Kaspersky bans and allegations of Russian government ties

From Wikipedia, the free encyclopedia

The company Kaspersky Lab has faced controversy over allegations that it has engaged with the Russian Federal Security Service (FSB) to use its software to scan computers worldwide for material of interest—ties which the company has actively denied. The U.S. Department of Homeland Security banned Kaspersky products from all government departments on 13 September 2017, alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). In October 2017, subsequent reports alleged that hackers working for the Russian government stole confidential data from the home computer of a National Security Agency contractor in 2015 via Kaspersky antivirus software. Kaspersky denied the allegations, stating that the software had detected Equation Group malware samples which it uploaded to its servers for analysis in its normal course of operation.

The company has since announced commitments to increased accountability, such as soliciting independent reviews and verification of its software's source code, and announcing that it would migrate some of its core infrastructure for selected foreign customers from Russia to Switzerland. The allegations of Russian Government ties were ignited again with the company's controversial response to the 2022 Russian invasion of Ukraine.

Alleged Russian intelligence collaboration[]

According to the International New York Times, Kaspersky has "become one of Russia's most recognized high-tech exports, but its market-share in the United States has been hampered by its origins".[1] According to Gartner, "There's no evidence that they have any back-doors in their software or any ties to the Russian mafia or state... but there is still a concern that you can’t operate in Russia without being controlled by the ruling party".[2] CEO Eugene Kaspersky prior work for the Russian military and his education at a KGB-sponsored technical college has led to allegations of being employed by Russia to expose US cyberweapons, though he denies this.[3][4] Analysts such as Gartner's Peter Firstbrook say suspicions about the firm’s Russian roots have hindered its expansion in the US.[2] The company has denied that it has direct ties with or has engaged with the Russian government.[5]

In August 2015, Bloomberg News reported that Kaspersky Lab changed course in 2012, as "high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia's military or intelligence services. Some of these people actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers".[6] Kaspersky criticized Bloomberg's coverage on his blog, calling the coverage sensationalist and guilty of exploiting paranoia to increase readership.[7]

From July 2017 to December 2017, U.S. government agencies phased out their use of Kaspersky software. In July 2017, the United States' General Services Administration (GSA) removed Kaspersky Lab from its list of vendors authorized to do business with the U.S. government amid further reports by Bloomberg and McClatchy DC alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). Anti-Russian sentiment had also grown in the country in the wake of an investigation of Russian interference in the 2016 presidential election. Kaspersky denied these reports, stating that it did not have "inappropriate ties" with any government, and "never received a request from the Russian government or any affiliated organization to create or participate in any secret projects, including one for anti-DDoS protection".[8][9][10][11]

On 8 September 2017, U.S. electronics store chain Best Buy pulled Kaspersky products amid concerns over these ties.[12] To be followed by U.S. retailers Office Max and Office Depot.[13] On 13 September 2017, the Department of Homeland Security issued an order stating that in 90 days Kaspersky products will be banned from use within the U.S. civilian federal government, citing "[concerns] about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."[14]

NSA theft controversy[]

On 6 October 2017, The Wall Street Journal - citing "multiple people with knowledge of the matter" - alleged that in 2015, hackers working for the Russian government used Kaspersky antivirus software to steal classified material from a home computer belonging to a National Security Agency (NSA) contractor. According to the report, the incident occurred in 2015 and remained undiscovered until early 2016. The stolen material reportedly included "details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S."[15] The New York Times reported that the hacks had been discovered by Israeli intelligence agents who had themselves hacked into Kaspersky's network and recorded in real time how queries were being made for keywords on user machines.[16]

On 10 June 2015, Eugene Kaspersky in a blog announces that Kaspersky Labs discovered an advanced attack on its own internal network claiming with confidence that there’s a nation state behind it, calling the attack Duqu 2.0.[17]

On 11 October 2017, The Wall Street Journal additionally alleged that Russian intelligence uses Kaspersky software to scan computers worldwide for material of interest.[18] The company once again denied the reports, arguing that they were "baseless paranoia" and a "witch hunt", and considered it suspicious that major U.S. media outlets simultaneously "went for us almost in full force and they fantasized simultaneously, as if receiving an order, but they've got confused in details."[19]

