select all

How Russia’s Favorite Antivirus Software Became a U.S. Government Security Threat

Photo: Sergei Savostyanov/TASS via Getty Images

Throughout the last year, a supporting role in the mounting drama over Russia’s expansive cyberintelligence operations in the U.S. has been played by Kaspersky Lab, a Russian developer of antivirus software. Last month, the Department of Homeland Security banned federal executive-branch agencies from using any Kaspersky software, ordering them to clear it from their systems within 90 days. Around the same time, Best Buy stopped selling Kaspersky software. Congress also began looking into the company’s relationship with the government this past summer.

For more than a decade, Kaspersky has been essentially the Eastern Bloc equivalent of McAfee or Norton — standard enterprise and consumer antivirus software. It’s always dogged with rumors of connections to the Russian government, but for most of its existence, they’ve been nothing more than rumors. Over the last two years, though — since a Bloomberg investigation into the company’s connection to Russian intelligence — suspicion has become more intense. Now, with two new reports of Kaspersky being used as surveillance malware, that suspicion seems warranted.

Last week, The Wall Street Journal reported that an NSA contractor had been hacked and had government secrets stolen from his improperly secured home computer in 2015. The device was running Kaspersky software. Antivirus software is a particularly useful tool for surveillance and infiltration, because for the very purposes of finding viruses, the software needs access to every part of a computer’s file system. Imagine if you told a doctor he wasn’t allowed to examine your left leg.

Today, the New York Times is reporting that Kaspersky was widely used as a backdoor by Russian intelligence programs, a fact discovered by Israeli intelligence as part of their own hacking operations. According to the Times, “Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems.”

At the very least, the disclosures do not bode well for Kaspersky, which derives more than 60 percent of its sales from the U.S. and Western Europe. But the unknown (and likely unknowable) question is how much Kaspersky was aware of its role in Russian intelligence. The company has denied any cooperation with government spying operations, and until recently enjoyed a decent reputation in cybersecurity circles. It’s possible that Kaspersky didn’t know, and that Russia used it as a stepping stone. It’s possible that Kaspersky is lying and was a willful cooperator or compelled by Russian legal pressure. It’s possible that higher-ups at Kaspersky weren’t complicit, but lower-level employees were.

In the meantime, it might be worth finding a new antivirus software, even if you’re not bringing classified documents home from your day job at the NSA.

How Russia’s Favorite Antivirus Software Became a US Threat