‘Pure fiction’: Kaspersky Lab chief lashes out at claims he sabotaged rival anti-virus programs
“The Reuters story is based on information provided by anonymous former [Kaspersky Lab] employees. And the accusations are complete nonsense, pure and simple,” company founder and CEO Eugene Kaspersky said on his personal blog, adding that disgruntled ex-workers “often say nasty things about their former employers” but the claims are “without a shred of evidence.”
“The reality is that the Reuters story is a conflation of a number of facts with a generous amount of pure fiction.”
According to the alleged eyewitnesses in the Reuters story, for a decade, “company researchers were assigned to work for weeks or months at a time” to reverse engineer other companies’ algorithms for detecting viruses. Then, they allegedly subtly altered vital but harmless files, so that these would be detected by the rivals’ software suites, and placed in quarantine.
“It was decided to provide some problems for rivals. It is not only damaging for a competing company but also damaging for users’ computers,” the source said.
The sources maintained that Kaspersky was spurred into this campaign of malice by his rivals, who fed off the detection methods devised and made available by Kaspersky Lab as part of the information-sharing network between all leading security suites, rather than investing in their own technologies.
“Eugene considered this stealing,” the source said.
A particular incident the sources recalled is when Kaspersky Lab released 10 harmless files tagged as viruses by its program in 2010. Within weeks, 14 more companies followed his lead, without ever bothering to check if the files were dangerous.
Kaspersky did not deny the experiment, which he said involved 20 files, and had been made public, but refuted the other claims.
“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and their legality is at least questionable,” he told Reuters.
Instead he said his company had itself been the target of such ruses, which were particularly prevalent between 2009 and 2013, but appear to have become less popular.
“In 2012-2013, the anti-malware industry suffered badly because of serious problems with false positives. And unfortunately, we were among the companies badly affected. It turned out to be a coordinated attack on the industry: someone was spreading legitimate software laced with malicious code targeting specifically the antivirus engines of many companies, including [Kaspersky Lab],” he wrote on his blog.
Kaspersky recalled taking part in a closed-door meeting among leading cybersecurity players, which focused on the problem and tried to work out a joint action plan. The meeting brought no breakthrough at the time.
AVG and Avast, two of the other leading companies in the market, refused to comment when asked by Reuters whether the Russian company, which says it has a user base of 400 million people, was behind the “false positive” attacks.
Kaspersky, meanwhile, said he has become used to the accusations and similar conspiracy theories, suspecting the report might be yet another instance of someone attempting to defame the company for being successful – or maybe for being Russian.
“Oh yes. But they forgot to add that we conjure all this up during steamy banya sessions, after parking the bears we ride outside,” he said.