Want CNET to notify you of price drops and the latest stories?

Kaspersky hires expert to analyze Web site hack

Database security expert David Litchfield hired to analyze weekend attack on Web site of the Moscow-based security firm.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
Romanian Hacker site Hackers Blog displayed screen shots of the compromised Kaspersky site. Hackers Blog

Updated 3:10 p.m. PST with comment from BitDefender.

Moscow-based security firm Kaspersky has hired a security expert to investigate the weekend breach of its U.S. site, the company said Monday.

Meanwhile, the hacker site claiming credit for the breach said on Monday that it had done the same compromise on the Portuguese Web site of antivirus provider BitDefender.

In a statement, BitDefender said an unnamed partner site was compromised and that the company was investigating the incident to help the partner prevent it from happening again. "This was an unfortunate event and while we sympathize with the sites that were affected, BitDefender was not one of those sites," the statement said.

In the Kaspersky breach, which was discovered on Saturday, no sensitive or customer data was compromised, Roel Schouwenberg, a senior antivirus researcher for Kaspersky, said on a conference call with reporters. But to allay concerns about the severity of the problem, Kaspersky has hired David Litchfield, an expert in database security, to conduct an independent audit of the systems involved, he said.

A section of Kaspersky's new U.S. support site was breached by someone using a SQL injection attack, in which a small malicious script is inserted into a database that feeds information to the Web site, according to Schouwenberg.

The portion of the site breached had been developed by an unnamed third party and was not subjected to an internal code review process as it should have been, he said. "Obviously we are not happy about that and are in the process of making the review process stricter than it currently is," he added.

"A more advanced hacker" could have potentially accessed about 2,500 e-mail addresses of customers and about 25,000 product activation codes that were on the compromised server, but that did not happen, Schouwenberg said.

Kaspersky's new U.S. support site went live on January 28 and was publicly launched on January 29, the company said. There is no indication of any other breaches since then, according to Schouwenberg.

A Kaspersky employee in Romania was alerted to the breach on Saturday after seeing a report of it on the Romanian site Hackers Blog, he said. That worker notified Kaspersky workers in the U.S. and within half an hour, the affected section of the site was taken down and then replaced with the older, secure version of the site, he added.

Asked if the company was worried its reputation would be damaged as a result of the attack, Schouwenberg said: "Honestly speaking, yes. This is not good for any company, especially a company dealing with security. This should not have happened. We are doing everything within our power to do the forensics on this case and to prevent this from ever happening again."

Someone taking credit for the breach had sent an e-mail warning the company about the problem one hour before the attack, "which gave us little if any chance to respond" in a timely manner, he said.