Tag Archives: it industry

Privyet boys and girls!

Herewith, the next in my periodic/occasional cyber-news cyber-shocker-bulletins: a few stories of the cyber-interesting, the cyber-this-news-just-in, and the cyber-absurd…

State-sanctioned hacking!

The Japanese government is believed to be planning to hack 200 million IoT devices of its citizens. And that’s not science fiction folks; it looks like it’s for real. Indeed, it’s how the Japanese are preparing for the Olympics to be held in Tokyo in 2020 – and it’s all legal of course, since it’s the government who’s behind it. So their citizens’ gadgets will be hacked using the cybercriminals favorite method: using default passwords and password dictionaries. If a device is found to have a weak password, bureaucrats will enter the device into a list of unsecure gadgets, which list will then be handed over to internet service providers, which will be expected to inform subscribers and have them make their devices secure by changing the password. It’s all being done as a resilience test in the run-up to the Olympics, to work out if IoT devices in the country are sufficiently protected, and to try and prevent their use in attacks on the Olympics’ infrastructure. The methods to be used for this ‘test’ can easily be disputed, but the fact that the authorities are doing something concrete so well in advance is certainly a good thing. For let’s not forget that the Olympics have been targeted before – and not all that far away from Japan.

iOops!

An 18-year-old hacker, Linus Henze, has published a video highlighting a startling weakness in MacOS – specifically its Keychain program, which stores and secures a user’s many passwords. The teenager used a zero-day to develop his own app that can scan the full contents of the keychain.

Curiously, intriguingly, Mr. Henze isn’t planning on sharing his research and his app with the tech giant, since Apple still doesn’t run a bug-bounty program. So that leaves the company with two options: negotiate with the expert (which would be an unprecedented move for Apple), or consider trying to remedy the issue themselves – which they may or may not be able to do, of course.

Meanwhile, you, dear readers, need not fear for the safety of your passwords! Since there do exist (who’d know?!) fully secure, cross-platform password managers out there. And researchers – there do exist software companies that run bug-bounty programs ).

Even two-factor authentication can be hacked now.

Bank accounts being emptied by cyber-thiefs is on the up. One example recently involved accounts held at the UK’s Metro Bank. And the method used for the robberies involved intercepting text messages sent to account-holders’ phones for two-factor authentication. Now, 2FA is a good thing: it’s an extra layer of security and all that, so why not? It’s just that SMSs are by far not the most secure way to transfer data. For example, vulnerabilities can be exploited in the SS7 protocol, which is used by telecoms operators the world over to coordinate how they route texts and calls. If cyber-baddies manage to access the mobile network of an operator, they’re able to re-route messages and calls without the user being any the wiser. First they’d need to know your login and password for online banking, but that isn’t beyond the abilities of modern-day cyber-villains with their crafty keyboard spies, phishing tactics, or banking Trojans.

Once inside the online bank, the criminals send a request for a money transfer and intercept the message with the one-time code from the bank. The code is entered, and the bank transfers the funds, since both the password and the code were correctly entered. And the criminals are laughing all the way to the bank, as it were ).

So what can you do to stop such a scenario happening to you? Here are a couple of tips:

• Never tell anyone your login or passwords – even to a bank employee, but you’ll probably know that one: banks helpfully remind us whenever they can.
• Protect your devices from malware with a reliable antivirus app. There is one I happen to know of… but no – you choose the one you want ).

Cyber-spying on foreign diplomats in Iran – but whodunit?

Our researchers just recently discovered multiple attempts at infection of foreign diplomatic missions in Iran with some rather primitive cyber-espionage malware. The backdoor is presumed to be associated with the hacking group know as Chafer, which happens to ‘speak’ Farsi, and which is thought to have been responsible for cyber-surveillance on individuals in the Middle East in the past. This time, they cybercriminals used an improved version of the Remexi backdoor, designed to remotely control (as administrator) a victim’s computer.

Remexi software was first detected in 2015 when it was used for illegal surveillance of individuals and organizations across the whole region. The Windows-targeting surveillance-ware can exfiltrate keystrokes, screenshots, and browser-related data like cookies and history.

Much ‘home made’ malware is used in the region – often in combination with public domain utilities. But who’s behind these particular attacks? Finding out is made all the more difficult by the very fact that the malware is homespun; it literally could be anybody: Iranians, or non-Iranians pulling a false-flag operation. Alas, false flags are on the up and up and look set to remain so.

