Russian web security company Kaspersky Lab responded to accusations related to everything from spying to relations with KGB/FSB, describing all this noise around the company as fiction, without substantive proof.
In blog post, Kaspersky Lab said that all the recent media reports about the company's alleged "misbehavior" are aimed at ruining its reputation. The company went on responding to the most widespread "false accusations" by some journalists.
"We have never spied, nor will we ever spy, on our users. Such accusations are always based on information given by anonymous sources, who may have a hidden agenda. In addition, more recent articles rely on older pieces that suggest these false allegations are proven facts - even though they aren't, and never will be," Kaspersky says.
Kaspersky denied that you can search users' computers using Kaspersky Lab products and steal files from them. The company "said that files from users' computers are uploaded "only on rare occasions and only when they are new and behave suspiciously." Threat detection rules, including ones that enable such uploads, are the same for the whole world, and any interested party can inspect them by reviewing database updates, according to the company.
Kaspersky Security Network (KSN) technology is a cloud knowledge base that accumulates data about new threats and potentially malicious files. It can upload suspicious files from Kaspersky's customers' computers to the company's servers for analysis. "But that doesn't mean it can be used as a remote access tool or as a search engine. An analyst can't secretly search through random files on users' devices," the company said.
In addition, Kaspersky said users' participation in KSN is voluntary, and they may disable telemetry reporting at any time.
The comments on Kaspersky's KSN technology follow an incident involving source code from Equation (that is, allegedly related to the NSA) malware being uploaded to Kaspersky's server. According to the security firm, its product installed on a computer detected Equation malware that was already known to the company. Using proactive protection technology, Kaspersky's product also detected another, previously unknown, malicious file that was contained in a 7-Zip archive. Kaspersky's product then sent this 7-Zip archive to the company's antivirus researchers for analysis. According to Kaspersky, that aside from malware executables, the archive also contained the source code of new Equation malware (which Kaspersky says it deleted, as the company needs only executable files to develop protection).
"The key point here is that we didn't search that computer, let alone target any specific documents on it. The only thing that can trigger detection and subsequent file upload is a malicious or potentially malicious file. An independent review will soon prove that is exactly how the KSN technology works," Kaspersky said.
Kaspersky also denied reports that its office in the US is about to close. The company's North American headquarters, which is located just north of Boston, in Woburn, Massachusetts, occury more than 250 members, according to the company.
Responding to reports that Kaspersky Lab never investigates Russian-speaking cyberespionage. the security firm said that it has investigated dozens of threats with Russian-language roots. These are available in Kaspersky's Targeted Cyberattacks Logbook. The company says its experts have published at least 17 reports about APT attacks with Russian language included in the code, including RedOctober, Cloud Atlas, Epic Turla, and many more.
Being a Russian company, Kaspersky has been accused that it is under KGB/FSB control. The company said that it often disrupts operations and hacker groups that are allegedly connected to or owned by Russian intelligence services. Of the Russian-speaking APTs the company has investigated in the past few years, two deserve special attention: the CozyDuke (also known as CozyBear, or APT29) and the Sofacy (also known as Fancy Bear or APT28) are both believed to be tied to Russian intelligence agencies. The company says it published its research on these groups in 2015. A year later, in 2016, malicious tools made by these very actors were found on US Democratic National Committee (DNC) computers during the investigation of the DNC cyberattacks. According to investigators, the attacks began in 2015.
"If Kaspersky Lab was controlled by Russian intelligence, why would they let us publish research on APTs allegedly tied to Russian intelligence at the very same time these groups reportedly were hacking US elections?" Kaspersky asked in a rhetorical question.
Kaspersky Lab also responded to reports that there have been ties between Kaspersky Lab's top management and the KGB: CEO Eugene Kaspersky himself, Chief Legal Officer Igor Chekunov, and Chief Operating Officer Andrey Tikhonov.
Kaspersky admitted that Eugene Kaspersky graduated from the cryptographic high school of the KGB, which is now named the Institute of Cryptography, Communications and Informatics. "However, he never served in the KGB or the FSB," according to the company.
Kaspersky added that Igor Chekunov did his compulsory military service at the State Border Service, which back in those times was a branch of the KGB, and Andrey Tikhonov worked in a research institution that was related to the Ministry of Defense, but not the KGB.
Kaspersky also denied accusations that it helps Russian law-enforcement agencies during investigations.
"We do help law-enforcement agencies to investigate cybercrimes, but not just Russian agencies. We are open to collaboration in other countries as well. In fact, we provide assistance to many LEAs all over the world, as well as to international organizations such as Europol and Interpol," the company said.