Are you ready for a tech story that reads as if it’s straight out of a Bond film?
For more than 10 years, Kaspersky Lab has been manipulating rival antivirus companies into deleting or disabling harmless files on your PC, according to a Reuters report.
Two unnamed Reuters sources claim the Russian security software developer targeted Microsoft, AVG, Avast and other developers by reverse-engineering their virus detection software to figure out how to flag good files as malicious.
The attack was made possible by widespread information-sharing among rivals in order to stay a step ahead of hackers and faulty programs. It is also what enabled Kaspersky rivals to begin copycatting Kaspersky software, which is what prompted Eugene Kaspersky, the company’s founder, to begin the attack.
A Kaspersky Lab statement sent to TechRadar Pro declined the allegations.
Reuters writes that Kaspersky Lab previously complained about copycats and called on his competitors to respect intellectual property. When those requests fell on deaf ears, Kaspersky ran an experiment to determine if his competitors were stealing directly from his company’s ideas.
Kaspersky created 10 harmless files and told VirusTotal, an information aggregator that shares data with security companies, it regarded them as malicious. All 10 files were promptly declared dangerous by as many as 14 security companies, according to the Reuters report.
This is when Kaspersky began injecting bad code into PC software and sending the corrupted files to VirusTotal in order to manipulate competitors into disabling or deleting the files.
The legal implications
It will take forensic computer scientists backtracking the claims Kaspersky made to TotalVirus to determine if any illegal activity occurred, Craig Delsack, a New York City-based technology and media attorney at NYCCounsel.com told TechRadar Pro.
“The case is only as good as the data that’s still around,” he said. “If you follow the trail and fingerprints from TotalVirus and connect the dots and see who submitted these problematic claims [then you can make a case].”
Delsack said the allegations made by the unnamed sources, if proven to have occurred, would be violations of the Stored Communications Act 18 U.S.C. Chapter 121. The first offense is punishable by up to five years in prison, as well as a fine. The second offense is punishable by up to 10 years in prison for each subsequent act.
“It’s illegal to hack into someone’s computer and damage it. Although it wasn’t Kaspersky software directly [that affected PCs], that software was manipulated by Kaspersky and caused damage to people’s computers,” Delsack said.
“Whether you’re a hacker [directly], or if you’re manipulating others to delete those files, you’re responsible,” he added.
Delsack said it is also likely that Microsoft and the other companies allegedly attacked by Kaspersky could sue for damages if they are able to prove the attack harmed their reputation or triggered lost sales. Delsack would not speculate on what the amount of the damages might be.
Do unto others
Kaspersky is not immune to attacks. In June, Kaspersky Lab revealed that its systems had been hacked by an unnamed nation-state looking to access other targets.
The attack, Duqu 2.0, was caught in the early stages and Kaspersky claimed at the time that none of its clients had been impacted.
Kaspersky also claims in 2012 it was “among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections.” Kaspersky claims it attended “a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan,” but that it is still unclear who was behind this attack.