The Moscow based Kaspersky Lab is one of the largest security companies in the world. It has 400 million users and 270,000 corporate clients. Kaspersky has won general respect in the industry for its investigation of the Stunxet computer worm that incapacitated Iran’s nuclear program in 2009 and 2010 and for its exposure of high-level Western spying programs. Two former employees have spoken out this week, however, alleging that Kaspersky Labs have engaged in dirty tactics to damage rival firms, for instance by tricking other companies antivirus software programs into classifying benign files as malicious, or by fooling firms into deleting or disabling files on their customers’ PCs.
According to the ex-employees, Kaspersky Labs co-founder, Eugene Kaspersky, partly ordered such attacks to take revenge against smaller companies who he thought were aping his software instead of developing their own original technology. One of the ex-employees said, “Eugene considered this stealing”. Indeed in 2010, Kaspersky publicly called out copycat security firms, and requested greater respect for intellectual property. He even ran an experiment to prove it by creating 10 harmless files and telling VirusTotal that Kaspersky regarded them as malicious. According to Kaspersky analyst Mangus Kalkuhl, just 10 days later, all 10 files were declared dangerous by up to 14 different security companies who had blindly followed Kaspersky’s lead.
The ex-employees claimed that the sabotaging operations were stepped up after Kaspersky’s public complaints in 2010 didn’t lead to significant change, and that the peak sabotage period came between 2009-2013. They stated that part of the intention was to build market share for Kaspersky Labs, and alleged that various company employees were assigned to work for weeks or months at a time on such projects. The employees sought anonymity in making their claims and said that only a handful of employees knew about the operation. They declined to give a detailed account of any specific attack.
Kaspersky made a statement to Reuters categorically denying the allegations. “Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing.” Kaspersky described such actions as “unethical, dishonest and their legality is at least questionable.”
However, such attacks are far more possible than in the past as the rising number of harmful computer programs have meant that security companies share more private information with each other than previously. They swap samples of malware, license each other’s virus-detection engines and send suspicious files to third-party aggregators. Such collaboration allows companies to more quickly identify new viruses, but it also allows the possibility of borrowing from and damaging each other’s work. In Kaspersky’s statement to Reuters, he reiterated his belief in “trusted data-exchange” as “definitely part of the overall security of the entire IT ecosystem” and stated that “this exchange must not be compromised or corrupted”.