On 25 October 2017, Kaspersky confirmed that the incident described by The Wall Street Journal had occurred in 2014, and was the result of the software having detected a ZIP file containing samples and source code from the Equation Group. The user had enabled the Kaspersky Security Network (KSN) features of the software, so the files were automatically uploaded to Kaspersky as a malware sample to KSN for analysis, under the assumption that it was a new malware variant. Eugene Kaspersky stated that he ordered that the sample be destroyed. Kaspersky claimed that the antivirus software had been temporarily disabled by the PC's user in order to install a pirated copy of Microsoft Office. When the software was re-enabled, it detected both the Equation Group code, as well as unrelated backdoor infections created by a keygen program for Office, which may have facilitated third-party access to the computer.[20][21][22][23]

Concerns raised by other Governments[]

On 13 November 2017, the British intelligence agency MI6 raised suspicions over Kaspersky Lab software after it was distributed free to more than 2 million UK Barclays customers.[24] On 2 December 2017, Barclay's announced that they would no longer provide their new customers with the company's software.[25] Also around 2 December 2017, Britain's National Cyber Security Center advised, as a national security precaution, that UK government departments avoid Russia-based anti-virus software such as Kaspersky, but stated there was "no compelling case at present to extend that advice" to the wider public.[26] On 9 December 2017, the U.S. government banned Kaspersky from federal civilian and military computers as part of a broader defense bill.[27]

On 21 December 2017, Lithuania bans Kaspersky Lab software on sensitive computers claiming it to be a threat to Lithuanian national security.[28]

On 14 May 2018, the Dutch government announced it decided to phase out the use of anti-virus software made by Kaspersky Labs “as a precautionary measure” and was advising companies involved in safeguarding vital services to do the same.[29]

On 13 June 2018, European Union passed a motion that labeled Kaspersky as "confirmed as malicious" as part of a report on cyber defense written by Estonian MEP Urmas Paet of the Committee on Foreign Affairs. The report "Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab." The resolution was approved with 476 votes in favor and 151 against.[30] Kaspersky Lab responded by claiming the amendment to the report was based on untrue statements and by temporarily halting their numerous collaborative European cybercrime-fighting initiatives.[31]

On 15 March 2022, The German Federal Office for Information Security known as "BSI" urged consumers not to use anti-virus software made by Russia's Kaspersky, warning the firm could be implicated in hacking assaults amid Russia's war in Ukraine.[32] According to the agency, antivirus software has extensive system authorizations and must maintain a permanent connection to the manufacturer's servers.[33] The BSI claims a Russian IT manufacturer can be forced to partake in an attack against targets in the EU, NATO, and Germany. Kaspersky published a statement to its twitter feed concerning the BSI recommendation to stop using Kaspersky.[34]

On 17 March 2022, The Italian government announced that it would curb the use of Russian anti-virus software in the public sector in the wake of Russia's invasion of Ukraine, fearing Moscow could hijack the programs to hack key websites.[35]

Twitter advertising ban[]

In January 2018, Twitter banned Kaspersky from advertising on Twitter, stating that "Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter Ads business practices", and citing the Department of Homeland Security's warning about Kaspersky.[36]

Transparency Initiative and Data-centers moves[]

On 23 October 2017, Kaspersky announced a "Global Transparency Initiative", under which it would be more accountable for security issues surrounding its products to select countries, and would allow third-party analysts to validate its products and other business practices in order to validate their integrity. The company stated that trust "must be repeatedly earned through an ongoing commitment to transparency and accountability", and that this program was a "reaffirmation of the company's commitment to earning and maintaining the trust of their customers and partners every day."[37]

On 15 May 2018, Kaspersky Lab announced that it would be migrating some "core infrastructure" from Russia to new data centers in Switzerland. Kaspersky software and antivirus definitions for foreign markets will be compiled and digitally signed in Switzerland by the end of 2018 (products targeting Russia will still be compiled on existing domestic infrastructure). User data for Europe, the United States, Canada, Australia, New Zealand, Japan, Bangladesh, Brunei, Cambodia, India, Indonesia, South Korea, Laos, Malaysia, Nepal, Pakistan, Philippines, Singapore, Sri Lanka, Thailand and Vietnam markets is to be stored and processed on Swiss servers as of 2022. All other countries will continue to be processed in Moscow, Russia.[38]

Kaspersky, in addressing the relocation of data processing and why data from many countries was not moved to Switzerland and continues to be processed in Russia stated that it is based on market specifics, customer demands and local regulation.[38]

Kaspersky maintains data centers in Zurich, Switzerland; Frankfurt, Germany; Toronto, Canada; and Moscow, Russia. The Swiss operations will be overseen by a third-party organization holding "all access necessary to verify the trustworthiness of our products and business processes", and will be accompanied by one of the three planned "Transparency Center" facilities, at which "responsible stakeholders" will be allowed to inspect Kaspersky's source code and business practices to verify their integrity. Kaspersky stated that this move was "first and foremost in response to the evolving, ultra-connected global landscape and the challenges the cyber-world is currently facing", and was a further step in its goal to be more accountable and trustworthy in its business practices.[39]

