There are certain things that are designed to keep you safe. Locks on your doors and windows, the key to your car, and on your computer: your antivirus program.
Before I came to TOPS, I worked in cybersecurity. So when I learned that a lot of our TOPS clients trust in Moscow-based Kaspersky Lab to handle their security needs, I was a little taken aback.
Antivirus programs are meant to protect you, but, like the Trojan horse, this one brings with it a little something extra that may not feel so safe. So let’s talk about the recent news that broke regarding the Israeli, Russian, and US counterintelligence allegations, and what that means for you as a potential Kaspersky consumer.
What Is Cybersecurity?
The definition of cybersecurity according to Google is “the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.” In layman’s terms, it is what keeps your information out of the hands of people to whom it doesn’t belong. The password on your computer, for example, is a form of cybersecurity.
Any system that houses information such as credit card numbers of clients (your homeowners), bank account numbers, home addresses, etc., needs some form of protection against unauthorized access. That can mean setting up a password on your personal computer so that your coworkers can’t access the information inside. Or, in the cases of large businesses, it can mean the encryption and multi-layered protection offered by cybersecurity software companies to keep outside hackers from accessing the information you’re expected to keep private.
What (Supposedly) Happened
In 2015, Israeli intelligence informed the US National Security Agency (NSA) that they (the NSA) were being watched by Russian government intelligence (the FSB) through a weakness discovered in Kaspersky Lab’s software—which is coincidentally the same weakness Israeli officials used to watch Russia as they watched the US. This weakness was already known to be in existence by US intelligence agencies, as they themselves have admitted to using those same holes before. As of now, on the record there is no US government agency still using Kaspersky software for cybersecurity provisioning.
How Could They Do That?
Antivirus software scans every single file on a system and reads through the raw code to look for things that don’t belong. This could mean a direct virus signature (snippet of code that is unique to a specific virus or hacker), locks or encryption on a file that wouldn’t normally have that, irregularities in the code itself, or program calls that access parts of the system that your average program doesn’t access. When the antivirus program finds an irregularity, it throws a red flag to the consumer. Sometimes the issue is legitimately a virus, and sometimes it isn’t. But what you see on the front end isn’t the only thing that can happen.
Remember how the antivirus program scans all the files on the system? When they do that, it’s a simple matter to save that data to a list somewhere. The software may even do that automatically so they don’t have to do a full system scan every single time you start your machine. If someone (like hmmm the FSB or the NSA) could read that list, or a compiled version of every list from every machine on which the antivirus software is installed, it becomes a sort of Google for cyber spies.
Kaspersky’s Official Statement
Kaspersky has denied any and all knowledge of this breach of security, and emphatically believes that it is not even a possibility for their software. The US NSA has already admitted to using a similar exploit for their own espionage purposes (although they did not disclose which antivirus program they were exploiting). At this point, the onus is on the consumer to decide who, if anyone, is being honest in these scenarios.
We may never know if Kaspersky willingly played favorites to their nation state and helped compromise US secrets, but we do know that they’re a very well-established and high-quality cybersecurity/anti-virus company. As long as you aren’t working for the government, you probably don’t have to lose sleep over using them!
What This Means for You, for TOPS, and for Your TOPS Information
Let’s start by saying that TOPS Software does not use Kaspersky for any security or antivirus purposes. For our hosted and cloud products, like TOPS [ONE] and TOPS iQ, our servers are constantly monitored by industrial security systems, so there should be no need to worry about the safety of your data on these servers.
But if you are using TOPS Professional, or another program where you maintain your own servers and are responsible for your own security, you may have some concerns about the safety of the information you are responsible for.
There's no easy answer in a situation like this, sadly.
Are You Being Watched?
Look. Your data is probably not being hacked by the Russian government. They have bigger fish to fry. But now you know that there is a governmentally-acknowledged weakness in Kaspersky’s software, and any other antivirus software, for that matter.
So any computer you use that houses any kind of confidential client information (like the NSA employee who kept NSA confidential files on his personal computer, which used Kaspersky antivirus) is theoretically “at risk” of being watched.
Is it possible that Russia is watching your community goings-on, tracking how much you’re spending on your lawn care each month? Sure, and it’s also possible for it to rain fish—similarly, the likelihood seems pretty slim to me.
But that doesn’t mean others can’t exploit that weakness. Government funded cyber spies are just one possibility. Any hacker who is, for some reason, aware of, and able to manipulate this weakness can use it however they want. So there is that possibility to consider as well. In fact, many cybersecurity experts argue that, "By its very nature antivirus software is an appealing tool for hackers who want to access remote computers."
At the end of the day, you have to decide if the value of virus prevention outweighs the possibility that your data is being spied on. Your decision to continue to use Kaspersky or to invest in it going forward will be a very personal choice.
If you would feel safer moving to a different anti-virus software or cybersecurity provider (for personal or for professional devices) that’s a decision you should research extensively to see what kind of software best protects the kind of information you have. Or maybe it’s time to think about making the move to the cloud so you can let someone else worry about it for you.