Kaspersky Lab is Russian cybersecurity firm based in Moscow. It was founded by Eugene Kaspersky in 1997, and began expanding internationally in 2005. It offers a variety of computer and network security solutions, including internet security, antivirus, password management, endpoint security.
Kaspersky Lab has accomplished a number of things for their customers and the industry as a whole. These are largely the work of their Global Research and Analysis Team (GReAT). The following are some of these accomplishments:
- Discovered the Flame malware in May 2012
- Discovered a similar threat, Gauss in July 2012
- Identified the Red October malware in 2013 which was being used for cyber-espionage
- Discovered the malware "Mask" which was also believed to be involved in espionage
- Identified a threat actor called "Equation Group" which was found to pose a significant threat
- Detected the malware "Duqu," which had actually infected Kaspersky Lab's own network
In August 2017, Trump's cybersecurity coordinator Rob Joyce publicly called the security of Kaspersky Lab into question. U.S. officials believe that the company has ties to the Kremlin and should not be trusted. Joyce announced that for this reason, the U.S. government has vowed not to use their products, and advises the public to be wary of the firm's products and services as well. According to Michael Morell, former deputy director of the CIA said, "There is a connection between Kaspersky and Russian intelligence, and I'm absolutely certain that Russian intelligence would want to use that connection to their advantage." The announcement quickly prompted scrutiny from other entities as well. As a result of this, supporting evidence began to arise, including e-mails. However, many skeptics said that there was no evidence, and such accusations were foolish.
Kaspersky Lab itself readily denied these accusations. On October 10, 2017, Sarah Kitsos who is the spokeswoman for Kaspersky said,
|“||As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.||”|
Over a month after its first formal accusation, the U.S. revealed that it did indeed have evidence to support their claims of Kaspersky's software being used to steal information. This evidence was discovered in 2015, when Israeli hackers penetrated Kaspersky's network and discovered software which had been taken from the U.S. National Security Agency. Israel notified the NSA, which led to a lengthy investigation. It was found that the information Israel had discovered had been taken from one specific employee's computer within the Tailored Access Operations division (this person's name has not been released). Further investigation revealed that Kaspersky's anti-virus software, which was running on the compromised computer, had been used to, at the very least, locate and identify the specific files which were taken.
Kaspersky Lab uses "silent signatures" to operate quietly in the background, as most most other such software does. However, there were found to be elements within this silent detection system which could search for specific files in a manner unrelated to malware detection. This fact combined with the discovery of highly secret U.S. software stored on their corporate network makes it appear that the company intentionally collected this information in an act of espionage. This seems likely to many, especially since the totalitarian government of Russia could force the company to do its bidding. However, The possibility remains that a "lone-wolf" or some embedded FSB agent did this, without the company's consent.