It was only a few months ago that Kaspersky was open and willing to provide its antivirus source code to the US to clear them of the allegations made against them regarding supposedly being involved with spying for Russia. It appears that they are once again in hot water.
Now the Wall Street Journal has indicated that Kaspersky was directly involved in a hack against a NSA contractor in 2015 by the Russian government. This comes after the US government recently banned federal agencies from using Kaspersky products, as well as well-known US retailer Best Buy pulling Kaspersky from its shelves.
This media storm raises lots of questions regarding attribution. As Eugene Kaspersky himself states: “We can’t give a 100 per cent guarantee that there are no security issues in our products.”
It is entirely feasible that Kaspersky products have already been compromised, exploited and used as false flags in a more sophisticated and organised attack.
More to the point, why aren’t the NSA addressing their data leakage? Attribution is incredibly hard, yet there seems to be a lot of finger pointing.
Some vendors (e.g. Huawei) have already shared their source code with foreign governments. HP Enterprise very recently allowed Russia to review the security software of the Pentagon.
This extra layer of validation across continents will hopefully strengthen relations across the globe. The last thing anyone needs is a war starting due to false claims or incorrect attribution.
Now, if we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us?