“Well, actually… a seal ate my USB stick, sir.”

In New Zealand, one day out walking a vet observed a clearly unwell leopard seal on a beach. As any concerned vet would, he proceeded to… scoop up a lump of the poorly seal’s poop and took it off for analysis. He was expecting to find therein some ghastly little parasites or viruses or what have you, but instead found… a USB stick. After much disinfection (I hope), the vet stuck the thumb drive into his computer (don’t try any of this at home kids, but this was a special case). And guess what? Thereon were stored lots of photos of the beautiful New Zealand scenery! Now the vet and Co. are seeking the owners of the USB – using this here video. Recognize it, anybody?

Besides a market for its goods or services, a business also needs resources. There are financial resources: money; human resources: employees; intellectual resources: business ideas, and the ability to bring them to life. For some businesses, sometimes even for whole industries, another resource is needed: trust.

Let’s say you decide to buy… a vacuum cleaner. Is trust required of the manufacturer? Not really. You simply buy what seems like the right vacuum cleaner for you, based on a few things like its technical characteristics, how it looks, its quality, and its price. Trust doesn’t really come into it.

However, in some industries, for example finance or medicine, trust plays a crucial role. If someone doesn’t trust a certain financial advisor or pharmaceutical brand, he/she is hardly going to become their client/buy their products – and perhaps never will. Until, that is, the financial advisor/pharma company somehow proves that they are actually worthy of trust.

Well, our business – cybersecurity – not only requires trust, it depends on it. Without it, there can be no cybersecurity. And some folks – for now, let’s just call them… detractors – they know this perfectly well and try to destroy people’s trust in cybersecurity in all manner of ways; and for all manner of reasons.

You’d think there might be something wrong with our products if there are folks trying to undermine trust in them. However, as to the quality of our products, I am perfectly untroubled – the results of independent tests show why. It’s something else that’s changed in recent years: geopolitical turbulence. And we’ve been caught right in the middle of it.

A propaganda machine rose up and directed its dark arts in our direction. A growing number of people have read or heard of unsubstantiated allegations against us, originating in part from media reports that cite (unverifiable) anonymous sources. Whether such stories are influenced by the political agenda or a commercial need to drive sales is unclear, but false accusations shouldn’t be acceptable (just as any other unfairness shouldn’t be.) So we challenge and disprove every claim made against us, one by one. And I choose this verb carefully there: disprove (quick reminder: they have never proved anything; but of course they haven’t: none exists as no wrongdoing was ever done in the first place.)

Anyway, after almost a year since the last wave of allegations, I decided to conduct a sort-of audit of my own. To try and see how the world views us now, and to get an idea as to whether people exposed to such stories have been influenced by them. And to what extent our presentation of the facts has allowed them to make up their own minds on the matter.

And guess what, we found that if people take into account only the facts… well – I have good news: the allegations don’t wash! Ok, I can hear you: ‘show us the evidence!’

Really simple, but enormously useful: on Gartner Peer Insights, the opinions of corporate customers are collected, with Gartner’s team vetting the process to make sure there’s no vendor bias, no hidden agendas, no trolling. Basically, you get transparency and authenticity straight from end-users that matter.

Last year, thanks to the feedback from corporate customers, we were named the Plantinum winner for the 2017 Gartner Peer Insights Customer Choice for Endpoint Protection Platforms! This year’s results aren’t all in yet, but you can see for yourself the number of customers that wanted to tell Gartner about their experience of us and give their overall ratings, and leave positive reviews. Crucially, you can see it’s not a ‘review factory’ at work: they’re confirmed companies of different sizes, profiles, geography and caliber.

And talking of geography – turns out that in different regions of the world attitudes to trust can differ.

Take, for example, Germany. There, the question of trust in companies is taken very seriously. Therefore, the magazine WirtschaftsWoche regularly publishes its ongoing research into levels of trust in companies after polling more than 300,000 people. In the ‘software’ category (note – not antivirus or cybersecurity), we are in fourth place, and the overall level of trust in KL is high – higher than for most direct competitors, regardless of their country of origin.