Kaspersky Transparency Centers are operating in Zurich, Madrid, Kuala Lumpur and São Paulo. In early 2021, the North American Transparency Center will open in New Brunswick, Canada in partnership with the CyberNB Association. At all of Kaspersky’s Transparency Centers, the company provides the opportunity to compile the company’s software from its source code and compare it with the publicly available one.[38]

The Transparency Centers source code reviews do not address the methods used as alleged in the NSA theft controversy. The NSA theft controversy is alleged to have been performed at the Moscow, Russia data center where the results of the scanning of users machines reside and under Russian law the Russian Government can compel Kaspersky's assistance in intercepting communications as they move through Russian computer networks.[40] Commands sent to retrieve, delete, or modify any file on any computer with Kaspersky software using features and functionality that are routine of all antivirus products in the process of hunting for viruses or malware. These features and functions would not create any red flags in the any source code reviews promoted by the Transparency Centers.[41] Kaspersky users that remain directed to the data centers located in Russia continue to be most at risk by Russian Intelligence operatives using the same methods alleged in the NSA theft controversy. This would include all users in China, Latin America, Africa, Middle East, and many parts of Asia.

Lawsuits against US federal government[]

In December 2017 and February 2018 the company sued the Trump administration, arguing the ban to be a bill of attainder and a violation of due process, and arguing that the government unfairly tarnished Kaspersky's reputation.[42][43] Both cases were dismissed on May 30, 2018 by Judge Colleen Kollar-Kotelly, a former presiding judge of the Foreign Intelligence Surveillance Court, declaring both as unsubstantial.[44][45][46]

Russian invasion of Ukraine[]

On 24 February 2022, the 2022 Russian invasion of Ukraine was comenced. On 28 February, Eugene Kaspersky signed a letter to customers reaffirming Kaspersky's priority in fulfillment of all of its obligations to partners and customers and highlighting its transparency initiative. No mention of Russia was made and the only mention of Ukraine was around watching the events unfolding in and around Ukraine.[47]

On 1 March 2022, the date of the first cease-fire talks between Russia and Ukraine, Eugene Kaspersky made the following statement in Twitter, "We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone."[48] This statement led to much controversy as it failed to condemn Russia for invading Ukraine or even mention Russia.[49][50]

The company in a interview made a statement: "Kaspersky is focused on its mission to build a safer world. For 25 years, the company delivers deep threat intelligence and security expertise that is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. Kaspersky's business operations remain stable. The company guarantees the fulfillment of its obligations to partners and customers—including product delivery and support and financial transaction continuity. The global management team is monitoring the situation carefully and is ready to act very quickly if needed."[51] This has further ignited a renewed conversation around Kaspersky and the allegations of Russian Government ties and support of the Russian Government.[52]

On 15 March 2022, the German Bundesamt für Sicherheit in der Informationstechnik (BSI) issued a warning against the usage of Kaspersky antivirus and cloud software. For antivirus software to work it requires deep access into the user's system and thus a particularly high level of trust in the software, the vendor and the encrypted update channel. Due to certain actions of Russian military and intelligence forces and the threats issued by Russia against the European Union, the NATO and the Federal Republic of Germany as part of the 2022 Russian invasion of Ukraine, the usage of the software could not be considered trustworthy any longer and would impose a serious risk for a cyber-attack to be successful.[53] Kaspersky response to the German Government ban is to insists that all this is nonsense, not based on a technical assessment, and that you should keep using their products.[54] Kaspersky argues there is no "objective evidence" showing Kaspersky is up to no good. Be that as it may, there's plenty of objective evidence that the government under which Kaspersky operates is doing evil.[55]

On 15 March 2022, Eintracht Frankfurt the German sports club announced it terminated the sponsoring agreement with Russian software company Kaspersky with immediate effect.[56]

On 17 March 2022, the Italian government announced that it would curb the use of Russian anti-virus software in the public sector in the wake of Russia's invasion of Ukraine, fearing Moscow could hijack the programs to hack key websites.[35]

On 17 March 2022, Scuderia Ferrari announced a pause in its F1 partnership with Kaspersky which began in 2010, this comes after Ferrari donated €1 million to help Ukrainians affected by the Russian invasion.[57] The partnership pause will have all Kaspersky logo's removed from all Ferrari F1 activities.[58] Ferrari also stated that the use of Kaspersky software would be evaluated.[59]

See also[]

References[]

