{"id":10302,"date":"2018-02-02T15:45:40","date_gmt":"2018-02-02T11:45:40","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/frequently-alleged-nonsense\/10302\/"},"modified":"2022-05-05T11:00:16","modified_gmt":"2022-05-05T07:00:16","slug":"frequently-alleged-nonsense","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/frequently-alleged-nonsense\/10302\/","title":{"rendered":"Many fictions don&#8217;t add up to a fact"},"content":{"rendered":"<p><a href=\"https:\/\/me-en.kaspersky.com\/blog\/files\/2018\/02\/kaspersky-protection-default.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/me-en.kaspersky.com\/blog\/files\/2018\/02\/kaspersky-protection-default-1024x672.jpg\" alt=\"\" width=\"1024\" height=\"672\" class=\"aligncenter size-large wp-image-10303\"><\/a><br>\nYou may have noticed some noise around Kaspersky Lab recently. The year 2017 was unprecedented for us: We\u2019ve never seen so many articles from media sources accusing Kaspersky Lab of different kinds of misbehavior \u2014 all without any substantive proof.<\/p>\n<p>We don\u2019t really know who\u2019s behind the noise and where this desire to harm the company comes from, but it\u2019s clearly done with one purpose: to ruin Kaspersky Lab\u2019s reputation as one of the world\u2019s most renowned and trusted cybersecurity companies.<\/p>\n<p>Most of the articles published feature biased coverage, a lack of alternative positions, and, apparently, zero desire to fact-check. That kind of coverage has nothing to do with independent journalism \u2014 in fact, it\u2019s similar to propaganda. About 80% of the arguments are based on claims from anonymous sources or false accusations, and only about 20% of the information is the truth. The 20% is key to giving the stories a veneer of believability.<\/p>\n<p>To show you what they do and how they do it, we\u2019ve come up with a collection of the most widespread false accusations and biased opinions about Kaspersky Lab that some journalists are frequently using and borrowing from each other. Here\u2019s how it\u2019s done.<\/p>\n<h3>Fiction: You can search users\u2019 computers using Kaspersky Lab products and steal files from them<\/h3>\n<p>Fact: Files from users\u2019 computers are uploaded only on rare occasions and only when they are new and behave suspiciously. Threat detection rules, including ones that enable such uploads, are the same for the whole world, and any interested party can inspect them by reviewing database updates.<\/p>\n<p>Kaspersky Security Network (KSN) technology is a cloud knowledge base that accumulates data about new threats and potentially malicious files. It can upload suspicious files from our customers\u2019 computers to our servers for analysis. But that doesn\u2019t mean it can be used as a remote access tool or as a search engine. An analyst can\u2019t secretly search through random files on users\u2019 devices. Every detection rule issued is available for everyone for one and only one reason: to protect our customers from malware.<\/p>\n<p>It\u2019s also important to note that unlike with many other products on the market, Kaspersky Lab users have control over data sharing \u2014 their participation in KSN is voluntary, and they may disable telemetry reporting at any time.<\/p>\n<p>Perhaps the best illustration of how KSN technology really works is the incident involving source code from Equation (that is, allegedly related to the NSA) malware being uploaded to our server. A couple of months ago we explained how it all happened; for the whole story, see <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/internal-investigation-preliminary-results\/19894\/\" rel=\"noopener noreferrer nofollow\">this post<\/a>, but here is a short version:<\/p>\n<ul>\n<li>Our product installed on a computer detected Equation malware that was already known to us.<\/li>\n<li>Using proactive protection technology, our product also detected another, previously unknown, malicious file that was contained in a 7-Zip archive.<\/li>\n<li>Our product sent this 7-Zip archive to our antivirus researchers for analysis.<\/li>\n<li>It turned out that aside from malware executables, the archive also contained the source code of new Equation malware (which we deleted; we need only executable files to develop protection).<\/li>\n<\/ul>\n<p>The key point here is that we didn\u2019t search that computer, let alone target any specific documents on it. The only thing that can trigger detection and subsequent file upload is a malicious or potentially malicious file. An <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/about\/press-releases\/2017_trust-first-kaspersky-lab-launches-its-global-transparency-initiative\" rel=\"noopener noreferrer nofollow\">independent review<\/a> will soon prove that is exactly how the KSN technology works.<\/p>\n<p>And the last point: All threat detection rules in our products are publicly available and visible to all. So any rule like the one described above can be checked by interested third parties.<\/p>\n<h3>Fiction: Kaspersky Lab\u2019s office in the US is about to close, and all that\u2019s left is a small team<\/h3>\n<p>Fact: We just completed renovations in our North American headquarters, which is located just north of Boston, in Woburn, Massachusetts. More than 250 members of our North American team are now working from a modernized office space or remotely across the North American region, including Canada.