Then we see what happens when governments use facts to decide whether to trust a company or not. Example: last week the Belgian Centre for Cyber Security researched the facts regarding KL and found they didn’t support the allegations against us. After which the prime minister of Belgium announced that there is no objective technical data – not even any independent research – that indicates our products could pose a threat. To that I would personally add that, theoretically, they could pose a threat, but no more than any other cybersecurity product from any other company from any other country. Because theoretically any product could have vulnerabilities. But taking into consideration our technology transparency efforts, I’d say that our products pose less of a threat than any other products.

A voice of reason: Prime Minister of Belgium @charlesmichel says ‘No’ for politically motivated software restrictions against @Kaspersky.

No facts of any wrongdoing. Instead – clear commitment to cooperate & industry-leading practices for transparency.
https://t.co/oCzFNf31sK

— Eugene Kaspersky (@e_kaspersky) October 31, 2018

Read on: we conducted our own research into the question of trust…

As regular readers of this here blog of mine will already know, I’m rather into modern art. But when art somehow merges with the anything IT-related, I’m the world’s biggest fan. Well, such a merging is taking place right now in Moscow in its Museum of Modern Art with the exhibition Daemons in the Machine, so supporting it was a no brainer. Artists, consulted by scientists, aimed their creativity at the modern-day topics of artificial intelligence (which, IMHO, is hardly any intelligence at all – just smart algorithms), blockchain, neural networks and robotics. The result is a curious mix of futurology, ethics and – of course – art.

I haven’t been myself as I’m only just back from my latest trip, but I hope to find time for a visit before my next one.

And now, we move from high-art digital demons to everyday, run-of-the-mill – but very worrying – digital demons…

Read on…

Some readers of the technical part of my blog, wearied by this year’s summer heat, may have missed a notable landmark event that occurred in July. It was this: the European Commission (EC) found Google guilty of abusing its dominant position in relation to an aspect of the mobile OS market, and fined the company a whopping 4.34 billion euro (which is around 40% if the company’s net profit for last year!).

Why? Because, according to the EC, “Since 2011, Google has imposed illegal restrictions on Android device manufacturers [including forcing Android device manufacturers to pre-install Google’s search and browser apps] and mobile network operators to cement its dominant position in general internet search.”

It all seems perfectly logical, apparent, and not unprecedented (the EC’s fined Google heavily in the past). Also perfectly logical – and expected – is that Google has appealed the decision on the fine. Inevitably the case will last many years, leading to a spurious final result, which may never become known due to an out-of-court settlement. And the reason (for the lengthy court case) won’t be so much a matter of how big the fine is, but how difficult it will be to prove abuse of dominance.

Ok, let’s have a closer look at what’s going on here…

Source

Read on…

Hi folks!

Going against tradition just this once, this year we’ve decided not to wait for our official financial audit results, and instead publish preliminary sales results for last year straight away.

The most important business figure of the year is of course revenue. So, for all 12 months of 2017, our products, technologies and services were sold for US$698 million (in accordance with the International Financial Reporting Standards) – a 8% rise compared to the previous year.

Not a bad result at all, if I don’t mind saying so; a result that shows how the company is doing well and growing. What’s more, we have some real promising technologies and solutions that make sure we’ll keep on growing and developing into the future.

But here’s what is, to me, the most interesting thing to come out of the preliminary results: for the first time in the history of the company sales bookings of corporate solutions overtook those of our boxed products for home users – this riding on the back of a 30% increase in the corporate segment.

Another very pleasing fact: the good rate of growth of the business has come largely not from sales of our traditional endpoint products, but from emerging, future-oriented solutions like Anti Targeted Attack solutions, Industrial Cybersecurity, Fraud Prevention, and Hybrid Cloud Security. All together these grew 61%. Besides, forecast growth in sales of our cybersecurity services comes in at 41%.

Geographically, sales bookings in most of the regions overshot their annual targets. For example, in Russia and the CIS sales were up 34% on 2016. In META (Middle East, Turkey, Africa) sales skyrocketed up 31%; in Latin America – 18%; and in APAC – 11%. Japan demonstrated moderate growth (4%), while Europe was slightly below expectations (-2%).

The only region that didn’t do well was, as expected, North America, which saw a fall in sales of 8%. Hardly surprising this one, given that it was this region that was the epicenter of last year’s geopolitical storm, which featured both a disinformation campaign against us and an unconstitutional decision of the DHS. Nevertheless, despite the political pressure, we continue to operate in the market and are planning on developing the business further there.