  1. ^ Sanger, David; Perlroth, Nicole (2015-02-16). "Bank hackers reportedly steal vast sums: Security firm puts toll from international gang at $300 million or more". International New York Times.[dead link]
  2. ^ a b Kramer, Andrew E.; Perlroth, Nicole (2012-06-03). "Expert Issues a Cyberwar Warning". The New York Times.
  3. ^ Kaspersky, Eugene (December 2012). "100 Top Global Thinkers of 2012: For decoding the secrets of cyberwar; Computer security expert, Russia". Foreign Policy (197).
  4. ^ Zetter, K. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Crown/Archetype. p. 293. ISBN 978-0-7704-3618-6. Retrieved 2015-11-11.
  5. ^ Nakashima, Ellen (2017-09-14). "Why the U.S. government is moving to ban this Russian software company". Washington Post. Retrieved 2017-09-15.
  6. ^ Matlack, Carol (2015-03-19). "The Company Securing Your Internet Has Close Ties to Russian Spies". Bloomberg.com. Retrieved 2016-04-26.
  7. ^ "Eugene Kaspersky intensifies US vs Russia flame war, accusing Bloomberg of creating 'conspiracy theories' about his company". computing.co.uk. 2015-03-20.
  8. ^ "Why the US Government Shouldn't Ban Kaspersky Security Software". Wired.com. Retrieved 2017-09-09.
  9. ^ Shaheen, Jeanne (2017-09-04). "The Russian Company That Is a Danger to Our Security". The New York Times. ISSN 0362-4331. Retrieved 2017-09-09.
  10. ^ "Kaspersky under scrutiny after Bloomberg story claims close links to FSB". Ars Technica. Retrieved 2017-09-09.
  11. ^ Solon, Olivia (2017-09-13). "US government bans agencies from using Kaspersky software over spying fears". The Guardian. ISSN 0261-3077. Retrieved 2017-12-18.
  12. ^ "Best Buy stops sale of Russia-based Kaspersky products". Reuters. 2017-09-08.
  13. ^ "What the Kaspersky Antivirus Hack Means for Consumers". Consumer Reports.
  14. ^ Nakashima, Ellen; Gillum, Jack (2017-09-13). "U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage". Washington Post. ISSN 0190-8286. Retrieved 2017-09-13.
  15. ^ Lubold, Gordon; Harris, Shane (2017-10-06). "Russian Hackers Stole NSA Spy Secrets". The Wall Street Journal. New York City. pp. 1, 4. Retrieved 2017-10-12.
  16. ^ Perlroth, Nicole; Shane, Scott (2017-10-10). "How Israel Caught Russian Hackers Scouring the World for U.S. Secrets". The New York Times. ISSN 0362-4331. Retrieved 2017-10-19.
  17. ^ "Kaspersky Lab investigates attack on its own network | Kaspersky official blog".
  18. ^ Harris, Shane; Lubold, Gordon (2017-10-11). "Russia Has Turned Kaspersky Software Into Tool for Spying". Wall Street Journal. ISSN 0099-9660. Retrieved 2017-10-19.
  19. ^ "Spy v spy v spy in Kaspersky case". The Australian. 2017-10-18. Retrieved 2017-10-19.
  20. ^ Corera, Gordon (2017-11-16). "Kaspersky defends its role in NSA breach". BBC News. Retrieved 2017-11-16.
  21. ^ "Preliminary results of the internal investigation into alleged incidents reported by US media". Kaspersky. 2017-10-25. Retrieved 2017-10-26.
  22. ^ "Kaspersky Says Suspected NSA Code Was Lifted From U.S. Computer". Bloomberg.com. 2017-10-25. Retrieved 2017-10-25.
  23. ^ Hern, Alex (2017-10-26). "NSA contractor leaked US hacking tools by mistake, Kaspersky says". The Guardian. Retrieved 2017-10-26.
  24. ^ Jones, Sam; Arnold, Martin (2017-11-12). "UK spymasters raise suspicions over Kaspersky software's Russia links". The Financial Times. Retrieved 2017-11-16.
  25. ^ "Barclays axes free Kaspersky product as a 'precaution'". BBC News. 2017-12-02.
  26. ^ "UK agencies warned off Russian anti-virus software". CNN. 2017-12-02. Retrieved 2017-12-02.
  27. ^ "Trump signs into law U.S. government ban on Kaspersky Lab software". Reuters. 2017-12-12. Retrieved 2018-01-14.
  28. ^ "Lithuania bans Kaspersky Lab software on sensitive computers". 2017-12-21 – via www.reuters.com.
