Kaspersky Lab’s view: there is no such thing as “right” or “wrong” malware for us

In light of the recent stories on the cooperation between government agencies and tech companies, and in response to an open letter from an international coalition of digital rights organizations Kaspersky

In light of the recent stories on the cooperation between government agencies and tech companies, and in response to an open letter from an international coalition of digital rights organizations Kaspersky Lab shares its policy on the use of software for the purpose of state surveillance.

We have a very simple and straightforward policy as it relates to the detection of malware.  We detect and remediate any malware attack, regardless of its origin or purpose. There is no such thing as “right” or “wrong” malware for us.

Our research team has been actively involved in the discovery and disclosure of several malware attacks with links to governments and nation-states. In 2012, we published our thorough research into Flame and Gauss two of the biggest nation-state mass-surveillance operations known to date. We have also issued public warnings about the risks of so-called “legal” surveillance tools such as HackingTeam’s DaVinci and Gamma’s FinFisher. It’s very trivial for these surveillance tools to fall into the wrong hands, and that’s why the IT security industry can make no exceptions.

In reality, it is very unlikely that any competent and knowledgeable governmental organization will request an antivirus developer (or developers) to turn a blind eye to specific state-sponsored malware. It is quite easy for the “undetected” malware to fall into the wrong hands and be used against the very same people who created it.

While we appreciate the passion of the international coalition to promote civil liberties and privacy rights, we believe there are many other important issues at the moment that require urgent attention.  We encourage thought leaders to pay attention to the flourishing, unregulated marketplace where zero-day exploits are traded among agencies with unlimited budgets. Where, anyone with a large bank account can acquire weaponized documents that can be used to attack anyone, from government organizations to banks and critical infrastructure.

Failure to discuss these issues will result in a fully militarized Internet where the users become nothing more than collateral victims in the massive cyberwar operations between superpowers.

Tips

How to travel safely

Going on vacation? We’ve compiled a traveler’s guide to help you have an enjoyable safe time and completely get away from the routine.