It only remains for me to give huge thanks to all users, partners, and cybersecurity experts, and to anyone else (including most journalists and bloggers that covered us) for their support, and also a big up to all the KLers around the globe for their continued excellent work in these difficult times. Customer loyalty, impressive growth of the business, and high team morale are all clear indicators of our global success. Well done everybody!

More detailed info on the preliminary financial results can be found here.

This week, Kaspersky Lab filed an appeal with a U.S. federal court challenging the U.S. Department of Homeland Security’s (‘DHS’) Binding Operational Directive 17-01, which requires federal agencies and departments to remove the company’s products from federal information systems. The company did not take this action lightly, but maintains that DHS failed to provide Kaspersky Lab with adequate due process and relied primarily on subjective, non-technical public sources like uncorroborated and often anonymously sourced media reports and rumors in issuing and finalizing the Directive. DHS has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company. Therefore, it is in Kaspersky Lab’s interest to defend itself in this matter.

About Kaspersky Lab

As a global cybersecurity company founded over 20 years ago, Kaspersky Lab has proudly called the United States home to its North American headquarters in Woburn, Massachusetts, for over a decade. With nearly 300 employees in Massachusetts and throughout the country, Kaspersky Lab’s corporate mission is to protect its customers from cyberthreats, regardless of their origin or purpose. The company regularly submits its products and solutions for independent testing and assessment, consistently receiving more first place finishes and top-3 awards than any other cybersecurity vendor. Furthermore, the company collaborates with law enforcement, other IT security companies, and government organizations globally to combat cybercrime, providing technical assistance and forensic malware analysis, as well as world-renowned security research into cyber-espionage and targeted attack campaigns.

Kaspersky Lab has a clear policy concerning the detection of malware: it detects and remediates any malware attack. There is no such thing as ‘good’ or ‘bad’ malware for the company. Its research team has been actively involved in the discovery and disclosure of several malware attacks with links to nation-state and organized cybercrime entities. Over the past decade, Kaspersky Lab has published in-depth research into some of the biggest cyber-espionage and financially motivated cybercrime operations known to date. It does not matter which language a threat ‘speaks’: Russian, Chinese, Spanish, German, or English. The following list of threats, as reported by Kaspersky Lab’s Global Research and Analysis Team (‘GReAT’), shows the different languages used in each case:

• Russian language: Moonlight Maze, RedOctober, CloudAtlas, Miniduke, CosmicDuke, Epic Turla, Penquin Turla, Turla, Black Energy, BTZ, Teamspy, Sofacy (aka Fancy Bear, APT28), CozyDuke (aka Cozy Bear, APT29)
• English language: Regin, Equation, Duqu 2.0, Lamberts, ProjectSauron
• Chinese language: IceFog, SabPub, Nettraveler, Spring Dragon, Blue Termite
• Spanish language: Careto/Mask, El Machete
• Korean language: Darkhotel, Kimsuky, Lazarus
• French language: Animal Farm
• Arabic language: Desert Falcons, Stonedrill, Shamoon

Kaspersky Lab’s Good Faith Efforts to Engage DHS

Kaspersky Lab fully supports DHS’s mission and mandate to secure federal information and federal information systems, which align with its own corporate mission of protecting customers from cyber threats regardless of their origin or purpose. Given its longstanding commitment to transparency, the trustworthy development of its technologies and services, and cooperation with governments and the IT security industry worldwide, Kaspersky Lab reached out to DHS in mid-July as part of a good faith effort to address any concerns regarding the company, its operations, or its products. DHS confirmed receipt of Kaspersky Lab’s letter in mid-August, appreciating the company’s offer to provide said information and expressing interest in future communications with the company regarding this matter. Kaspersky Lab believed in good faith that DHS would take the company up on its offer to engage on these issues and hear from the company before taking any adverse action. However, there was no subsequent communication from DHS to Kaspersky Lab until the notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017. The July and August communications are referenced below.

July 18, 2017, Kaspersky Lab Letter to DHS

“Given Kaspersky Lab’s longstanding commitment to transparency, the trustworthy development of its technologies and solutions, and cooperation with governments worldwide and the IT security industry to combat cyber threats, we write to offer any information or assistance we can provide with regard to any Department investigation regarding the company, its operations, or its products.

…The integrity and assurance of our products and technologies remain our utmost priority, and we maintain that a deeper, collaborative examination of our company and its products will assuage any concerns.

