Kaspersky Lab accused of targeting rivals with false-flag campaign
Former employees claim secret hit-squad worked to fool competing software into flagging safe files
Russian cyber-security firm Kaspersky Lab stands accused of trying to discredit rivals, by tricking their protection software into treating benign files as malware, Reuters reported, citing two former Kaspersky Lab employees.
Targets of the campaign reportedly included Microsoft and AVG, and led to the disabling and deletion of critical files on their clients' machines.
Reuters' sources claim some of the attacks were carried out on the orders of Kaspersky Lab's co-founder, Eugene Kaspersky, as he believed the targets had copied Kaspersky Lab ideas in building their solutions.
"Eugene considered this stealing," said one insider.
Kaspersky Lab issued a firm denial of the accusations.
"Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," it said in a statement. "Such actions are unethical, dishonest and their legality is at least questionable."
The company added that it had been the target of similar false-positive attacks in the past.
Reuters also reported that Microsoft, AVG and Czech Republic's Avast Software had previously claimed to have been targeted by false positives, but none of the companies would comment on the Kaspersky Lab allegations.
The former employees said they were part of a select group of Kaspersky Lab employees that worked on the false-positives campaign. Their job was to reverse-engineer the detection process within rivals' software, so that they could figure out how to achieve a false positive.
The decision to start the campaign, the sources said, was taken following an operation in 2010, in which Kaspersky Lab, in an effort to prove its work was being copied, created 10 harmless files and told Google's aggregator service VirusTotal that they posed a threat. Within a week and a half, the files were declared dangerous by 14 cyber-security companies.
Kaspersky Lab had been anxious to prove that aggregators and information-sharing in the cyber security industry were replacing hard research. When the company presented the findings of its experiment, and the industry failed to take steps to Kaspersky Lab's satisfaction, the Russian company turned to sabotage, the former employees allege.
One method used to concoct a false positive, was to take a piece of standard software found in most PCs and doctor it so that it looked like it was infected. Kaspersky Lab would then anonymously send the mutated file to VirusTotal and wait for it to be shared with other companies.
Although the accusations are likely to prove embarrassing for Kaspersky Lab, which is a major global player in the cyber-security field, false positives have become less of a problem for companies. Several, including Kaspersky Lab itself have said they have taken steps, including increased spend on R&D, to filter out false flags.