Security firm Kaspersky Lab hacked by a 'nation state'
Security firms are supposed to keep us safe from threats like malware and hacker attacks, but occasionally they fall foul of the bad guys too. A year ago Avast was hacked, and some 400,000 user details were stolen. Two years ago, AVG and Avira had their websites taken over by pro-Palestinian hackers.
The latest security firm to be hacked is Russian anti-virus software maker Kaspersky Lab.
In a post on the company's blog, Chairman and CEO Eugene Kaspersky says the attack on its own internal networks was "complex, stealthy, [and] it exploited several zero-day vulnerabilities". The firm is also very confident that there was a "nation state" behind it all.
Antivirus firms like to name threats, and Kaspersky Lab has labeled this particular attack Duqu 2.0, after the Duqu Trojan which was used in attacks on Iran, India, France and Ukraine back in 2011.
Kaspersky Lab believes the purpose of the hack was to steal the company’s secrets, and says the attack was "a generation ahead of anything we’d seen earlier -- it uses a number of tricks that make it really difficult to detect and neutralize. It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed".
The firm views the hack as being mostly a good thing because despite its sophistication, Kaspersky Lab was able to detect it, and now has everything it needs to protect customers against future attacks. No products or services were compromised in the hack, and customers remain perfectly safe.
Duqu 2.0 wasn’t only used to spy on Kaspersky Lab but, according to the firm, also used to spy "on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz".
If, as Kaspersky Lab believes, a nation state is behind the attack, there’s obviously one important unanswered question -- which one? The company isn’t saying. Whether it's because it doesn't know, or simply doesn't want to get involved in that kind of finger-pointing is a matter for debate. However, Eugene Kaspersky did have this to say:
Governments attacking IT security companies is simply outrageous. We’re supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld. We share our knowledge to fight cybercrime and help investigations become more effective. There are many things we do together to make this cyberworld a better place. But now we see some members of this 'community' paying no respect to laws, professional ethics or common sense.
People living in glass houses shouldn’t throw stones.
To me, it’s another clear signal we need globally-accepted rules of the game to curb digital espionage and prevent cyberwarfare. If various murky groups -- often government-linked -- treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk. So I’m once again calling on all responsible governments to come together and agree on such rules, and to fight against cybercrime and malware, not sponsor and promote it.