Jump to content

Kaspersky and the Russian government: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Undid revision 1195019038 by Ilike2burnthing (talk). cleaned up vandalism
Tags: Undo Reverted
Undid revision 1195038201 by 86.124.121.103 (talk)
Tags: Undo Reverted
Line 31: Line 31:
On 14 May 2018, the [[Dutch government]] announced it decided to phase out the use of anti-virus software made by Kaspersky Labs “as a precautionary measure” and was advising companies involved in safeguarding vital services to do the same.<ref>{{Cite news|url=https://www.reuters.com/article/us-cyber-netherlands-kaspersky-idUSKCN1IF2NV|title=Dutch government to phase out use of Kaspersky anti-virus software|newspaper=Reuters|date=14 May 2018|via=www.reuters.com|access-date=2022-03-20 |archive-date=2022-03-20 |archive-url=https://web.archive.org/web/20220320003011/https://www.reuters.com/article/us-cyber-netherlands-kaspersky-idUSKCN1IF2NV|url-status=live}}</ref>
On 14 May 2018, the [[Dutch government]] announced it decided to phase out the use of anti-virus software made by Kaspersky Labs “as a precautionary measure” and was advising companies involved in safeguarding vital services to do the same.<ref>{{Cite news|url=https://www.reuters.com/article/us-cyber-netherlands-kaspersky-idUSKCN1IF2NV|title=Dutch government to phase out use of Kaspersky anti-virus software|newspaper=Reuters|date=14 May 2018|via=www.reuters.com|access-date=2022-03-20 |archive-date=2022-03-20 |archive-url=https://web.archive.org/web/20220320003011/https://www.reuters.com/article/us-cyber-netherlands-kaspersky-idUSKCN1IF2NV|url-status=live}}</ref>


On 13 June 2018, European Union passed a motion that labeled Kaspersky as "confirmed as malicious" as part of a report on cyber defense written by Estonian MEP Urmas Paet of the Committee on Foreign Affairs. The report "Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab." The resolution was approved with 476 votes in favor and 151 against.<ref>{{Cite web|url=https://www.securityweek.com/european-parliament-votes-ban-kaspersky-products|title=European Parliament Votes to Ban Kaspersky Products|website=www.securityweek.com|date=14 June 2018|access-date=2022-03-14 |archive-date=2022-03-15 |archive-url=https://web.archive.org/web/20220315172249/https://www.securityweek.com/european-parliament-votes-ban-kaspersky-products|url-status=live}}</ref> Kaspersky Lab responded by claiming the amendment to the report was based on untrue statements and by temporarily halting their numerous collaborative European cybercrime-fighting initiatives.<ref>{{Cite web|url=https://www.kaspersky.com/about/press-releases/2018_kaspersky-lab-response-to-eu-parliament-vote|title=Kaspersky Lab response to EU Parliament vote on Report on Cyber Defence|date=26 May 2021|website=www.kaspersky.com|access-date=2022-03-14 |archive-date=2020-10-22 |archive-url=https://web.archive.org/web/20201022155130/https://www.kaspersky.com/about/press-releases/2018_kaspersky-lab-response-to-eu-parliament-vote|url-status=live}}</ref>
On 13 June 2018, European Union passed a motion that labeled Kaspersky as "confirmed as malicious" as part of a report on cyber defense written by Estonian MEP Urmas Paet of the Committee on Foreign Affairs. The report "Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab." The resolution was approved with 476 votes in favor and 151 against.<ref>{{Cite web|url=https://www.securityweek.com/european-parliament-votes-ban-kaspersky-products|title=European Parliament Votes to Ban Kaspersky Products|website=www.securityweek.com|date=14 June 2018|access-date=2022-03-14 |archive-date=2022-03-15 |archive-url=https://web.archive.org/web/20220315172249/https://www.securityweek.com/european-parliament-votes-ban-kaspersky-products|url-status=live}}</ref> Kaspersky Lab responded by claiming the amendment to the report was based on untrue statements and by temporarily halting their numerous collaborative European cybercrime-fighting initiatives.<ref>{{Cite web|url=https://www.kaspersky.com/about/press-releases/2018_kaspersky-lab-response-to-eu-parliament-vote|title=Kaspersky Lab response to EU Parliament vote on Report on Cyber Defence|date=26 May 2021|website=www.kaspersky.com|access-date=2022-03-14 |archive-date=2020-10-22 |archive-url=https://web.archive.org/web/20201022155130/https://www.kaspersky.com/about/press-releases/2018_kaspersky-lab-response-to-eu-parliament-vote|url-status=live}}</ref> In March 2019, Belgian MEP Gerolf Annemans submitted a question for written answer to the Commission, requesting any evidence the Commission had justifying their labelling of Kaspersky as "malicious", citing reports from Germany, France, and Belgium which found no evidence of this.<ref>{{Cite web |last=Annemans |first=Gerolf |date=2019 |title=Question for written answer P-001206/2019 to the Commission |url=https://www.europarl.europa.eu/doceo/document/P-8-2019-001206_EN.pdf |url-status=live |access-date=2024-01-07 |website=European Parliment |archive-date=2024-01-07 |archive-url=https://web.archive.org/web/20240107162229/https://www.europarl.europa.eu/doceo/document/P-8-2019-001206_EN.pdf }}</ref><ref>{{Cite web |date=2018-11-27 |title=Behördlicher Umgang mit Kaspersky-Software |url=http://dipbt.bundestag.de/doc/btd/19/060/1906048.pdf |url-status=live |access-date=2024-01-07 |website=Deutscher Bundestag |archive-date=2021-05-07 |archive-url=https://web.archive.org/web/20210507200940/https://dipbt.bundestag.de/doc/btd/19/060/1906048.pdf }}</ref><ref>{{Cite web |date=2018-10-03 |title=Commission des affaires étrangères, de la défense et des forces armées |url=https://www.senat.fr/compte-rendu-commissions/20181001/etr.html |url-status=live |access-date=2024-01-07 |website=Sénat |archive-date=2024-01-07 |archive-url=https://web.archive.org/web/20240107162233/https://www.senat.fr/compte-rendu-commissions/20181001/etr.html }}</ref><ref>{{Cite news |date=2018-10-30 |title=België bant Russische antivirussoftware niet |url=https://www.tijd.be/nieuws/archief/belgie-bant-russische-antivirussoftware-niet/10064355.html |url-status=dead |archive-url=https://web.archive.org/web/20220308162528/https://www.tijd.be/nieuws/archief/belgie-bant-russische-antivirussoftware-niet/10064355.html |archive-date=2022-03-08 |access-date=2024-01-07 |work=De Tijd}}</ref><ref>{{Cite news |last=Cimpanu |first=Catalin |date=2019-04-16 |title=EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification |url=https://www.zdnet.com/article/eu-no-evidence-of-kaspersky-spying-despite-confirmed-malicious-classification/ |url-status=live |access-date=2024-01-07 |work=ZDNET |archive-date=2024-01-07 |archive-url=https://web.archive.org/web/20240107162229/https://www.zdnet.com/article/eu-no-evidence-of-kaspersky-spying-despite-confirmed-malicious-classification/ }}</ref> On 12 April 2019 the Commission responded by stating, "The Commission is not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products." and that, "[...] the Commission did not commission any reports."<ref>{{Cite web |date=2019-04-12 |title=P-001206/2019 Answer given by Ms Gabriel on behalf of the European Commission |url=https://www.europarl.europa.eu/doceo/document/P-8-2019-001206-ASW_EN.pdf |url-status=live |access-date=2024-01-07 |website=European Parliment |archive-date=2024-01-07 |archive-url=https://web.archive.org/web/20240107162230/https://www.europarl.europa.eu/doceo/document/P-8-2019-001206-ASW_EN.pdf }}</ref>


