Vulnerabilities / Threats

5/15/2018
04:50 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Kaspersky Lab to Move Some Core Operations to Switzerland

Most customer data storage and processing, software assembly, and threat detection updates will be based in Zurich.

Moscow-based Kaspersky Lab plans to relocate most of its core infrastructure and operations to Switzerland in a bid to allay concerns the company is vulnerable to Russian-government influence.

By the end of 2019, customer data storage and processing for most regions including the US and North America will be based in Switzerland. So too will most software assembly operations and threat detection updates, the security vendor said this week. Kaspersky Lab will arrange for all activity in its Switzerland facility to be supervised by an independent third party to ensure full transparency.

The move is part of a broader effort by Kaspersky Lab to reestablish market trust following accusations by the US government that the company is vulnerable to interference from Russian intelligence and the government in Moscow. The concerns are primarily tied to an incident where the AV firm allegedly collected classified data belonging to the US National Security Agency (NSA) from the computer of an NSA contractor.

Kaspersky Lab has said its AV software automatically collected a file containing source code for a secret NSA hacking tool as part of its usual malware analysis process. Kaspersky Lab has maintained that its AV technology flagged the file as potentially malicious and uploaded the software to its network for analysis. But the company quickly deleted the data after determining what it was, Kaspersky has claimed. Critics, meanwhile, accused the company of helping Russian intelligence steal the data as part of a broader and systematic data theft campaign.

The Trump administration last December formally banned US government agencies from using Kaspersky Lab's range of antivirus and anti-malware tools. The ban, included in a broader spending bill, required all federal agencies to purge their systems of Kaspersky Lab software in 90 days.

The security vendor has sued the US government over the ban while also committing to make its operations more transparent to show it is not operating under Russian government influence. Last year, Kaspersky Lab announced the company would establish a total of three Transparency Centers worldwide from where it will carry out a majority of its operations under supervision by a trusted third-party. The company has also offered up its source code for third-party inspection under the transparency program.

The Switzerland center is the first of those transparency centers and demonstrates Kaspersky Lab's commitment to openness a spokeswoman says. "The Transparency Center will be created and operated by Kaspersky Lab and will serve as a facility for trusted responsible third-parties from both the public and private sectors to review and evaluate the source code of Kaspersky Lab software and software updates," she said. Source code for public releases will be stored in Switzerland and will be available for independent review.

Assembly Tools

The security vendor's new facility in Zurich will also host Kaspersky's software build conveyor — a set of tools the company uses to assemble its anti-malware software. By the end of this year, Kaspersky Lab will start assembling all products and threat detection rule databases for worldwide use out of its Swiss center.

"A third party organization will have all necessary access to processes and products and will decide for itself what to review," the spokeswoman said. The third party organization will be a non-profit entity that will be established independently for the purpose of producing professional technical reviews of Kaspersky Lab products. "On a regular basis the third-party organization will report publicly on its activities, and everyone will have an opportunity to access these reports," she said.

The third-party overseer will have access to Kaspersky's software development documentation, source code of publicly released products and access to the rules and databases the vendor uses for threat detection. Kaspersky Lab will also provide access to the source code of cloud services handling and storing data belonging to customers in North America, Europe and other regions.

Kaspersky Lab will continue to use the current software build conveyer in Moscow for creating products and AV bases for the Russian market.

Wesley McGrew, director of cyber operations at security consultancy Horne Cyber, says the measures that Kaspersky Lab is taking should help increase confidence among private businesses and individuals. But the vendor will still have its work cut out among potential government clients in the US and elsewhere.

"With competitors to choose from that haven't had the same accusations placed against them, governments aren't going to be quick to place trust back in Kaspersky," McGrew predicts. A lot will depend on the extent and the type of the visibility that the independent observer will have over Kaspersky's operations.

"The nature of antivirus software, with its high degree of privileged access to systems and networks, requires a lot of trust in the software, and how it is maintained and operated over time," McGrew notes. "Oversight will need to be comprehensive across the entirety of Kaspersky operations to convince people of the lack of Russian government influence."

Related Content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19301
PUBLISHED: 2018-11-15
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVE-2018-5407
PUBLISHED: 2018-11-15
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-14934
PUBLISHED: 2018-11-15
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVE-2018-14935
PUBLISHED: 2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVE-2018-16619
PUBLISHED: 2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows XSS.