Kaspersky Lab looks forward to working with the Department and its staff and welcomes further dialogue. Please contact *************** via email or phone to discuss how we might communicate more directly with you or your staff and explore ways we might work together to make cyberspace safer.”

August 14, 2017, DHS Letter to Kaspersky Lab

Jeanette Manfra, on behalf of the (then-)Acting Secretary responded:

“Thank you for your letter of July 18, 2017 addressed to then-Secretary of Homeland Security John F. Kelly. The Acting Secretary has asked me to respond on her behalf.

We appreciate your offer to provide information to the Department about your company and its operations and products as well as to communicate with the Department about making cyberspace safer. We look forward to communicating with you further on this matter and receiving such information from you, and we appreciate your patience as we work through timing and logistical issues.

We will be in touch again shortly. Thank you again for your letter.”

Addressing DHS’s Binding Operating Directive 17-01

One of the foundational principles enshrined in the U.S. Constitution, which I deeply respect, is due process: the opportunity to contest any evidence and defend oneself before the government takes adverse action. Unfortunately, in the case of Binding Operational Directive 17-01, DHS did not provide Kaspersky Lab with a meaningful opportunity to be heard before the Directive’s issuance, and therefore, Kaspersky Lab’s due process rights were infringed.

In the September 19, 2017 Federal Register notice announcing the issuance of Binding Operational Directive 17-01, DHS stated that Kaspersky Lab could initiate a review of the Directive by submitting written information, which the company did on November 10, 2017. However, this ‘administrative process’ did not afford Kaspersky Lab due process under U.S. law because the company did not have the opportunity to see and contest the information relied upon by DHS before the issuance of the Directive. As I have said before, ‘genuine due process provides you with the opportunity to defend yourself and see the evidence against you before action is taken; it doesn’t ask you to respond once action is already underway.’

Furthermore, DHS primarily relies upon uncorroborated media reports to support its assertion that Kaspersky Lab products present information security risks to government networks, not evidence of any wrongdoing by the company. DHS also cites technical arguments that apply to antivirus solutions generally, including broad levels of access and privileges to the systems on which solutions operate, the use of cloud-based technologies to process malware samples and deploy detection signatures, and data collection and processing practices. These capabilities are not unique to Kaspersky Lab’s products, and if they are of concern, DHS could have taken action to address these issues holistically across the IT security industry instead of unfairly targeting a single company without any evidence of wrongdoing.

Despite the relatively small percentage of the company’s U.S. revenue attributable to active software licenses held by federal government entities, DHS’s actions have caused a disproportionate and unwarranted adverse impact on Kaspersky Lab’s consumer, commercial, and state, local, and education (‘SLED’) business interests in the United States and globally. Through Binding Operational Directive 17-01, DHS has harmed Kaspersky Lab’s reputation, negatively affected the livelihoods of its U.S.-based employees and U.S.-based business partners, and undermined the company’s contributions to the broader cybersecurity community. Its presence in Russia and the CIS region, its technical knowhow, and its linguistic expertise uniquely position the company to advance the fight against malware and protect its customers from cyber threats. These assets have enabled Kaspersky Lab to share cyber threat information and vulnerability research with various U.S. government entities, including constituent agencies of DHS, involved in protecting U.S. cyberspace. Dissuading consumers and businesses in the United States and abroad from using Kaspersky Lab products solely because of its geographic origins and without any credible evidence does not constitute a risk-based approach to cybersecurity and does little to address information security concerns related to government networks.

Conclusion

In undertaking this action, Kaspersky Lab hopes to protect its rights under the U.S. Constitution and U.S. federal law, receive adequate due process, and repair the reputational and commercial damage caused by Binding Operational Directive 17-01. The company continues to welcome constructive and collaborative engagement with the U.S. government to address any concerns about its operations or its products, as it stated in its letter to DHS five months ago. Kaspersky Lab’s Global Transparency Initiative could serve as a mechanism for such dialogue. Regardless of this action, Kaspersky Lab remains committed to continuing its mission and business of protecting customers in the United States and around the world from cyber threats by providing market-leading antivirus software, threat intelligence and analytics.

Hi folks!

