Kaspersky Acknowledges Taking Inactive Files in Pursuit of Hackers

Advertisement
By Reuters | Updated: 6 November 2017 16:37 IST
Kaspersky Acknowledges Taking Inactive Files in Pursuit of Hackers

Eugene Kaspersky said his company's widely used antivirus software has copied files that did not threaten the personal computers of those customers, a sharp departure from industry practice that could increase suspicions that the Moscow-based firm aids Russian spies.

The acknowledgement, made in an interview last Friday as part of the Reuters Cyber Security Summit, comes days after Kaspersky's company said its software had copied a file containing US National Security Agency (NSA) hacking tools from the home computer of an agency worker in 2014.

"We did nothing wrong," Kaspersky said in the interview.

He said the files containing the NSA hacking tools were taken because they were part of a larger file that included suspicious software. Such actions occur only in “very, very, very rare cases,” he added.

Advertisement

A spokesman at Kaspersky's firm, Kaspersky Lab, told Reuters the company would never take regular computer files that contained nothing suspicious.

The firm has for years faced suspicions that it has links with Russian intelligence and state-sponsored hackers. Kaspersky denies any cooperation with Russian authorities beyond cybercrime enforcement.

Advertisement

In September, the US Department of Homeland Security banned Kaspersky software from use in federal offices, citing the company's ties with Russian intelligence. The company is the subject of a long-running probe by the US Federal Bureau of Investigation, sources have told Reuters.

Antivirus software is designed to burrow deeply into computer systems and has broad access to their contents, but it normally seeks and destroys only files that contain viruses or are otherwise threatening to a customer's computers, leaving all other files untouched.

Advertisement

Searching for and copying files that might contain hacking tools or clues about cybercriminals would not be part of normal operations of antivirus software, former Kaspersky employees and cyber-security experts said.

In the Reuters interview, conducted at Kaspersky Lab's offices in Moscow, Eugene Kaspersky said the NSA tools were copied because they were part of a larger file that had been automatically flagged as malicious.

He said the software removed from the agency worker's computer included a tool researchers dubbed GrayFish, which the company has called the most complex software it has ever seen for corrupting the startup process for Microsoft's Windows operating system.

Kaspersky said he had ordered the file to be deleted "within days" because it contained US government secrets.

But he defended the broader practice of taking inert files from machines of people that the company believes to be hackers as part of a broader mission to help fight cyber crime.

“From time to time, yes, we have their code directly from their computers, from the developers’ computers,” Kaspersky told Reuters.

'Improper practice'
Three former Kaspersky employees and a person close to the FBI probe of the company, who first described the tactic to Reuters this summer, said copying non-infectious files abused the power of antivirus software. The person associated with the FBI said in one case Kaspersky removed a digital photo of a suspected hacker from that person's machine.

Kaspersky declined to discuss specific instances beyond the NSA case, saying he did not want to give hackers ideas for avoiding detection.

"Sometimes we are able to catch cyber criminals, that’s why I am not so comfortable to speak about this to media," he said in the interview. "Many of them are very clever, they can learn from what I am saying."

Other industry experts called the practice improper. Mikko Hypponen, chief research officer at Finnish security company F-Secure, said that when his firm's software finds a document that might contain dangerous code, "it will prompt the user or the administrator and ask if it can upload a copy to us."

Dan Guido, chief executive of cyber-security firm Trail of Bits, which has performed audits on security software, said Kaspersky's practices point to a larger issue with all antivirus software.

"All of them aggregate a huge amount of information about their clients, which can be easily exploited when put in willing hands," he said.

US news organisations have reported that Kaspersky, or Russian spies hijacking its service, have been searching widely among customers' computers for secret files, citing anonymous US intelligence officials. Reuters has not verified such reports.

Kaspersky said he hoped to alleviate concerns about his company by opening up his source code for review by third parties in independently run centers, as well as by raising the maximum amount it offers for information about security flaws in its programs to $100,000.

© Thomson Reuters 2017

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Kaspersky, Kaspersky Lab, Eugene Kaspersky, Internet, US, Russia
Why Tech Companies Need Humanities Students Along With Engineers
Advertisement

Related Stories

Google Play Store Saw Over 600 Million Malware, Malicious App Downloads in 2023: Kaspersky
13 November 2023
iOS 16.5.1 Rolls Out With Zero-Day Vulnerability Fixes Alongside New macOS, iPadOS and watchOS Updates
22 June 2023
Kaspersky Appoints Jaydeep Singh as Head for India Operations
7 June 2023
Kaspersky Finds Cybersecurity Threat That Targets iPhone Users via Malicious iMessage Attachment
3 June 2023
White House Supports Bipartisan Bill Aimed at Strengthening US Powers to Ban TikTok
8 March 2023
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Vivo Y400 Pro 5G: Everything We Know Ahead of India Launch on June 20
  2. Redmi Pad 2 With 11-Inch 2.5K Display, 9,000mAh Battery Launched in India
  3. BSNL Announces Name of Its 5G Service in India
  4. Nothing Headphone 1 Price, Colour Options Leaked Ahead of Launch
  5. Vivo T4 Ultra Now Available for Purchase in India: See Price, Offers
  6. iQOO Z10 Lite 5G With 6,000mAh Battery Launched in India: Price, Features
  7. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
  8. Infinix Note 50s 5G+ Gets a New RAM and Storage Option in India: See Price
  9. Pixel 10, Pixel 10 Pro Alleged Case Hint at Design Changes
#Latest Stories
  1. Facebook Rolls Out Passkey Support for Easier and Secure Sign-In, Meta Pay Purchases
  2. BSNL Announces Q-5G Service in India, Launches SIM-Less Quantum 5G FWA for Enterprises in Select Circles
  3. SpaceX Launches 26 Starlink Satellites from California to Expand Low Earth Orbit Internet Network
  4. NASA and DoD Simulate Critical Abort Scenarios to Secure Artemis II Moon Mission
  5. Brain’s Built-In Signal Threshold Helps Differentiate Imagination from Reality
  6. Feather-Legged Lace Weaver Spider Uses Toxic Silk Instead of Fangs to Kill Its Prey
  7. New Habitability Model Helps Identify Which Alien Planets Might Be Able to Host Life
  8. Warner Bros. Games Restructures to Focus on Harry Potter, Game of Thrones, Mortal Kombat and DC Franchises
  9. Google Pixel 10, Pixel 10 Pro Alleged Case Suggests Minor Design Changes From Predecessors
  10. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.