malware

Kaspersky Lab’s view: there is no such thing as “right” or “wrong” malware for us

In light of the recent stories on the cooperation between government agencies and tech companies, and in response to an open letter from an international coalition of digital rights organizations Kaspersky

Konstantin Goncharov
November 7, 2013

In light of the recent stories on the cooperation between government agencies and tech companies, and in response to an open letter from an international coalition of digital rights organizations Kaspersky Lab shares its policy on the use of software for the purpose of state surveillance.

We have a very simple and straightforward policy as it relates to the detection of malware. We detect and remediate any malware attack, regardless of its origin or purpose. There is no such thing as “right” or “wrong” malware for us.

Our research team has been actively involved in the discovery and disclosure of several malware attacks with links to governments and nation-states. In 2012, we published our thorough research into Flame and Gauss two of the biggest nation-state mass-surveillance operations known to date. We have also issued public warnings about the risks of so-called “legal” surveillance tools such as HackingTeam’s DaVinci and Gamma’s FinFisher. It’s very trivial for these surveillance tools to fall into the wrong hands, and that’s why the IT security industry can make no exceptions.

In reality, it is very unlikely that any competent and knowledgeable governmental organization will request an antivirus developer (or developers) to turn a blind eye to specific state-sponsored malware. It is quite easy for the “undetected” malware to fall into the wrong hands and be used against the very same people who created it.

While we appreciate the passion of the international coalition to promote civil liberties and privacy rights, we believe there are many other important issues at the moment that require urgent attention. We encourage thought leaders to pay attention to the flourishing, unregulated marketplace where zero-day exploits are traded among agencies with unlimited budgets. Where, anyone with a large bank account can acquire weaponized documents that can be used to attack anyone, from government organizations to banks and critical infrastructure.

Failure to discuss these issues will result in a fully militarized Internet where the users become nothing more than collateral victims in the massive cyberwar operations between superpowers.

Impressions from the 1st Ibero-American Industrial Security Congress

Talking to colleagues and potential clients during major cybersecurity events always pays back, especially if your field of expertise is Critical Infrastructure Protection. This particular part of the global cybersecurity

Privacy & Kids

TARGETED SECURITY SOLUTIONS

Kaspersky Lab’s view: there is no such thing as “right” or “wrong” malware for us

Prilex blocks NFC transactions

Symptoms indicating one of your devices is being attacked

Impressions from the 1st Ibero-American Industrial Security Congress

Tips

Advertisers sharing data about you with… intelligence agencies

Watch the (verified) birdie, or new ways to recognize fakes

Switching to Kaspersky: a step-by-step migration guide

Is it the boss – or is it a fraudster? Scams disguised as urgent orders from top brass

Sign up to receive our headlines in your inbox

Home Products

Small Business Products

Medium Business Products

Enterprise Solutions

Securelist

Eugene Personal Blog

Encyclopedia