Kaspersky website compromised by hackers
It makes us feel somewhat uneasy everytime we hear news about people who are experts in their respective fields not doing their jobs well. Like people in uniform involved in murder or corruption cases, politicians engaged in illegal activities, doctor malpractice, and many more. Professionals should do their job well and do them according to people’s expectation – to be professional and do their job right.
That is why the recent news that the download website of Kaspersky USA was compromised by hackers didn’t come as a pleasant news to me. The protector suddenly becomes the attacker.
Hackers were able to hacked into the Kaspersky website and installed a malware virus designed to look like a fake anti-virus program download. Users who visited the site were presented with a pop-up window to appear that simulated a virus scan of the user’s PC, and offered to install an antivirus program that was in fact bogus.
Initially, Kaspersky denied the hacking incident. It took Kaspersky three house and half before what had happened and removed it from the website. The company issued the following statement: “Kaspersky Lab takes any attempt to compromise its security seriously,” the company said. “Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software.”
Kaspersky said the hacker’s entry was traced down to flaw in a third-party element used for the administration of website.
Now let me first say that achieving a 100% securing website is nearly impossible. But for a company who prides itself as one who provides solutions to companies to experience a hacking incident to its own infrastructure is something to think about. This is not only embarrasing to Kaspersky but its also humiliating.
How can a security vendor, a fighter against computer fraudsters be the source of malwares? Providing security solutions to companies is not just about providing products – the secret ingredient is TRUST. Companies don’t just work with any security providers because of their technology and price, they work with companies who they can trust. We are talking of corporate data here. What will your reaction be if your security infrastructure fails to meet your expectation – worst, become the source of threats to your corporate records.
Although Kaspersky said no personal data was obtained, one can’t help but asked – how can a website of a security firm be hacked when it uses its own product which they claim is worldclass? Not only that, the three hour delay before the alarm was raised also leads to the question, why three hours? How come the product did not inform their own admin of the attack? What product is working and not working at the time?
What should Kaspersky do now after the hacking incident? Kaspersky should not build its product again but it also build its image and credibility. My advice to you Kaspersky if in case this happens again (I hope not) – deal with it with “sincerity” and “precision”. Do not shrug it off, we call it arrogrance. Do not blame the fault to others – that’s irresponsiblity.
I wonder what Jackie Chan is saying now? No pun intended. I am logging off. Stay cool. God Bless us all!