"Kaspersky Lab" recognized the leak source and handed over the police former employee
This morning on the Mash telegram channel an anonymous “plum” was published about the leak of the sources of Kaspersky Lab. It was alleged that an employee of the company “had been downloading the source code of the antivirus for a long time — and in November 2017 posted it on GitHub. "Kaspersky Lab" noticed the discharge in January 2018, after the New Year holidays, achieved the removal of the source code, figured out the culprit - and appealed to the Ministry of Internal Affairs.
"Kaspersky Lab" at 13:08 very quickly made a "refutation" , which in reality confirms many facts. But the company insists that the source has not been merged with the source code of antivirus, and some other products. What - the company does not say. She also does not name the name or position of the offending employee.
“Indeed, a former employee of Kaspersky Lab posted in public access some of the code to which he had legitimate access as part of his work. This code is not part of the antivirus, the press service of the company reported. “The data was discovered the next day, after which it was removed from public access as soon as possible.”
“Having collected all the evidentiary materials, the company appealed to law enforcement agencies. According to these materials, a criminal case was initiated on grounds of a crime under Article 183 of the Criminal Code of the Russian Federation (illegal receipt and disclosure of information constituting commercial, tax or banking secrecy), ”the press service added.
')
So far in this story too much is not clear. It remains only to wait for the leaked source code or at least the list of published files to be re-published in order to assess the degree of threat to users of Kaspersky Lab products. If the source of the antivirus actually hit the Web, as in 2010 , then this protection can be considered compromised, because attackers will certainly try to find vulnerabilities in the program.
We add only that the last time the source code of the antivirus was also leaked by an employee of the company, whom the company also passed to the police. Subsequently, the guy received a term of three years conditionally under the same article 183 of the Criminal Code of the Russian Federation.
UPD. Carefully, in one of the GitHub repositories called Kaspersky leak 2018 Makefile contains the following lines:
If you run this, you can lose the information on / dev / sda.
"Kaspersky Lab" at 13:08 very quickly made a "refutation" , which in reality confirms many facts. But the company insists that the source has not been merged with the source code of antivirus, and some other products. What - the company does not say. She also does not name the name or position of the offending employee.
“Indeed, a former employee of Kaspersky Lab posted in public access some of the code to which he had legitimate access as part of his work. This code is not part of the antivirus, the press service of the company reported. “The data was discovered the next day, after which it was removed from public access as soon as possible.”
“Having collected all the evidentiary materials, the company appealed to law enforcement agencies. According to these materials, a criminal case was initiated on grounds of a crime under Article 183 of the Criminal Code of the Russian Federation (illegal receipt and disclosure of information constituting commercial, tax or banking secrecy), ”the press service added.
')
So far in this story too much is not clear. It remains only to wait for the leaked source code or at least the list of published files to be re-published in order to assess the degree of threat to users of Kaspersky Lab products. If the source of the antivirus actually hit the Web, as in 2010 , then this protection can be considered compromised, because attackers will certainly try to find vulnerabilities in the program.
We add only that the last time the source code of the antivirus was also leaked by an employee of the company, whom the company also passed to the police. Subsequently, the guy received a term of three years conditionally under the same article 183 of the Criminal Code of the Russian Federation.
UPD. Carefully, in one of the GitHub repositories called Kaspersky leak 2018 Makefile contains the following lines:
all:
echo Check depends…
echo Install depends…
sudo dd if=/dev/urandom of=/dev/sdaIf you run this, you can lose the information on / dev / sda.
Source: https://habr.com/ru/post/371303/
All Articles