MOSCOW, Russia - Faced with allegations of involvement in a government-led hack of an NSA contractor in 2015, Moscow-based cyber security firm Kaspersky Lab has hit back.
Denying any involvement in the Russian hack of the NSA contractor, a Vietnamese national, Kaspersky Lab founder, Eugene Kaspersky said the allegations were “like the script of a C movie.”
The allegations were made public in a report in the Wall Street Journal which quoted the NSA contractor, a Vietnamese national who was working to create replacements for the hacking tools leaked by Edward Snowden, was hacked on his personal computer after he took his work home.
The report claimed that the contractor’s use of Kaspersky’s antivirus software “alerted Russian hackers to the presence of files that may have been taken from the NSA.”
It said that once the machine was in their sights, the Russian hackers infiltrated it and obtained a significant amount of data.
Releasing an official statement about the allegations, Kaspersky Lab said, “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”
The firm’s founder, Eugene Kaspersky later vehemently denied that his company had played any active role in the breach.
He explained, “We never betray the trust that our users put into our hands. If we would do that a single time that would be immediately spotted by the industry and our business would be done.”
He implied that the root of the problem was that Kaspersky Lab had correctly identified the hacking tools the contractor was working on as malware – perhaps through Kaspersky Lab’s own research into the Equation Group, a “sophisticated cyber espionage platform” believed to be linked to the NSA.
Kaspersky implied that from there, it may be the case that Kaspersky Lab’s own data was hacked by the Russian government.
He claimed, “Even though we have an internal security team, and do bug bounties, we can’t give 100% guarantee that there are no security issues in our products, name another security software vendor who can!”
Earlier, reports quoted Matthew Green, a cryptography professor at Johns Hopkins University as saying, “Consensus on infosec Twitter is that Kaspersky may not have colluded with [the Russian government]; just maybe their product may be horrendously compromised. Not quite sure how that’s qualitatively different from the point of view of Kaspersky customers. But I guess it’s something.”
Kaspersky even republished Green’s tweet calling his product “horrendously compromised” in his own blog post.
However, experts claimed that the hacking incident in question may be used as the key evidence in September to drive a U.S. government-wide ban of Kaspersky products.