As you’ll probably have noticed, the news stream around our small (but very technologically progressive) IT company has of late turned into a veritable Iguazu Falls. But that doesn’t prevent good news coming down that stream too – apolitical, technological, and based on named sources ). So here’s some of just that: the latest bit of good news…

There are several large and respected research agencies in the world, and Gartner is one of them. It’s known most of all for its expert assessments of how well vendors manufacture IT equipment and software: how well their products meet the needs of their customers and help them deal with problems.

Some time ago Gartner decided to add to its already multi-faceted evaluations another important dimension: the opinion of customers themselves. This was to make the overall ratings yet more accurate and objective and thus more practically useful. Thus, a little over a year ago Gartner announced its new peer review program – Gartner Peer Insights – in which business customers could voluntarily and anonymously (that is, being able to say absolutely anything they might not be happy about without the risk of any negativity boomeranging back at them) rate the products of different developers. And that includes ‘Endpoint Protection Platforms’.

Gartner approached adding this new facet to its analysis very seriously. Gartner Peer Insights hopes to “transform the way enterprise software is bought and sold by creating another source of trusted information in the software buying process. Gartner’s review platform is a place for all IT buyers to find advice they can trust from fellow IT professionals. Gartner Peer Insights includes more than 40,000 verified reviews in more than 190 markets. For more information, please visit www.gartner.com/reviews/home.”

Collecting and collating all the feedback took a year, while our industry – of course including us – eagerly awaited the results. In order to win, the vendor must have at least one product designated by research analysts as relevant to the market, and the vendor must have 50 or more reviews published during the submission period (12 months). To ensure that the awards are given to vendors who represent the Peer Insights’ end user base, vendors are eligible for Gold, Silver or Bronze awards subject to three criteria: 1) Maximum 75% of the deployments reported by the reviewers from non-North America regions; 2) Maximum 75% of reviews from one industry; and 3) Maximum 50% of reviews from non-enterprise end users. ‘Enterprise end user’ is defined as the reviewer’s company size being >$50M USD. If vendors qualify for the award but don’t meet the three criteria above, they may still be eligible for an honorable mention for their focus.

Read on: The real litmus test…

Hi folks!

I think it’s always possible – if you try hard enough – to be able to find something good in a bad situation.

The recent negative campaign against KL in the U.S. press hasn’t been pleasant for us, but we have tried hard – and found – some good things: it allowed us to make certain curious observations and deductions, and also gave a magic kick up the proverbial on planned KL business initiatives that never really came to anything long ago – one of which initiatives I’ll be telling you about in this post.

The cybersecurity business is based on trust: trust between users and the developer. For example, any antivirus, in order to do its job – uncover and protect against malware – uses a number of technologies that require broad access rights to users’ computers. If they didn’t have them, they’d be defunct. But it can’t be any other way: the cyber-bandits use all available methods to be able to penetrate computers to then lodge their malware in those computers’ operating systems. And the only way to be able to detect and smoke that malware out is to have the same deep system access privileges. Problem is, such a truism also acts as fertile ground for all sorts of conspiracy theories in the same vein as the old classic: ‘antivirus companies write the viruses themselves’ (with that kind of reasoning I dread to think what, say, the fire service or the medical profession get up to themselves when not putting out fires and treating the sick). And the latest theory growing out of that fertile ground is the one where a cyber-military has hacked our products and is spying on another cyber-military via those same products.

There are three things that all the separate U.S. media attacks on KL have in common: (i) a complete lack of evidence provided as a basis for their reports; (ii) use of only anonymous sources; and (iii) the most unpleasant – abuse of the trust relationship that necessarily exists between users and us. Indeed, it has to be admitted that that trusting relationship – built up over decades – has alas been impaired. And not just for KL, but the whole cybersecurity industry – since all vendors use similar technologies for providing quality protection.

Can this crisis of trust be overcome? And if so – how?

It can. And it must. But it needs to be done only by taking specific, reasoned steps that technically prove how trust is, in fact, being threatened by nothing and no one. Users, just as before, can trust developers – who always have, currently have, and will always have, one single mission: protecting against cyberthreats.

We’ve always been as open as possible with all our plans and undertakings, especially technological ones. All our key tech is documented to the fullest (falling short of revealing trade secrets) and publicly cataloged. Well a few days ago we went one step a huge leap even further: we announced our Global Transparency Initiative. We did so to dispel any remaining doubts as to the purity of our products, and also to emphasize the transparency of our internal business processes and their conformity to the highest standards in the industry.

