New transparency initiative aims to open up software and security practices to independent auditors to prove firm’s antivirus program is safe
Russian cybersecurity firm Kaspersky Lab attempts to prove its antivirus software can be trusted in wake of spying scandal that saw it banned from US government use. Photograph: Sergei Savostyanov/TASS
Cybersecurity firm Kaspersky Lab has launched a “global transparency initiative” in an attempt to win back trust and prove it is safe to use after allegations of Russian spying.
The initiative will begin with an independent review of Kaspersky’s source code, an independent assessment of its own security practices, and the creation of new data protection controls for its handling of secure data, also independently overseen.
Kaspersky Lab founder, Eugene Kaspersky, said: “Internet balkanisation benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should.
“We need to reestablish trust in relationships between companies, governments, and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet.”
Kaspersky Lab, which is most well known for its antivirus software, has been under intense scrutiny for most of the past year following accusations from the US government that it operates hand in glove with Russian spy agencies. The accusations eventually resulted in the company being banned from providing services to the US federal government over espionage fears.
Throughout the process, Kaspersky has been adamant that it does not cooperate with Russian security services, and has repeatedly offered to open its software to independent investigators to prove that it doesn’t include backdoors or other surreptitious entry points for nation-state attackers.
But the claims were undercut by a report in October that explicitly blamed Kaspersky for the theft of confidential data from the machine of a US National Security Agency contractor. The company’s antivirus tools apparently discovered hacking tools on the contractor’s machine, correctly flagging them as malware. In doing so, it “alerted Russian hackers to the presence” of the NSA tools, according to the Wall Street Journal.
Kaspersky denied it had ever deliberately done such a thing. Eugene Kaspersky implied that his firm may have been the victims of a hack, saying “even though we have an internal security team, and do bug bounties, we can’t give 100% guarantee that there are no security issues in our products”.
The nature of antivirus software means that any manufacturer has near total control over machines it is installed on, and even trustworthy antivirus products send significant amounts of data back to central servers, to monitor outbreaks in real time. That means trust is crucial for any company in the sector.
In a statement, Kaspersky said: “Trust is essential in cybersecurity, and therefore trust should be the foundation of any collaboration among those seeking to secure individuals, organisations, and enterprises from cyber-threats. However, Kaspersky Lab also recognises that trust is not a given; it must be repeatedly earned through an ongoing commitment to transparency and accountability.”
The first aspects of the company’s transparency initiative will begin in the first quarter of 2018, Kaspersky said, with a second phase following in the second half of the year.
Since you’re here …
… we have a small favour to ask. More people are reading the Guardian than ever but advertising revenues across the media are falling fast. And unlike many news organisations, we haven’t put up a paywall – we want to keep our journalism as open as we can. So you can see why we need to ask for your help. The Guardian’s independent, investigative journalism takes a lot of time, money and hard work to produce. But we do it because we believe our perspective matters – because it might well be your perspective, too.
I appreciate there not being a paywall: it is more democratic for the media to be available for all and not a commodity to be purchased by a few. I’m happy to make a contribution so others with less means still have access to information.Thomasine F-R.
If everyone who reads our reporting, who likes it, helps to support it, our future would be much more secure.
Credited to: https://www.theguardian.com/technology/2017/oct/23/kaspersky-lab-security-firm-win-trust-russian-spying-scandal-antivirus
Comments