Kaspersky Lab chief and co-founder, Eugene Kaspersky, has taken aim at government agencies in the United States after media reports emerged last week alleging that Kaspersky Lab software was used by Russia-backed hackers to steal classified US Government information.
On 5 October, The Wall Street Journal reported that hackers allegedly working for the Russian Government stole highly classified information about how the US gets into foreign computer networks and defends itself against cyber attacks.
According to the report, the data theft occurred after a US National Security Agency (NSA) contractor “removed the highly classified material and put it on his home computer”, according to The Wall Street Journal’s sources.
The media outlet, along with The Washington Post, both claimed that the contractor used Kaspersky Lab cyber security software, with at least one media report alleging that Russian Government officials “could have used flaws in Kaspersky software to hack into the machine in question”.
The claim comes off the back of an ongoing slinging match between some segments of the US Government and Kaspersky Lab over the Russia-headquartered company’s alleged ties to the Russian Government – an accusation Kaspersky Lab has consistently denied.
Now, Eugene Kaspersky has entered the fray, referring in a blog post to the media claims as “sensationalist”, and sounding like “the script of a C movie”.
Kaspersky has long denied any deliberate wrongdoing by his company or ties with the Russian Government.
In his blog post, Kaspersky took the US Government agency in question to task, asking why it did not make a point of disclosing any purported software weakness in the Kaspersky Lab product being used by the contractor – if, indeed, the report turns out to be accurate.
“Even though we have an internal security team and run bug bounty programs, we can’t give a 100 per cent guarantee that there are no security issues in our products,” Kaspersky said. “Name another security software vendor that can! Software is made by people and people make mistakes – no getting round that.
“Now, if we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us?,” he said.
Kasperky pointed out that his company usually patches the most severe bugs in a matter of hours, so why would the US Government not try to “make the world a bit more secure” by reporting the vulnerability to Kaspersky.
“I can’t imagine an ethical justification for not doing so,” he said. “In the end, I can’t shake off a disturbing thought: no matter how great security technologies and measures are, the security of millions can be easily compromised by the oldest threat actor there is – a $5 USB stick and a misguided employee.”
The comments come as Kaspersky and his company fight what appears to be an uphill battle with the US Government, after the Trump administration told US Government agencies in September to remove Kaspersky Lab products from their networks, saying it was concerned the company was vulnerable to Kremlin influence.