So what are we actually going to do?

First, we’ll be inviting independent organizations to analyze the source code of our products and updates. And they can analyze literally everything – right down to the last byte of the very oldest of our backups. The key word here is independent. Closely behind it is another key word: updates; the analysis and audit won’t be just of the products but the equally important updates as well.

Second, we’ll have a similarly independent appraisal of (i) our secure-development-lifecycle processes and software, and (ii) our supply-chain risk-mitigation strategies that we apply in delivering our products to the end user.

Third, we’ll be opening three Transparency Centers – in the U.S., Europe and Asia – where customers, partners and government representatives can get exhaustive information about our products and technologies and conduct their own analyses and evaluations.

And that’s only the start of it. We’ve plenty more plans to become even more transparent – as transparent as air (and no jokes please about pollution or smog in large cities:). We’re only just kicking off this project, but we’ll be regularly sharing with you more as we go along. Stay tuned…

PS: If you have any ideas, suggestions or other comments – do let us know, here.

Hi folks!

I doubt you’ll have missed the unrelenting negative news coverage about KL of late. The most recent accusation is that alleged Russian hackers and the hidden hand of the Kremlin have somehow used our products to spy on American users and pilfer their secrets.
Read on

In recent years there’s been all sorts written about us in the U.S. press, and the article last Thursday in the Wall Street Journal at first seemed to be just more of the same: the latest in a long line of conspiratorial smear-articles. Here’s why it seemed so: according to anonymous sources, a few years ago Russian government-backed hackers, allegedly, with the help of a hack into the product of Your Humble Servant, stole from the home computer of an NSA employee secret documentation. Btw: our formal response to this story is here.

However, if you strip the article of the content regarding alleged Kremlin-backed hackers, there emerges an outline to a very different – believable – possible scenario, one in which, as the article itself points out, we are ‘aggressive in [our] methods of fighting malware’.

Ok, let’s go over the article again…

In 2015 a certain NSA employee – a developer working on the U.S. cyber-espionage program – decided to work from home for a bit and so copied some secret documentation onto his (her?) home computer, probably via a USB stick. Now, on that home computer he’d – quite rightly and understandably – installed the best antivirus in the world, and – also quite rightly – had our cloud-based KSN activated. Thus the scene was set, and he continued his daily travails on state-backed malware in the comfort of his own home.

Let’s go over that just once more…

So, a spy-software developer was working at home on same spy-software, having all the instrumentation and documentation he needed for such a task, and protecting himself from the world’s computer maliciousness with our cloud-connected product.

Now, what could have happened next? This is what:

Malware could have been detected as suspicious by the AV and sent to the cloud for analysis. For this is the standard process for processing any newly-found malware – and by ‘standard’ I mean standard across the industry; all our competitors use a similar logic in this or that form. And experience shows it’s a very effective method for fighting cyberthreats (that’s why everyone uses it).

So what happens with the data that gets sent to the cloud? In ~99.99% of cases, analysis of the suspicious objects is done by our machine learning technologies, and if they’re malware, they’re added to our malware detection database (and also to our archive), and the rest goes in the bin. The other ~0.1% of data is sent for manual processing by our virus analysts, who analyze it and make their verdicts as to whether it’s malware or not.

Ok – I hope that part’s all clear.

Next: What about the possibility of hack into our products by Russian-government-backed hackers?

Theoretically such a hack is possible (program code is written by humans, and humans will make mistakes), but I put the probability of an actual hack at zero. Here’s one example as to why:

In the same year as what the WSJ describes occurred, we discovered on our own network an attack by an unknown seemingly state-sponsored actor – Duqu2. Consequently we conducted a painstakingly detailed audit of our source code, updates and other technologies, and found… – no signs whatsoever of any third-party breach of any of it. So as you can see, we take any reports about possible vulnerabilities in our products very seriously. And this new report about possible vulnerabilities is no exception, which is why we’ll be conducting another deep audit very soon.

The takeaway:

If the story about our product’s uncovering of government-grade malware on an NSA employee’s home computer is real, then that, ladies and gents, is something to be proud of. Proactively detecting previously unknown highly-sophisticated malware is a real achievement. And it’s the best proof there is of the excellence of our technologies, plus confirmation of our mission: to protect against any cyberthreat no matter where it may come from or its objective.

So, like I say… here’s to aggressive detection of malware. Cheers!