<\/p>\n<p>In addition, the North American team recently gathered for its annual kickoff event, where together, team members discussed strategic plans for the region in 2018.<a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/02\/02154603\/klna-kickoff-2018.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/02\/02154603\/klna-kickoff-2018-1024x682.jpg\" alt=\"\" width=\"1024\" height=\"682\" class=\"aligncenter size-large wp-image-10305\"><\/a><\/p>\n<h3>Fiction: Kaspersky Lab never investigates Russian-speaking cyberespionage<\/h3>\n<p>Fact: It\u2019s very easy to demonstrate that Kaspersky Lab has investigated dozens of threats with Russian-language roots. In our <a target=\"_blank\" href=\"https:\/\/apt.securelist.com\/\" rel=\"noopener noreferrer\">Targeted Cyberattacks Logbook<\/a>, we collect all of the advanced persistent threats (APTs; most APTs are connected to cyberespionage) that our Global Research and Analysis Team have investigated. Choose <em>Russian<\/em> in the <em>Language behind the APT<\/em> drop-down menu to see them.<\/p>\n<p>To save you the search, our company\u2019s experts have published at least 17 reports about APT attacks with Russian language included in the code, including <a target=\"_blank\" href=\"https:\/\/securelist.com\/analysis\/publications\/36740\/red-october-diplomatic-cyber-attacks-investigation\/\" rel=\"noopener noreferrer\">RedOctober<\/a>, <a target=\"_blank\" href=\"https:\/\/securelist.com\/featured\/68083\/cloud-atlas-redoctober-apt-is-back-in-style\/\" rel=\"noopener noreferrer\">Cloud Atlas<\/a>, <a target=\"_blank\" href=\"https:\/\/securelist.com\/analysis\/publications\/65545\/the-epic-turla-operation\/\" rel=\"noopener noreferrer\">Epic Turla<\/a>, and many more.<a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/02\/02154615\/apt-securelist-screenshot.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"901\" height=\"1024\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2018\/02\/02154615\/apt-securelist-screenshot-901x1024.jpg\" alt=\"\" style=\"width:70%\" class=\"aligncenter size-large wp-image-10307\"><\/a><\/p>\n<p>In the Logbook, you can also check out which Arabic-, Chinese-, English-, French-, Korean-, and Spanish-speaking advanced actors our researchers have also investigated. We do not care what language bad guys speak or who they work for. We\u2019re doing our best to protect our customers from any malefactors, regardless of their origin or intention. Some may dislike Kaspersky Lab for this principle, but it has never stopped us and it never will.<\/p>\n<h3>Fiction: Every company in Russia is under KGB\/FSB control; Kaspersky Lab is from Russia, therefore it\u2019s also under KGB\/FSB control<\/h3>\n<p>Fact: We often disrupt operations and hacker groups, including really significant ones, that are allegedly connected to or owned by Russian intelligence services. Of the Russian-speaking APTs we have investigated in the past few years, two deserve special attention: the <a target=\"_blank\" href=\"https:\/\/securelist.com\/the-cozyduke-apt\/69731\/\" rel=\"noopener noreferrer\">CozyDuke<\/a> (also known as CozyBear, or APT29) and the <a target=\"_blank\" href=\"https:\/\/securelist.com\/sofacy-apt-hits-high-profile-targets-with-updated-toolset\/72924\/\" rel=\"noopener noreferrer\">Sofacy<\/a> (also known as Fancy Bear or APT28) are both believed to be tied to Russian intelligence agencies. Note that we published our research on these groups in 2015.<\/p>\n<p>In fact, we were the first to report on CozyDuke\/CozyBear.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The first public analysis and naming of <a href=\"https:\/\/twitter.com\/hashtag\/CozyDuke?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CozyDuke<\/a> \/ <a href=\"https:\/\/twitter.com\/hashtag\/CozyBear?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CozyBear<\/a> was in April 2015 in this Securelist article: <a href=\"https:\/\/t.co\/IVJSTy1wFl\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/IVJSTy1wFl<\/a><\/p>\n<p>\u2014 Costin Raiu (@craiu) <a href=\"https:\/\/twitter.com\/craiu\/status\/956799550810935296?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 26, 2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A year later, in 2016, malicious tools made by these very actors were found on US Democratic National Committee (DNC) computers during the investigation of <a target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Democratic_National_Committee_cyber_attacks\" rel=\"noopener noreferrer nofollow\">the DNC cyberattacks<\/a>. According to investigators, the attacks began in 2015.<\/p>\n<p>If Kaspersky Lab was controlled by Russian intelligence, why would they let us publish research on APTs allegedly tied to Russian intelligence at the very same time these groups <a target=\"_blank\" href=\"https:\/\/www.wired.com\/2016\/06\/hack-brief-russias-breach-dnc-trumps-dirt\/\" rel=\"noopener noreferrer nofollow\">reportedly<\/a> were hacking US elections?<\/p>\n<p>Let us be very clear: Kaspersky Lab is not under the control of the FSB.