Tampered Computer Security Products

We can't help but to ask ourselves "how secure are computer security products" when we learn about tampered computer security products that spy on people instead of protecting them.

In a recent story, The Wall Street Journal reported that Russian government hackers stole classified information about National Security Agency (NSA) from a contractor’s computer by exploiting Kaspersky’s antivirus software. The report suggested that Kaspersky Lab, a Moscow-based computer security firm may have aided the Russian spying operations against the US.

The New York Times also reported back in 2015 that Kaspersky first noticed intrusion by Israel and stated that “a sophisticated cyberespionage actor” had infiltrated its systems using code that resembled a previous attack. Kaspersky dubbed the effort “Duqu 2.0” and drew a connection between methods used in the new intrusion and those employed by Stuxnet, a cyber weapon developed for use against Iran by the U.S. and Israel.

It’s unclear whether Kaspersky was party to the exploitation of its software and collusion with the Russian government to spy on people or hackers penetrated its systems and modified its computer security product so that the Russian government can hack into people’s computers when they install the malicious anti-virus software. It was reported that Kaspersky may have colluded with the Russian government to spy on people’s computers, but Kaspersky denies the allegations and Germany’s federal cybersecurity agency BSI also told Reuters that it had not detected any threat from Kaspersky software but would work in cooperation with U.S. intelligence agencies. It sounds like Kaspersky may have been hacked or accessed by multiple parties whether to spy on other hackers or modify the software code.

Isn’t it funny that we now have to worry that anti-virus software or any computer security product which are supposed to protect our computers from threats can become malicious themselves? So, the question now is, how secure are computer security products that people install on their computers? My guess is no one knows at least on a timely basis except for the guys who are exploiting them. In the case of Kaspersky Lab, they didn’t report the incident, the Israeli intelligence officers did. It remains to be verified whether Kaspersky is being set up, was party to a collusion, or was hacked because the company stated “Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question. Kaspersky Lab reiterates its willingness to work alongside U.S. authorities.”

That said, whether Kaspersky colluded with a third party (by force or willingly), or was setup alongside the Russian government, or was negligent in protecting its source code that people entrust, what we can learn from this incident is that computer security products that people and businesses buy may be tampered with which can make our computers less secure. Also, regardless of the outcome of the investigation, Kaspersky may have a difficult time to recover from this incident or incorrect news, whichever happens to be.

Unfortunately, there is not much that users and businesses can do to protect themselves in such cases. Perhaps, the computer products can be validated by a third party and certified to give reasonable confidence that the program source code is free from unauthorized agents that can spy on people and their computers.

Another step that people can take is to immediately uninstall and replace computer products that are reportedly tampered with. Unfortunately although some news may be fake or incorrect, users have no choice but to act upon learning of these news and remove the computer security product from their computers immediately. Also, don’t forget to reset your computer to factory settings just in case the product installed a malicious code somewhere unknown to the software uninstall program.