Using up-to-date security software is pretty much at the top of recommended defense measures. Anti-virus and anti-phishing software filter out daily attacks from network communications. However, it is important that users can trust this software to intercept malicious software, harmful links, and other threats no matter who they come from. Threats may originate from criminals but also increasingly government organizations. Users also expect that data remains stored confidentially on their devices, especially considering that security software has the capability of viewing and intercepting data. Recently, the Russian antivirus company Kaspersky has made headlines for exactly this reason. US authorities claim that Kaspersky stole top-secret software from a government employee’s PC and delivered it to the Russian intelligence service. This included exploits for previously unknown vulnerabilities.
After the story became public in early October, American authorities responded with drastic announcements. Government agencies were no longer allowed to license Kaspersky software and had to remove it from their computers. A major supermarket chain removed Kaspersky software from sale and public outrage was considerable. This does not seem entirely justified, as Edward Snowden demonstrated that the US are conducting similar activities around the world. However, the outcry did raise a valid question of whether Kaspersky software secretly scans user data and uploads it without the user’s knowledge.
As the scandal progressed, several less than flattering details of clandestine government activity emerged: It came to light that the US probably knew about the stolen software because an Israeli government organization had compromised Kasperky’s servers and discovered the top secret American software. Not only that, the Israelis discovered, according to their own information, hackers linked to the Russian government, who were also looking for intelligence and exploits. It would be easy to see Kaspersky as the victim in this situation in unwittingly providing a platform for intelligence services to exchange information. Even more so, as the exploit tools were downloaded by an external consultant who copied the software onto their laptop and took it home with them. According to Kaspersky, the consultant also installed a key generator for accessing an unlicensed copy of Microsoft Office. The key generator contained a backdoor which was discovered by Kaspersky and uploaded to their servers for review with other suspicious files – including the US exploits – a normal process which can be deactivated.
Whether the external consultant was particularly foolish and whether Kaspersky knowingly tolerated the Russian hackers on their own network (which Kaspersky denies) is open to speculation. Regardless, these events have made it clear that one of the most important security measures users can install on their PC has become a playing field for the intelligence services. It does not matter whether the Israelis, Americans or Russians are involved – any potential influence of government organizations is damaging and risks lost user confidence in antivirus and security software. This weakens IT security, which is not good news in times of global digitalization.