<\/p>\n<h3>Fiction: Kaspersky Lab\u2019s top management are former KGB, and there\u2019s no such thing as \u201cformer\u201d when it comes to the KGB<\/h3>\n<p>Fact: In particular, three names pop up from time to time in the media when it comes to <em>alleged <\/em>ties between Kaspersky Lab\u2019s top management and the KGB. They are: CEO Eugene Kaspersky himself, Chief Legal Officer Igor Chekunov, and Chief Operating Officer Andrey Tikhonov.<\/p>\n<p>First of all, it\u2019s not all the same when it comes to the KGB. For example, Eugene Kaspersky graduated from the cryptographic high school of the KGB, which is now named the Institute of Cryptography, Communications and Informatics; however, he never served in the KGB (or the FSB, for that matter). It\u2019s also important to note that Eugene grew up in the Soviet era, when almost every educational opportunity was sponsored by the government in some manner.<\/p>\n<p>Igor Chekunov did his compulsory military service at the State Border Service, which back in those times was a branch of the KGB, and Andrey Tikhonov worked in a research institution that was related to the Ministry of Defense, but not the KGB.<\/p>\n<p>Second, Kaspersky, Chekunov, and Tikhonov have been with the company for ages, since it was a small start-up in the very niche area of \u201cantivirus security.\u201d That was 10 to 15 years before cybersecurity went mainstream, and it was of no interest to the Kremlin, or Lubyanka, or anyone else in that realm. It would be weird (and flat-out wrong) to assume these executives were introduced into the company\u2019s top management to give Russian spies leverage in Kaspersky Lab\u2019s actions.<\/p>\n<h3>Fiction: Kaspersky Lab helps Russian law-enforcement agencies during investigations, which means it works for the Russian government<\/h3>\n<p>Fact: We do help law-enforcement agencies to investigate cybercrimes, but not just Russian agencies. We are open to collaboration in other countries as well. In fact, we provide assistance to many LEAs all over the world, as well as to international organizations such as Europol and Interpol. Our experts have a lot of experience with cyberforensics. And Kaspersky Lab benefits from this cooperation because it allows our researchers to gather more information on the newest threats, which in turn helps keep everyone protected.<\/p>\n<h3>Fiction: There wouldn\u2019t be so many accusations if Kaspersky Lab wasn\u2019t in fact tied to Russian spies<\/h3>\n<p>Fact: No credible evidence has been presented of Kaspersky Lab inappropriately helping Russian (or any other) intelligence agencies. Why? Simply put, no evidence exists because Kaspersky Lab (and its CEO) has no inappropriate ties to any government.<\/p>\n<p>We have never spied, nor will we ever spy, on our users. Such accusations are always based on information given by anonymous sources, who may have a hidden agenda. In addition, more recent articles rely on older pieces that suggest these false allegations are proven facts \u2014 even though they aren\u2019t, and never will be.<\/p>\n<p>That\u2019s how propaganda works: Keep telling the same story over and over again until people consider it true. No smoke without fire, right? Who needs proof, actual evidence, or even logic?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The story of Kaspersky Lab\u2019s alleged misdeeds is juicy \u2014 let&#8217;s check out how this fiction is made.<\/p>\n","protected":false},"author":2706,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1485],"tags":[1644,477,1510,1645,983,1519,1646,352,1647],"class_list":{"0":"post-10302","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-news","7":"category-special-projects","8":"tag-allegations","9":"tag-apt","10":"tag-banya","11":"tag-cozy-bear","12":"tag-cozyduke","13":"tag-equation","14":"tag-fancy-bear","15":"tag-kaspersky-lab","16":"tag-sofacy"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/frequently-alleged-nonsense\/10302\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/frequently-alleged-nonsense\/12431\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/frequently-alleged-nonsense\/14591\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/frequently-alleged-nonsense\/12834\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/frequently-alleged-nonsense\/15320\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/frequently-alleged-nonsense\/4703\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/frequently-alleged-nonsense\/21013\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/frequently-alleged-nonsense\/10073\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/frequently-alleged-nonsense\/15807\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/frequently-alleged-nonsense\/19488\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/frequently-alleged-nonsense\/19526\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/frequently-alleged-nonsense\/19533\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/banya\/","name":"banya"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=10302"}],"version-history":[{"count":5,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10302\/revisions"}],"predecessor-version":[{"id":16046,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10302\/revisions\/16046"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=10302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=10302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=10302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}