Did Kaspersky really ‘hack’ its rivals?

Known best for uncovering security hacks and protecting consumers with its security software, Kaspersky Lab doesn’t seem like a company who would attack other firms.

But according to a new report, Kaspersky has allegedly been trying to damage its rivals by tricking their antivirus software to classify non-threatening files as malicious, so say two former employees.

A supposed secret campaign allegedly targeted the likes of Microsoft, AVG Technologies, Avast Software and other rivals, where some of the firm’s were tricked into deleting or disabling files on their customers’ PCs.

According to Reuters, co-founder Eugene Kaspersky ordered the false positive attacks in response to rivals who he felt were spying on Kaspersky’s software. 

The reasoning behind it was apparently to retaliate against ‘smaller rivals that he felt were aping his software instead of developing their own technology’, or so said the former employees.

They also said that Kaspersky manipulated false positives off and on for over 10 years, with the peak period being between 2009 and 2013.

So did Kaspersky really hack its rivals? In a statement the firm told PCR that it carried out a onetime experiment back in 2010, where the company uploaded non-malicious files to the VirusTotal multi-scanner, which would not cause false positives (something the company has been accused of).

But Kaspersky claims all of the findings were made public and proved to be harmless and useless. You can read the full statement from Kaspersky at the bottom of this article.

In the report, a Microsoft researcher stated that there was a period of time during 2013 when consumers were complaining that Redmond’s antivirus software was quarantining important printer files. Plus, the firm also revealed that thousands of harmless files were being falsely declared as malicious content.

These allegations against the security firm are damaging, but since Eugene Kaspersky has denied the claims himself via Twitter, perhaps in this case the accusations may be false. 

I don’t usually read @reuters. But when I do, I see false positives. For the record: this story is a complete BS: https://t.co/m0Rcy2Vm6Y

— Eugene Kaspersky (@e_kaspersky) August 14, 2015

In a statement, Kaspersky told PCR: “Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false.

"As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted.

“In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves.

"We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior) https://securelist.com/blog/opinions/30611/on-the-way-to-better-testing/.

"After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points. Read more here: https://securelist.com/blog/incidents/30613/cascading-false-positives/

“In 2012, Kaspersky Lab was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan.

"It is still unclear who was behind this campaign.”