This week’s mainstream press circulated renewed concerns about tight relationships between the Russian government and Kaspersky Lab, makers of popular anti-virus software.
Those concerns have festered for years. This year, those concerns have heated up again amid a turbulent political environment. We wrote back in May about reports that the FBI was investigating the company’s ties to Russian spy agencies.
And in July, we reported on issues raised about Kaspersky Lab secretly helping a Russian intelligence agency respond to distributed denial of service attacks. In one program, Kaspersky employees allegedly accompanied FSB agents on physical raids. The origins of those reports, which just came to light this year, date back to 2009.
In the latest reports: Russian hackers had managed to get their digital hands on NSA documents stored on an employee’s home computer; the Department of Homeland Security put out an edict that all federal agencies would cease using Kaspersky software; and now, Israeli spies watched as a Russian government hacking crew used Kaspersky software to search for covert government programs. This last item, these reports say, were the result of Israel security personnel hacking into Kaspersky’s network.
Kaspersky AV software is quite popular on consumer and business PCs, and these reports have raised questions about whether users should be concerned about using it. One of the key aspects being illuminated is that the tools used for these security breaches leverage the telemetry data that gets sent back as a routine part of any AV software. This can, of course, be turned off, although many users don’t know that.
Our sister site, Tom’s Guide, has talked to a variety of security experts about the risks of continuing to use Kaspersky software, compiling those opinions and specific recommendations into a report of its own, entitled “Kaspersky Russian Spying Rumors: Should You Still Use This Antivirus?”