Kaspersky Labs to release source code to drive transparency
Mon 23 Oct 2017
Cybersecurity firm Kaspersky Labs will be releasing its source code in an attempt to increase transparency following allegations about its connection to the theft of NSA files by Russian hackers.
There have been various reports in the U.S. media, including major outlets such as the New York Times and the Wall Street Journal, stating that NSA files became available to Russian hackers after an NSA employee took them home to work on them.
The allegations, coming from anonymous sources, state that as Kaspersky antivirus software recognised and flagged the NSA files as malware, this made them visible to Russian hackers, who then stole the files.
This has led to fears that Kaspersky software could be used to spy on customers. In September, the U.S. Department of Homeland Security banned the use of Kaspersky software in American federal agencies, citing questions over inappropriate connections between the firm and the Russian government.
Kaspersky has consistently denied the accusations. It has pointed out that it is standard practice for antivirus software to have effectively total control over customers’ computers – it is necessary to do so in order for the software to properly function.
CEO Eugene Kaspersky also noted that it would be detrimental to the company to hold close ties to the Russian government, with 85% of its business coming from outside of the country. Instead, he claims, the accusations are a result of geopolitics, arguing that the company is a pawn in a conflict between the U.S. and Russian governments.
However, speaking to Sky News, Kaspersky did acknowledge that the allegations have damaged the company’s business in the U.S., leading to the decision to release its source code. It hopes to begin a total audit of the code by the start of the next financial year.
The firm will also open three ‘transparency centres’ by 2020 to further address security fears. CEO Kaspersky stated that he is sorry that Kaspersky is behind others in instating this.
In a blog post, the firm addressed the allegations on several fronts. It argued that it is far-fetched to imagine high-level NSA files being taken home to be worked on. It questioned the anonymous and untraceable nature of the sources, as well as a lack of evidence.
In addition, it points out that its cloud protection component does collect information from computers, in order to quickly react to threats. This component, called Kaspersky Security Network, can be turned off.
The blog post states: ‘You can turn KSN off when installing the product or at any time after installation in the protection settings. If you like to develop cyberweapons on your home computer, it would be quite logical to turn KSN off — otherwise, your malicious software will end up in our antivirus database and all your work will have been in vain.’