I doubt you’ll have missed the unrelenting negative news coverage about KL of late. The most recent accusation is that alleged Russian hackers and the hidden hand of the Kremlin have somehow used our products to spy on American users and pilfer their secrets.
The media attacks have been intense, fierce and persistent – so much so that we’ve had to lay low for a while to catch our breath and work out what on earth this is all about. But now, since nearly a week has passed without any significant flak coming our way, I’ve been able to take the time to sit down and put fingertips to keyboard and assess the situation as objectively as I can. And I’d best do it quickly, since the respite may be short.
So, again… What exactly is going on here?
First up, let’s keep in mind that concerns about KL, given its origins, are not new. We recognize that some people think ‘Russian cybersecurity company’ are three words that shouldn’t be in the same sentence, especially these days. Still, the motivations behind recent reports, while intriguing, cannot be our concern. Instead, we need to focus on doing everything possible to be as transparent as possible for our most important stakeholders: our customers and partners.
Despite today’s tense geopolitical situation, KL has continued do what it does best: focusing on protecting our customers from cyberthreats regardless of where those threats may come from. Our folks work hard every day to be the best at what they do in order to provide the best cybersecurity protection available. And independent tests and awards show that our efforts haven’t been in vain. Just this month we were awarded the top ‘Platinum Award’ as part of the first ever Gartner Peer Insights Customer Choice Awards for Endpoint Protection Platforms. To receive any industry award is a good thing; to receive one based on what customers say about us is even better. We’ve strengthened our partnership with INTERPOL to fight cybercrime even more effectively. Clearly we’re doing something right. And we want to continue doing it right… no – better – in the ongoing fight against cybercrime.
But we know awards and accolades don’t address these recent allegations. And we all know that government scrutiny of KL will continue. The past year has seen concerns about KL change from ‘what if their technology could be a tool for cyber-espionage by nation states’ to ‘they were hacked and used as a vehicle to spy on spies’. And while it’s hard for us to keep up with the constantly evolving narrative, ask yourself one thing: ‘if these recent allegations are true, where’s the evidence?’ If there was any evidence that we’ve been knowingly involved in cyber-espionage, we’d be toast! No ifs or buts – it’d be game over: governments would take immediate, severe action, including legal moves, and that would be that. But there’s been nothing of the kind. And you have to wonder why.
Another issue is where’s the due process? The steady stream of media leaks seem intentionally designed to damage our reputation without providing us with any real opportunity to address any concerns – because action is being taken before we can engage. Some will say that the government has provided us with an administrative remedy that we can pursue, and if so we will do so. But genuine due process provides you with the opportunity to defend yourself and see the evidence against you before action is taken; it doesn’t ask you to respond once action is already underway.
We know that the allegations are very serious, and we’re taking them very seriously. And since we aren’t seeing the due process we’d expect, here, for now, let me at least put the record straight on a few technical matters that appear to have been misrepresented in the recent media reports – a few explanations of what it is our software actually does:
The functionality of our products depends entirely on the code of our applications and the records in our databases – no mysterious magic here (just like there’s no mysterious magic with all other software companies’ products). And all our products and databases are all openly accessible on public servers. All our old products and former updates – in backups. If in any of it there’s any undeclared (espionage) functionality that violates the confidentiality of data of our users – do tell us the name of the product, the name of the module, and where the suspected code is, or the number of the update and the record identifier. That’s the information we’d be ready to look at – with the utmost seriousness. If there’s no information like that in any media report with accusations aimed at us, such a report is based on known-to-be lies, or simply repeated lies and falsifications of someone else.
How our products work is determined exclusively by the logic of the algorithms in the program modules and contents of our databases. The last time we conducted a full audit of the source code of our products and database records was in spring-summer of 2015 since our own network had been compromised by the Duqu 2 espionage malware. And we found zero bugs, zero backdoors – not in our products, not in our databases, not in our updates. We’re conducting a similar audit right now. And we’re inviting external expert IT-security observers too. And I’m absolutely certain nothing untoward will be found.
Yes, our products do conduct deep scanning of a computer and its files (as does all software in the ‘utility’ category). We do test files for the presence of malicious code. We do specially track and evaluate suspicious behavior of unknown objects in a system. And yes, we do – in full accordance with declared functionality and industry standards – send data on such objects to the cloud for further analysis (if the user has decided to go for this option). And this is how any antivirus worth its salt works. Any why? It’s all for one purpose: a finely-tuned, fully-optimized ability to do nothing but catch malware, neutralize it, and so protect our users. And we happen to be the best in the world at it. Our mission is to protect our users and their data. Surveillance, snooping, spying, eavesdropping… all that is done by espionage agencies (which we occasionally catch out and tell the world about), not us.
In the cyberworld, evidence usually means the names of the respective modules, location of the code, and its disassembler (or its part). Indeed, it’s details like these that make up the main findings in our expert reports on the world’s most complex cyber-incidents (more on those – here).
Again, we remain absolutely committed to the protection of our users, and we work hard every day to do it better than anyone else. We’ve asked those with any relevant information to share it with us so we can do everything possible to fulfill our mission. Buy one of our boxed products in the nearest supermarket or an online version – analyze it, decompile it, and let us hear your findings! But we know we can’t wait for folks to come to us. Therefore, we’ll do everything we can to respond to the stated concerns by being fully transparent about our efforts and our findings. Our customers deserve nothing less.
In closing, I once again declare:
The main priority of our company is the protection of our users from all types of cyberthreats, no matter their origin. We do this better than anyone else. And that’s nothing to be ashamed of – only proud of.
Kaspersky Lab’s CEO @e_kaspersky addresses recent false allegations in U.S. mediaTweet