kaspersky Lab. US government agencies were ordered to remove Kaspersky Antivirus, some advisers are telling financial institutions to do likewise, some US retailers are refusing to stock it and are offering software swaps.

It doesn’t matter that the case against Kaspersky is unproven. It’s not about establishing guilt ‘beyond reasonable doubt’ as in a criminal trial. It’s why take a risk when you don’t have to.

Not everyone is shedding Kaspersky antivirus. The Australian government has no ban, it says it’s a matter for individual agencies. Reuters reports that in Germany, the BSI federal cyber agency found no evidence that Russian hackers used Kaspersky Lab antivirus software to spy on US authorities.

So what has gone on? Did this spying occur? And was Kaspersky or his company complicit?

Part of the attraction to Kaspersky antivirus (and other antivirus) is how it deals with so-called ‘zero-day exploits’. These are security holes that hackers exploit as they become known to vendors.

Kaspersky says its software sucks up unknown malware to its servers like a big virtual vacuum cleaner. It analyses it, and quickly gets out a fix to all. Kaspersky says it sucks up 200,000 pieces of suspicious code per day.

Eugene Kaspersky speculates that Kaspersky Antivirus could have sucked up US spyware code if the NSA agent was developing it on a home computer.

“Malware could have been detected as suspicious by the AV and sent to the cloud for analysis,” he says.

“If the story about our product’s uncovering of government-grade malware on an NSA employee’s home computer is real, then that, ladies and gents, is something to be proud of,” Mr Kaspersky says.

He says that in 2015, when Russian agents allegedly broke into Kaspersky software, Kaspersky Lab discovered an attack by an “unknown seemingly state-sponsored actor” — Duqu2. Its investigation found “no signs whatsoever of any third-party breach of any of it”.

Having interviewed Mr Kaspersky several times, it’s hard to think he would be party to state-sponsored spying. He spent two decades developing this business so why would he trash it? It’s harder to know if employees were party to the hack, but when I asked him about this earlier this year, Kaspersky denied it.

Whatever the truth, it’s tough for Kaspersky to operate out of Moscow independently when headquartered in Vladimir Putin’s Russia. When he began Kaspersky Lab in 1997, Boris Yeltsin was president and Russia was less organised, less predatory.

He has to also contend with their being plenty of rivals keenly interested in Kaspersky Lab’s demise.

To survive, the company may have to consider relocating its business elsewhere, just as social network founder Pavel Durov did when he felt the hand of Russian state encroachment on Vkontakte. He moved to Germany.

Kasperky meanwhile has branded the episode a witch hunt. “Once again, recent persecution of our company is paranoia, a fire of inquisition and witch-hunt,” he says in Russian in a blogpost.