Kaspersky to US: Check Our Source Code

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
Cybersecurity expert Eugene Kaspersky has volunteered to turn over his company's software source code to allay fears about possible ties with the Russian government, The Australian reported last week. Kaspersky made the offer public at CeBIT Australia.
Some U.S. officials have expressed concerns that Kaspersky Lab might have a close working relationship with the Russian government.

Kaspersky five years ago replaced a number of high-level managers with people who had ties to Russia's military or intelligence services, Bloomberg reported in 2015.

Some of them reportedly have provided data from the 400 million customers using Kaspersky's software to Russia's intelligence agency, the FSB.

Also, Kaspersky himself reportedly visits saunas with Russian officials on a regular basis.

Kaspersky studied at a university backed by the KGB -- the precursor of the FSB -- in the 1980s, according to reports, and he served as a software engineer with Soviet military intelligence before leaving for the private sector.

The heads of five U.S. intelligence agencies recently expressed suspicions regarding Kaspersky Lab to the U.S. Senate Select Committee on Intelligence, but they "don't have an option due to political reasons," Kaspersky suggested on Reddit.

"Recently, inaccurate statement and claims about Kaspersky Lab have circulated in public," the company said in a statement provided to TechNewsWorld by corporate communications manager Denise Bertrand.

"Eugene never worked for the Russian government," Kapersky Lab contended. "He grew up in the Soviet Union era when almost every education opportunity was sponsored by the government in some manner."

The university Kaspersky studied at "was sponsored by four state institutions, one of which was the KGB," Kaspersky Lab said. He was placed at a Russian Ministry of Defense scientific institute as a software engineer upon graduating, because "it was routine for university faculty to determine students' post-graduate positions."

9976

Stirring a Hornet's Nest
Kaspersky did itself no favors with its all-out pursuit of hackers and malware authors linked to the U.S.

It has uncovered sophisticated malware or spyware connected to U.S. intelligence sources, including Stuxnet, Flame, Shamoon, and The Equation Group.

Kaspersky didn't seem to look equally hard for state-sponsored malware released by Russia, an acknowledged haven for cybercriminals.

Possibly because of that, and also because of the controversy surrounding Russia's possible meddling in the U.S. presidential elections, Kaspersky now is under the microscope.

The FBI is looking into Kaspersky's ties with the Russian government, as is the Senate.

Separately, the NSA and the UK's GCHQ reportedly have been trying to hack into Kaspersky for years.

Is Kaspersky Targeted Unfairly?
The NSA could be behind the latest scrutiny of Kaspersky Lab and its CEO.

"It's always dangerous to piss off three-letter agencies," said Rob Enderle, principal analyst at the Enderle Group.

"Doing so while operating out of Russia would be even more problematic," he told TechNewsWorld.

However, the likelihood of Kaspersky maintaining a wall between its work with the FSB and Russian government, and its work with other clients is effectively zero," said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

Like a John LeCarre Novel
The situation is "like a John LeCarre novel come to life," said Laura DiDio, principal analyst at ITIC.

"You're not going to be able to prove absolutely whether or not Kaspersky has ties to the Russian government, she told TechNewsWorld.

"He has done all he can do -- offer to give the U.S. government his source code," she pointed out.

"The problem isn't whether Russia built a back door into the Kaspersky code, but that Russia may have copies of the source code," Jude told TechNewsWorld.

"Regardless of whom Kaspersky turns his code over to, his reputation is shot," Jude said. "If it's Russia, the U.S. market is dead; if it's the U.S., then just about every non-U.S. market is dead."
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
If the US government doesn't want to use Kaspersky software don't use it it's a simple as that, but they're now ruining a man's reputation, what else can he do other than offer his source code. I think it's terrible the way he's being treated it's a like a witch hunt.
 

Entreri

Level 7
Verified
May 25, 2015
342
Various governments have source codes for Windows, many other products, including AV's.

