Who will watch the watchmen? Kaspersky Lab Faked Malware Hits to Hamstring Rivals

by Matt Klassen on August 18, 2015

“Quis custodiet ipsos custodes?” This question, roughly translated as “Who will watch the watchmen?” was famously posed by Roman poet Juvenal in the late 1st century CE, arguing against the possibility of enforcing moral behaviour when those responsible for the enforcement were themselves morally corruptible. For years the idiom has been deployed to question those who are supposedly in charge of maintaining our security and protection, arguing that they too will soon descend into moral ambiguity.

In this digital age one could say that the most trusted watchmen are the security companies who supply the world with the antivirus tools to combat the ever intrusive scourge of malware, and in an epic tale of breach of trust, an exclusive report from Reuters details how one of the world’s largest security companies, Moscow-based Kaspersky Lab, has reportedly faked malware results in an attempt to hamstring its market rivals. Subsequently, the results where that security software from these rivals produced false positives, labelling benign files as malicious and thus fooling users into disabling or deleting important files on their computers.

If this accusation should prove true it will have far reaching effects on the whole notion of security, as truly those who continue to provide us with security tools to combat malware have largely been seen as the last bastion of nobility and trustworthiness in a digital world full of unknowns. Now the security companies may be as bad, or worse, than the cyber criminals they promise to protect us from and are seemingly no better than the Mob, promising freedom from the threats they themselves create.

According to the Reuters report, two former employees of Kaspersky Lab have detailed a decade-long attempt by the security solutions provider to hamstring its marketplace rivals by creating false positive malware hits on rival security tools, tricking those platforms into seeing clean files as being infected with malware.

“The secret campaign targeted Microsoft Corp, AVG Technologies NV, Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers’ PCs.”

The motivation behind such dubious behaviour came from the apparent slight felt by company co-founder, Eugene Kaspersky, who felt that smaller rivals were stealing his software instead of developing their own, and sought retaliation against them as a sort of vigilante justice, the sources said. Not only that, though, but Kaspersky Lab also saw this as a way of gaining competitive advantage over these rivals, as others’ security platforms would be seen as untrustworthy after producing these false hits.

For its part, Kaspersky Lab vehemently denies these allegations. “Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky said in a statement to Reuters. “Such actions are unethical, dishonest and their legality is at least questionable.”

But this particular breach of trust aside, if true it will no doubt impact the public perception on the security industry as a whole, as the public puts their trust in these companies to protect them from legitimate threats. Knowing that the security companies themselves may be as malicious as the threats themselves makes the entire industry seem like a dubious, money-grubbing enterprise, something akin to organized crime.

In this digital age there is likely no other issue as foundational as security, for with the introduction of mobile payments, the Internet of Things, and the ubiquitous presence of smartphones and network connection everyone wants to know if their information is going to be safe. For years we’ve trusted that safety to Kaspersky Lab and other security vendors, but now that our loyalty and trust in these vendors has been shaken where else can we find a trustworthy mooring in this turbulent and uncertain digital sea?

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: