Cybersecurity

Kaspersky launches transparency initiative

Beleaguered computer security firm Kaspersky Lab announced a new transparency initiative Monday morning, to reestablish some of the trust lost after recent allegations tied the firm to espionage. 

According to media reports, Russian spies used Kaspersky’s version of the file scanning system present in most modern antivirus software to search for classified documents and source code on private computers. The Department of Homeland Security barred the use of Kaspersky products on federal systems six weeks ago. 

Kaspersky has denied any willing involvement. 

The Moscow-based firm’s transparency initiative would open an independent review of the computer code used in Kaspersky products in the first quarter of 2018 and open “Transparency Centers” in Europe, Asia and the U.S. where governments could review the code. 

The company also announced it would investigate its security processes and review its data processing practices — two potential points of failure which hackers could have used to investigate files. 

{mosads}Kaspersky also announced it would raise its award to researchers who discover security flaws in its products to a maximum of $100,000. This type of program is known as a bug bounty and is used to crowdsource the discovery of bugs to repair. 

U.S. law enforcement and intelligence partners Germany and Interpol have stated that the United States has not provided any guidance on why Kaspersky products pose a security risk. This may be, in part, because the intelligence referred to in the media reports was allegedly originally procured by Israel. 

Without a reason to distrust Kaspersky, Interpol inked a threat-sharing agreement between the firm and the law enforcement agency amid the U.S. allegations. A senior official in Interpol decried the U.S. federal ban on Kaspersky tools as dangerous “balkanization,” language that Kaspersky boss Eugene Kaspersky picked up on in his statement announcing the transparency initiative. 

“Internet balkanization benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don’t work like they should,” he said in the statement.