They tend to request this to have their programs installed on government computers. So Russian government having Kapsersky source code is normal, because the Russian government uses Kaspersky.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
My respect for Kaspersky: delivering the source code is a great sign of collaboration.
Inside the source code there are key information on the various aspects of the antivirus software, as the main engine of the application and all the rest... nothing to hide, this is the clear message.

But at this point I would expect the same cooperation from the US.
 

oneeye

Level 4
Verified
Jul 14, 2014
174
Kaspersky did it to himself. Read the article. Notice he never goes after any other state actors other than the US. It's just smarter these days to use software you implicitly trust, from friendly countries, and skip those who would be in position to cause harm. Granted, it's hard to trust any these days, but the Netherlands has some of the most privacy conscientious laws on the books, and companies like F-secure have a fabulous reputation. Just saying is all.
 
F

ForgottenSeer 58943

In all honesty.. I trust Kapersky simply because they are Russian, and will likely stop my own government "NSA, CIA" etc.. from accessing my home system via a backdoor they would use in other programs. (hopefully that never actually happens).

My thoughts are, if our govt. says to avoid something it's probably better to do the opposite. In my experience our Govt. is a self-serving parasite that really seems to do things that are in it's own interest rather than the rest of us. The FBI/CIA/NSA, etc. are quite capable of knocking on your door, or delaying you at work while they walk in your door while the FSB wouldn't so which would you prefer to have your information and deepest darkest secrets? Also from what have heard regarding the FSB is they are a much more targeted organization with less resources in comparison to the US Intelligence which have a wide scope and virtually unlimited funds.

oneeye makes a valid point, we should probably avoid using US-Based critical products/services if security and privacy are our primary concerns. Emsisoft with their incredible decentralized operations would be a good example. But even then we must be observant and untrusting in some cases, Trend for example was once thought to be a non-US product but recent events illustrate Trend is really just a CIA/NSA front organization and even shares analyst space with Booz.

This Russian Hysteria as of late is an absolute joke and seems incredibly well orchestrated, by the CIA I assume.
 

Visa

Level 1
Verified
May 31, 2017
42
All of the speculation from the government agencies could be crafted to push Kaspersky in handing over their software code for auditing which will make it easier for the government agencies to develop malicious software which can evade detection by Kaspersky products.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Can The source code be fake?
What should be the reason to give them a fake source code? I don't think kaspersky has something to hide.
The biggest mistake is to mix politics and science/technology: an honest AV vendor invests his energies in order to produce security, doing serious research like amply demonstrated by Kaspersky in our case.
Speaking of politics, really I do not think Russia needs of Kaspersky to spy on someone.
 

Visa

Level 1
Verified
May 31, 2017
42
Can The source code be fake?
Interesting question! :)

It would not be a good idea for Kaspersky to hand over a fake copy of the source code because there are high chances that the government agency will perform checks to ensure that it is the genuine source code for the Kaspersky product being assessed.

If Kaspersky were found out for providing a fake source code then that would make their situation even worse because it would seem like they really are trying to hide something from people outside of the company from knowing, even if the current allegations are really false.
 
Last edited:
F

ForgottenSeer 58943

Source Code isn't as important as telemetry. Even access to an AV's telemetry would be a boon for intelligence. Imagine the junk Webroot gathers on people, or lately, what NSA's contractors at Booz working in Trend labs can see? Talk about a wealth of data!

For me, I remembered I have a 3 year license to Dr. Web Security Space 11.. Trying that out again and having pretty good luck so far.

With the Russia-Paranoia lately, my network probably looks really interesting.. I use a good number of Russian products because quite frankly, they're great programmers. (usually)

Kerish Doctor, Dr. Web, Adguard.... My network has a lot of traffic back to the motherland.. LOL
 

brambedkar59

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,097
he should give the source code only if US govt. is ready to provide source code for windows.the actual reason for all the drama is that Kaspersky is always catching US sponsored cyber attack
I don't think US Govt. can legally provide windows source code to anyone, that right is reserved by MS. Maybe they can ask MS to do so, but I don't think they would to a separate private business.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top