Kaspersky Lab founder and namesake Eugene Kaspersky shrugged off allegations his software was used to hack an NSA contractor and steal sensitive files in a blog post Thursday night as “another sensationalist” attempt to link the company to Russian intelligence.
“The [accusation] sounds like the script of a C movie, and again — disclosed by anonymous sources (what a surprise),” he wrote.
“B movies” are the low-cost, low-ambition Hollywood genre films that by design typically lack the production quality of blockbusters. C movies would be one rung below that.
A Wall Street Journal story Thursday reported that Russian-government-sponsored hackers used Kaspersky Antivirus as a window into the home computer of an NSA contractor they hacked.
All antivirus software, including Kaspersky’s and others’, works by scanning files to look for suspicious files, and sending copies of new, malicious, files back to a home server, where they are analyzed and added to the database of software to thwart. NSA-built hacking tools on a contractors computer might have been flagged by the antivirus program.
If the allegations are true that Russian sponsored hackers used Kaspersky to help target the contractor’s computer, that does not necessarily mean that Kaspersky was complicit in the attack. Hackers could have found a way to co-opt the antivirus or Kaspersky Lab could itself have been hacked.
Kaspersky emphasized in his blog post that the lab was unaware of any role in the attack.
“With big power comes big responsibility. We never betray the trust that our users place in our hands. If we were ever to do so just once, it would immediately be spotted by the industry and it would be the end of our business — and rightly so,” he wrote.
The Department of Homeland Security recently barred the use of Kaspersky Lab software as a potential security threat but did not identify any specific reasons to believe Kaspersky products were actively being exploited.
Sen. Jeanne Shaheen (D-N.H.) on Thursday called for hearings on the alleged hacking tool theft.
In a letter to the leadership of the Armed Services Committee, on which Shaheen serves, she wrote: “I urge you to expeditiously schedule a hearing to receive testimony from administration officials, including NSA Director Admiral Michael Rogers, about the nature of this security breach and what the federal government is doing to prevent future incidents.”