Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data

WSJ has a major scoop today. From a report: The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool (could be paywalled), according to current and former U.S. officials with knowledge of the matter. The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company's knowledge, the program searched for terms as broad as "top secret," which may be written on classified government documents, as well as the classified code names of U.S. government programs, these people said. The Wall Street Journal reported last week that Russian hackers used Kaspersky's software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program. The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. But the use of the Kaspersky program to spy on the U.S. is broader and more pervasive than the operation against that one individual, whose name hasn't been publicly released, current and former officials said. This link should get you around WSJ's paywall. Also read: Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'

I'm shocked.

[roc97007]

Shocked, I tell you.

I said, oh, 3 or 5 years ago, or maybe it was 10? ...that an obvious vector was the antivirus product itself. Because trust has to start somewhere, and people tend to trust their antivirus software, because otherwise, what do you do? Throw out your computer and go back to books? (Now that I write that, it doesn't sound like a half bad idea.)

And this was even before the useless nagware McAfee Security Scan started being bundled in everything to hell and gone.

So, in a way, I'm glad this happened, because it might cause people (well, some people... well, a few people) to look a little more critically at their antivirus software.

So everyone should convert to Windows Defender. Just kidding.

Re:I told you so!

[NettiWelho]

I wouldn't be surprised if AV made in the USA does the same, just sending copies to a different three letter agency.

Windows 10 Defender absolutely does this. The description however promises that if the file is a "personal document" it asks for your permission first.. Upon asked what count as personal document microsoft has anwsered it means a file created with "default windows 10 apps".

Re: Same song and dance.

[Xuranova]

From wiki:
"Three months later, on August 1, 2007, News Corporation and Dow Jones entered into a definitive merger agreement.[24] The US$5 billion sale added The Wall Street Journal to Rupert Murdoch's news empire, which already included Fox News Channel, financial network unit and London's The Times, and locally within New York, the New York Post, along with Fox flagship station WNYW (Channel 5) and MyNetworkTV flagship WWOR (Channel 9).[25]"