Kaspersky Lab Ex-Employees Accuse It Of Creating Fake Malware To Harm Competitors
Kaspersky Lab, one of the largest security companies in the world, had started creating fake malware over a decade ago to fool their competitors in the market so that they would detect benign files as malicious, according to two former employees, reports Reuters. The company had hit its peak between 2009 and 2013.
These two employees, who wished not to be named, disclosed that the Russian company’s co-founder, Eugene Kaspersky was the one to order the covert operation.
Targeting companies like Microsoft Corp, AVG Technologies NV, Avast Software and other competitors, the secret campaign was to trick some of them into disabling or deleting important files on their customers’ PCs.
The whole affair started when Mr. Kaspersky felt other companies smaller were making money off his work, as they were copying his software instead of developing their own technology.
“Eugene considered this stealing,” said one of the former employees. However, Kaspersky Lab strongly denied that it had fooled its competitors into classifying clean files as infected, so-called false positives.
“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky said in a statement to Reuters. “Such actions are unethical, dishonest and their legality is at least questionable.”
Eugene created a shadow department in his company to harm the reputation of his competitors, by creating fake malware, which was then anonymously submitted to VirusTotal.
Boasting of 400 million users and 270,000 corporate clients, Kaspersky has won huge respect in the industry for its research on complicated Western spying programs and the Stuxnet computer worm that deliberately destroyed Iran’s nuclear program in 2009 and 2010.
The desire to build market share also influenced Kaspersky’s selection of rivals to sabotage said the two former Kaspersky Lab employees.
“It was decided to provide some problems” for rivals, said one ex-employee. “It is not only damaging for a competing company but also damaging for users’ computers.”
Hence, most of the campaign was carried out against Microsoft, AVG and Avast, reported Reuters.
Company researchers were assigned to work for weeks or months at a time on the sabotage projects. Their chief task was to reverse-engineer competitors’ virus detection software to figure out how to fool them into categorizing good files as malicious, or often isolate or delete non-infected software, the former employees said. They would then inject dangerous-looking code inside a legal program, enough to trigger a false positive in the engine of a targeted competitor.
In 2010, Kaspersky Lab openly expressed dissatisfaction about copycats, calling for greater respect for intellectual property as data-sharing became more predominant.
At that time, Kaspersky said it ran an experiment to showcase that other companies were copying its work without even verifying the findings on their own. It created 20 harmless files and submitted to VirusTotal asked them to consider them as malicious.
According to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010, as many as 14 security companies that had blindly followed Kaspersky’s lead, within a week and a half declared that all the files were dangerous,
The two employees interviewed by Reuters confirmed that the company stepped up the fake malware campaign after this experiment, when the complaints did not lead to significant change.
The company suffered from accumulation of bad samples that stopped after it set up special filters to screen for them and improved its detection engine, said AVG’s former chief technology officer, Yuval Ben-Itzhak.
“There were several waves of these samples, usually four times per year. This crippled-sample generation lasted for about four years. The last wave was received at the beginning of the year 2013,” he told Reuters in April.
Kaspersky said it had also improved its algorithms to resist against false virus samples attacks. It added that it believed no antivirus company conducted the attacks “as it would have a very bad effect on the whole industry.”
“Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted,” Kaspersky said.
After the article was released by Reuters, Kaspersky issued an official press release. In a response on his blog, it’s CEO also posted a comment saying that the Reuters article was “filled with sensational – false – allegations.”
“Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous,” he added. “Maybe these sources managed to impress the journalist, but in my view publishing such an ‘exclusive’ – without a shred of evidence- is not what I understand to be good journalism.”
