British newspaper The Daily Mail has published an article on its website, designed to petrify millions of customers of Barclays Bank.
The headline breathlessly reads:
“Has Barclays given millions of customers ‘anti-virus software’ that’s actually SPYING on them for the Russian government?”
Make a note. Whenever you see the Daily Mail publish a headline which asks a question, the correct answer is invariably “no”. If they had any reason to believe it was “yes”, then they wouldn’t have posed it as a question.
The truth is that newspapers post these “Is the Loch Ness Monster on Tinder?”-style headlines because they know they’ll get more clicks than if they use a headline which reflects the actual conclusion of the article.
As we’ll see when we dig into this article, the story just doesn’t stand up.
Security chiefs are concerned that free anti-virus software handed out by Barclays is spying on customers for the Russian government.
GCHQ officials have been concerned about the Kaspersky Lab, which is led by a former Soviet military intelligence expert and supplied the bank with the software, amid fears it may have been influenced by Vladimir Putin’s Federal Security Service.
There are now fears that any Barclays customers who are in high-security jobs are at risk of having their personal files hacked.
From the above preamble to the article you imagine that you’ll find some juicy background on how worried GCHQ is about Kaspersky, or some anonymous sources within Barclays confiding their concerns to the Daily Mail.
But instead you get this…
However, both Barclays and GCHQ have confirmed that neither organisation has been in contact with the other about any potential breaches.
A spokesman for the relevant arm of GCHQ, the NCSC, told the Financial Times: “The NCSC has never advised Barclays against the use of Kaspersky products. Any suggestion to the contrary is categorically untrue. The NCSC is not a regulator and does not mandate or ban any products. Our certification schemes do not currently cover anti-virus or anti-malware services.”
A Barclays spokesman corroborated this, adding: “We have never received any advice or guidance from GCHQ or the National Cyber Security Centre in relation to Kaspersky.”
And that’s it, aside from a standard statement from Kaspersky denying any wrongdoing.
The Daily Mail‘s frankly pointless article, and utterly misleading headline, come amid real problems for Kaspersky in the United States – where it is finding itself controversially attacked by competitors and struggling to keep contracts after private briefings from the FBI.
You can hear more about the pickle Kaspersky has found itself in, in this edition of the Smashing Security podcast.
Smashing Security #047: 'Kaspersky, AI, and a well-handled data breach'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Of course, if you do read the Daily Mail article you will enjoy this wonderful typo.
This isn’t, of course, the first time that The Daily Mail has proven itself to be bonkers in a computer security-related story.
Now, if you’ll excuse me I’ll go back to reading about barefaced beauty Pippa Middleton going makeup-free as she enjoys a day out with a friend and Angelina Jolie oozing glamour in a black blazer and cocktail dress in Los Angeles.
It feels to me that the kind of content the Daily Mail website does best.
Can't help thinking that it would be a little stupid for Russian intelligence to use a Russian cyber security firm to spy on others. More likely use a foreign cyber security to do the spying. Also from a competition angle I suspect some cyber security companies are taking advantage of this situation.
Internet "baking" is what the media is doing when posting some of this clickbait… heh.
Betteridge's law of headlines
https://en.wikipedia.org/wiki/Betteridge%27s_law_of_headlines