On 15 March 2022, The German [[Federal Office for Information Security]] known as "BSI" urged consumers not to use anti-virus software made by Russia's Kaspersky, warning the firm could be implicated in hacking assaults amid Russia's war in Ukraine.<ref>{{Cite web |url=https://www.businesstimes.com.sg/technology/germany-warns-against-russias-kaspersky-anti-virus-software |title=Archived copy |access-date=2022-03-15 |archive-date=2022-04-15 |archive-url=https://web.archive.org/web/20220415123904/https://www.businesstimes.com.sg/technology/germany-warns-against-russias-kaspersky-anti-virus-software |url-status=live }}</ref> According to the agency, antivirus software has extensive system authorizations and must maintain a permanent connection to the manufacturer's servers.<ref>{{Cite web|url=https://cybernews.com/cyber-war/fears-of-russian-spying-prompts-germany-to-ditch-kaspersky/|title=Fears of Russian spying prompts Germany to ditch Kaspersky|date=15 March 2022|website=CyberNews|access-date=2022-03-15 |archive-date=2022-03-15 |archive-url=https://web.archive.org/web/20220315142237/https://cybernews.com/cyber-war/fears-of-russian-spying-prompts-germany-to-ditch-kaspersky/|url-status=live}}</ref> The BSI claims a Russian IT manufacturer can be forced to partake in an attack against targets in the EU, NATO, and Germany. Kaspersky published a statement to its Twitter feed concerning the BSI recommendation to stop using Kaspersky.<ref>{{cite tweet |author=Kaspersky |author-link=Kaspersky |user=kaspersky |number=1503734545346342914 |date=15 March 2022 |title=Our statement in regard to the warning of German Federal Office for Information Security (BSI) Unser Statement zur Warnung des Bundesministeriums für Sicherheit in der Informationstechnik (BSI) https://t.co/KfH8daDGeE |language=de |access-date=18 March 2022 |archive-url=https://web.archive.org/web/20220315162614/https://twitter.com/kaspersky/status/1503734545346342914 |archive-date=15 March 2022 |url-status=live}}</ref>
On 15 March 2022, The German [[Federal Office for Information Security]] known as "BSI" urged consumers not to use anti-virus software made by Russia's Kaspersky, warning the firm could be implicated in hacking assaults amid Russia's war in Ukraine.<ref>{{Cite web |url=https://www.businesstimes.com.sg/technology/germany-warns-against-russias-kaspersky-anti-virus-software |title=Archived copy |access-date=2022-03-15 |archive-date=2022-04-15 |archive-url=https://web.archive.org/web/20220415123904/https://www.businesstimes.com.sg/technology/germany-warns-against-russias-kaspersky-anti-virus-software |url-status=live }}</ref> According to the agency, antivirus software has extensive system authorizations and must maintain a permanent connection to the manufacturer's servers.<ref>{{Cite web|url=https://cybernews.com/cyber-war/fears-of-russian-spying-prompts-germany-to-ditch-kaspersky/|title=Fears of Russian spying prompts Germany to ditch Kaspersky|date=15 March 2022|website=CyberNews|access-date=2022-03-15 |archive-date=2022-03-15 |archive-url=https://web.archive.org/web/20220315142237/https://cybernews.com/cyber-war/fears-of-russian-spying-prompts-germany-to-ditch-kaspersky/|url-status=live}}</ref> The BSI claims a Russian IT manufacturer can be forced to partake in an attack against targets in the EU, NATO, and Germany. Kaspersky published a statement to its Twitter feed concerning the BSI recommendation to stop using Kaspersky.<ref>{{cite tweet |author=Kaspersky |author-link=Kaspersky |user=kaspersky |number=1503734545346342914 |date=15 March 2022 |title=Our statement in regard to the warning of German Federal Office for Information Security (BSI) Unser Statement zur Warnung des Bundesministeriums für Sicherheit in der Informationstechnik (BSI) https://t.co/KfH8daDGeE |language=de |access-date=18 March 2022 |archive-url=https://web.archive.org/web/20220315162614/https://twitter.com/kaspersky/status/1503734545346342914 |archive-date=15 March 2022 |url-status=live}}</ref>

