Kaspersky Lab response to the New York Times misinterpretation of research reported on January 1, 2018

“The New York Times article misinterprets the research, which is based on the assumption that a malicious actor would have administrative access to a computer while a Kaspersky Lab product is running on it. The article does not present any evidence or novel method for subverting Kaspersky Lab products - or any other anti-virus products - for use as a spying tool. Any malicious actor who gains administrative access to a computer could theoretically engage in file searching activity on the computer or subvert almost any application running on it (which is the type of activity that Kaspersky Lab products are designed to detect and prevent).

“The article presents no evidence that Kaspersky Lab products have ever been used as a spying tool. In addition, all popular anti-virus security software – not just Kaspersky Lab products – have the capability to search for malicious files. Because the allegations in the article could be directed at almost every software security product in the industry, such allegations risk damaging not just our reputation, but that of the entire IT security industry.

“Further, it is not possible for Kaspersky Lab products to secretly deliver a specific signature or update to a single user, because all our signatures are available - and visible - to our users; and updates are digitally signed, further making it impossible to fake an update.

“It is unfortunate that unsubstantiated allegations against Kaspersky Lab continue. Through the company’s new Global Transparency Initiative, not just our initial source code, but also all subsequent code updates will be available for review by experts, in addition to our threat detection rules.

“The article also contains a number of other inaccuracies, and Kaspersky Lab would like to set the record straight on a few of these points:

• Kaspersky Lab has not secured contracts with US government agencies, but consistent with the practice of most software companies, Kaspersky Lab operates a two-tier channel sales model by which it sells Kaspersky Lab products to customers through distributors and resellers. Kaspersky Lab has no visibility into the terms of any sales that its resellers may make to federal agencies. Kaspersky Lab has never specifically targeted software sales to any particular US Government customer.
• Kaspersky Lab has not confirmed that it found hacking software on an N.S.A. employee’s computer. Kaspersky Lab confirmed that its anti-virus product found suspected Equation malware source code on a personal computer in 2014, but Kaspersky Lab does not know the identity of the individual that owned or used the computer.
• Kaspersky Lab’s products have never been used as a backdoor for Russian intelligence or any other intelligence agency to scan computers belonging to Kaspersky customers.

“Kaspersky Lab is committed to earning and maintaining the trust of its customers, and our products adhere to highest standards of the cybersecurity industry, with similar levels of access and privileges to the systems they protect as any other popular security vendors.” – Attributable to Kaspersky Lab.