- The Washington Times - Wednesday, August 24, 2011

A Slovakia-based computer-security firm could face a U.S. investigation for sanctions violations after its anti-virus products were downloaded in Iran in an apparent attempt to secure the country’s networks against the cyberworm that attacked Tehran’s nuclear program.

A former employee said he showed executives at ESET’s San Diego offices evidence in December that their software was being downloaded and installed on tens of thousands of computers in Iran.

“It was being downloaded at a tremendous rate,” Charles Jeter told The Washington Times.

“Traffic to ESET’s website [from Iran] was five times the level it was to any of our competitors … and we were getting more traffic from Tehran than from New York and Los Angeles combined,” Mr. Jeter said, citing an analysis of last year’s Internet traffic he had conducted for ESET.

He said he heard anecdotal reports that copies of ESET’s software - possibly pirated - were being sold by street vendors in Tehran, adding that he raised the issue again with company executives in January.

The ESET website provides updates for its anti-virus products. Mr. Jeter said the downloaded updates were those that would be effective against the Stuxnet worm, which was designed to destroy the computer-controlled machinery that enriches uranium for Iran’s nuclear program.

“The evidence pointed to a much bigger problem,” he said. “The timing of updates and the logarithmic increase in their number indicate that this software was part of Tehran’s cyberdefense program.”

Executives could have blocked downloads from computer locations in Iran - a relatively straightforward procedure, he said. But they “refused to even just block Iranian IP addresses, even though the company apparently was not making any money from those downloads,” Mr. Jeter said.

In March, Mr. Jeter, an at-will employee, was terminated by ESET. He was told he was fired for “policy violations [in] compiling a dossier on ESET’s activities” by printing the data he used for his analysis of the Iranian downloads, he said.

ESET spokesman Christopher Dale told The Times: “We don’t do business in Iran” or in any other country covered by U.S. sanctions.

“Unfortunately, following the rules does not prevent piracy or smuggling of technology,” Mr. Dale added. “It is quite challenging to stop illegal distribution of software.”

Mr. Jeter said he provided the evidence to the Secret Service in San Diego, which told him it had been made available to the U.S. Treasury Office of Foreign Asset Control (OFAC), which enforces sanctions against Iran. The sanctions require a license for almost any form of product or service provided to anyone in Iran.

Through a Treasury Department spokeswoman, OFAC officials said they do not comment on whether they are conducting an investigation.

But former OFAC official Jonathan Schanzer said the law clearly places the onus on a firm to stop suspicious downloads once it is made aware of them.

“If you were aware of the use of your software in Iran and didn’t do anything about it, that would be a violation,” Mr. Schanzer said. Even if the updates were free and being used on pirated copies of the software, a company would still be in violation if it did not move to stop the downloading, he said.

Story Continues →