October 6, 2017 // 11:38 a.m.
Security firm Kaspersky Lab has soundly denied claims that its software was used by the Russian government to steal confidential documents belonging to a contractor of the US National Security Agency.
According to unnamed sources speaking to the Wall Street Journal, confidential files belonging to the National Security Agency were exfiltrated by attackers when a contractor, in violation of standard security protocol, placed copies onto their personal laptop. So far, so whoops - but the sources go on to claim that the files themselves only became known to the Russian government in the first place after being flagged by anti-virus software from Kaspersky Lab.
The implication, then, is that somehow the files being flagged by Kaspersky's anti-virus software and Russia swooping in to copy them are linked - but, naturally, the company denies any wrongdoing or collusion. 'Kaspersky Lab has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal on October 5, 2017, and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company,' the company bemoaned in an official statement published late last night. 'As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.
'We make no apologies for being aggressive in the battle against malware and cybercriminals. The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests. It’s also important to note that Kaspersky Lab products adhere to the cybersecurity industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the U.S. and around the world.'
This isn't the first time Kaspersky has been fingered for potential wrongdoing: In 2015 the company was accused of sabotaging rivals' software by deliberately mislabelling files contributed to malware-sharing services to encourage false positive and negative detections.