  29. ^ "Dutch government to phase out use of Kaspersky anti-virus software". 2018-05-14 – via www.reuters.com.
  30. ^ "European Parliament Votes to Ban Kaspersky Products". www.securityweek.com.
  31. ^ "Kaspersky Lab response to EU Parliament vote on Report on Cyber Defence". www.kaspersky.com. 2021-05-26.
  32. ^ https://www.businesstimes.com.sg/technology/germany-warns-against-russias-kaspersky-anti-virus-software
  33. ^ "Fears of Russian spying prompts Germany to ditch Kaspersky". CyberNews. 2022-03-15.
  34. ^ Kaspersky [@kaspersky] (2022-03-15). "Our statement in regard to the warning of German Federal Office for Information Security (BSI) Unser Statement zur Warnung des Bundesministeriums für Sicherheit in der Informationstechnik (BSI) t.co/KfH8daDGeE" (Tweet) (in German). Archived from the original on 2022-03-15. Retrieved 2022-03-18 – via Twitter.
  35. ^ a b Amante, Angelo (2022-03-17). "Italy set to curb use of Russian anti-virus software in public sector" – via www.reuters.com.
  36. ^ Finkle, Jim. "Twitter bans ads from Russia's Kaspersky Lab". U.S. Retrieved 2018-09-15.
  37. ^ "Kaspersky Lab announces global transparency initiative". ComputerWeekly.com. Retrieved 2018-05-15.
  38. ^ a b c "Kaspersky Transparency Center | Kaspersky". www.kaspersky.com.
  39. ^ "Kaspersky to move some core infrastructure out of Russia to fight for trust". TechCrunch. Retrieved 2018-05-15.
  40. ^ "Reference Note on Russian Communications Surveillance". www.csis.org.
  41. ^ Perlroth, Nicole; Shane, Scott (2017-10-10). "How Israel Caught Russian Hackers Scouring the World for U.S. Secrets" – via NYTimes.com.
  42. ^ "Kaspersky sues US government over federal software ban". Engadget. Retrieved 2018-09-15.
  43. ^ Volz, Dustin. "Kaspersky Lab asks court to overturn U.S. government software ban". U.S. Retrieved 2018-09-15.
  44. ^ "KASPERSKY LAB, INC. et al v. UNITED STATES OF AMERICA, No. 1:2018cv00325 - Document 14 (D.D.C. 2018)". Justia Law. Retrieved 2018-09-15.
  45. ^ "Kaspersky Lab lawsuits against US thrown out". CNET. 2018-05-30. Retrieved 2018-09-15.
  46. ^ Blake, Andrew. "Kaspersky Lab lawsuits against U.S. government dismissed in D.C. federal court". The Washington Times. Retrieved 2018-09-15.
  47. ^ https://www.e-antivirus.info/files/user/20220302_EN.pdf[bare URL PDF]
  48. ^ Kaspersky, Eugene [@e_kaspersky] (2022-03-01). "We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone" (Tweet). Archived from the original on 2022-03-16. Retrieved 2022-03-18 – via Twitter.
  49. ^ Coker, James (2022-03-01). "Eugene Kaspersky's Statement Provokes Controversy Within Cybersecurity Industry". Infosecurity Magazine.
  50. ^ Novinson, Michael (2022-03-04). "Kaspersky: We're 'Not Affected' By The Sanctions On Russia". CRN.
  51. ^ "Russian Cybersecurity Giant Kaspersky Tries to Maintain Neutrality During Ukraine War". www.vice.com.
  52. ^ "Kaspersky neutral stance in doubt as it shields Kremlin". CyberNews. 2022-03-03.
  53. ^ "BSI warnt vor dem Einsatz von Kaspersky-Virenschutzprodukten". Bundesamt für Sicherheit in der Informationstechnik.
  54. ^ "Kaspersky statement regarding the BSI warning". www.kaspersky.com. 2022-03-15.
  55. ^ Vaughan-Nichols, Steven J. (2022-03-18). "Do svidaniya, Kaspersky — goodbye". Computerworld.
  56. ^ "Eintracht Frankfurt end sponsorship deal with Russia's Kaspersky". 2022-03-15.
  57. ^ "Ferrari donates £830,000 to help Ukrainians and cancels deliveries to Russia · RaceFans". RaceFans. 2022-03-09.
  58. ^ "Ferrari pauses F1 partnership with Russian-based software maker Kaspersky - spokesman". 2022-03-17 – via www.reuters.com.
  59. ^ https://usa.kaspersky.com/enterprise-security/resources/case-studies/ferrari
Retrieved from ""