Kaspersky Labs Hacked "By Government"

John Lister's picture

Kaspersky Lab, one of the biggest security software firms, says its own internal network was attacked by hackers. The company heavily implied that a national government was behind the hack.

Owner Eugene Kaspersky says the hackers were able to access confidential internal data relating to research and development into new and improved security techniques. The attack didn't delete or change any data, or affect any performance. The company is also quick to stress that no customers were affected by the move and that it's products continue to work as designed.

Attack Method Impressive, Kaspersky Concedes

According to Kaspersky, the attack method was "a generation ahead of anything we'd seen earlier -- it uses a number of tricks that make it really difficult to detect and neutralize." Speaking from a practical, rather than moral perspective, he even described the technical approach as "quite brilliant." (Source: forbes.com)

One of the key features of the attack was that the malware wasn't installed on the servers and hard drives of Kaspersky computers. Instead it was distributed and hid within memory in a way that meant it remained active, yet undetected for some time.

While crediting the technical approach, Kaspersky called the attack a dumb move, saying that because his firm was eventually able to detect and analyze the attack, the hackers have "lost a very expensive technologically-advanced framework they'd been developing for years."

Hacking likely the Work of Government

Kaspersky has dubbed the attack group "Duqu 2.0", which refers to a form of malware developed from the Stuxnet attacks. That was widely distributed malware, commonly believed to be the work of the US government, with the primary aim of compromising Iranian nuclear technology.

According to Kaspersky, the same people who attacked his firm have used the same techniques to try to spy on attendees at an Auschwitz liberation anniversary commemoration and talks on Iran's nuclear program.

He says the attacks were "presumably state-sponsored" and that "governments attacking IT security companies is simply outrageous. We're supposed to be on the same side as responsible nations." Kaspersky adds that as well as publicizing the attacks, the company has reported it to law enforcement officials, something that's company policy regardless of who the suspected attackers are. (Source: kaspersky.com)

What's Your Opinion?

Is it legitimate for governments to use malware as part of their international security agency operations? Would such a government be responsible for the consequences if and when the malware spreads to the general public? If such a strategy is valid, does spying on a security firm which is trying to counter such malware go too far?

Rate this article: 
Average: 5 (10 votes)

Comments

jsalter_4741's picture

First, the naïve hopeful person inside of me says that no one should hack.

Given that isn't happening anytime soon, I believe who the hacker is becomes less important than the fact of the hacking. Congratulations to Kaspersky on finding and then neutralizing the attack. If someone is stupid enough to hack a site that is looking for hacks all the time, they deserve to be caught. We can only hope more will do so and companies like Kaspersky will make them even less effective in the future.

My thought that the identity of the hacker is less important than the hack itself does not absolve the hacker. I've spent hours and hours rebuilding my network after 'successful' crypto-locker type attacks where unsuspecting email users opened supposedly safe emails. After the first attack, we greatly increased the frequency and depth of our backups and added more filters to incoming items, but I know we are not completely safe. What might have started as pranks became criminal with exploits like the various crypto clones. I hope they are all caught and rot in jail for a long time.

Doccus's picture

Not the US, unless they're assisting. I mean, DOH!
"Quote- According to Kaspersky, the same people who attacked his firm have used the same techniques to try to spy on attendees at an Auschwitz liberation anniversary commemoration and talks on Iran's nuclear program."
The targets totally give it away, along with the fact it's a stuxnet modification.
Israel (i.e. Mossad). They're at it again..., And boy I'll likely get flac for saying this!

Rodney.h53_4744's picture

it's great stuff we have out there in the digital world but it's a very small and curious world... you are already aware that digital information isn't secure. don't go about thinking that it is. Really makes no difference who is the culprit, or why...the fact is it happens... everyday. and it will continue. i can almost guarantee someone has already infiltrated your system. but chatting about it is just chat nothing more. its the way of the world...so sorry for your disappointment.

jomar's picture

The gov was recently hacked, or so they say. Now kaspersky was hacked,...we don't need better antivirus, we need a way to have privacy. Privacy or piracy,..it is either that or abstain from internet use. So now the gov will encrypt all their data, but we will still be vulnerable to intrusion and spying by any and all. Now anything you put on the internet can be seen, recorded, deleted, the only option is to make a hard copy for future reference. So much for the information highway.