Finance Bina Nusantara
Security firm Kaspersky Lab Hacked by A ‘Nation State’
Security firms are supposed to keep us safe from threats like malware and hacker attacks, but occasionally they fall foul of the bad guys too. A year ago Avast was hacked, and some 400,000 user details were stolen. Two years ago, AVG and Avira had their websites taken over by pro-Palestinian hackers.
The latest security firm to be hacked is Russian anti-virus software maker Kaspersky Lab.
In a post on the company’s blog, Chairman and CEO Eugene Kaspersky says the attack on its own internal networks was “complex, stealthy, [and] it exploited several zero-day vulnerabilities”. The firm is also very confident that there was a “nation state” behind it all.
Antivirus firms like to name threats, and Kaspersky Lab has labeled this particular attack Duqu 2.0, after the Duqu Trojan which was used in attacks on Iran, India, France and Ukraine back in 2011.
Kaspersky Lab believes the purpose of the hack was to steal the company’s secrets, and says the attack was “a generation ahead of anything we’d seen earlier — it uses a number of tricks that make it really difficult to detect and neutralize. It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed”.
The firm views the hack as being mostly a good thing because despite its sophistication, Kaspersky Lab was able to detect it, and now has everything it needs to protect customers against future attacks. No products or services were compromised in the hack, and customers remain perfectly safe.
Duqu 2.0 wasn’t only used to spy on Kaspersky Lab but, according to the firm, also used to spy “on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz”.
If, as Kaspersky Lab believes, a nation state is behind the attack, there’s obviously one important unanswered question — which one? The company isn’t saying. Whether it’s because it doesn’t know, or simply doesn’t want to get involved in that kind of finger-pointing is a matter for debate.
Source: http://betanews.com/2015/06/10/security-firm-kaspersky-lab-hacked-by-a-nation-state/