Revision as of 01:04, 13 January 2024

Kaspersky Lab has faced controversy over allegations that it has engaged with the Russian Federal Security Service (FSB) to use its software to scan computers worldwide for material of interest—ties which the company has actively denied. The U.S. Department of Homeland Security banned Kaspersky products from all government departments on 13 September 2017, alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). In October 2017, subsequent reports alleged that hackers working for the Russian government stole confidential data from the home computer of a National Security Agency (NSA) contractor in 2015 via Kaspersky antivirus software. Kaspersky denied the allegations, stating that the software had detected Equation Group malware samples which it uploaded to its servers for analysis in its normal course of operation.

The company has since announced commitments to increased accountability, such as soliciting independent reviews and verification of its software's source code, and announcing that it would migrate some of its core infrastructure for selected foreign customers from Russia to Switzerland. The allegations of ties to the Russian government were ignited again with the company's controversial response to the 2022 Russian invasion of Ukraine.

Alleged Russian intelligence collaboration

According to the International New York Times, Kaspersky has "become one of Russia's most recognized high-tech exports, but its market-share in the United States has been hampered by its origins".[1] According to Gartner, "There's no evidence that they have any back-doors in their software or any ties to the Russian mafia or state... but there is still a concern that you can't operate in Russia without being controlled by the ruling party".[2] CEO Eugene Kaspersky prior work for the Russian military and his education at a KGB-sponsored technical college has led to allegations of being employed by Russia to expose US cyberweapons, though he denies this.[3][4] Analysts such as Gartner's Peter Firstbrook say suspicions about the firm's Russian roots have hindered its expansion in the US.[2] The company has denied that it has direct ties with or has engaged with the Russian government.[5]

In August 2015, Bloomberg News reported that Kaspersky Lab changed course in 2012, as "high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia's military or intelligence services. Some of these people actively aid criminal investigations by the FSB, the KGB's successor, using data from some of the 400 million customers".[6] Eugene Kaspersky criticized Bloomberg's coverage on his blog, calling the coverage sensationalist and guilty of exploiting paranoia to increase readership.[7]

From July 2017 to December 2017, U.S. government agencies phased out their use of Kaspersky software. In July 2017, the United States' General Services Administration (GSA) removed Kaspersky Lab from its list of vendors authorized to do business with the U.S. government amid further reports by Bloomberg and McClatchy DC alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). Anti-Russian sentiment had also grown in the country in the wake of an investigation of Russian interference in the 2016 presidential election. Kaspersky denied these reports, stating that it did not have "inappropriate ties" with any government, and "never received a request from the Russian government or any affiliated organization to create or participate in any secret projects, including one for anti-DDoS protection".[8][9][10][11]

On 8 September 2017, U.S. electronics store chain Best Buy pulled Kaspersky products amid concerns over these ties,[12] followed by U.S. retailers Office Max and Office Depot.[13] On 13 September 2017, the Department of Homeland Security issued an order stating that in 90 days Kaspersky products will be banned from use within the U.S. civilian federal government, citing "[concerns] about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."[14]

NSA theft controversy

On 6 October 2017, The Wall Street Journal - citing "multiple people with knowledge of the matter" - alleged that in 2015, hackers working for the Russian government used Kaspersky antivirus software to steal classified material from a home computer belonging to a National Security Agency (NSA) contractor. According to the report, the incident occurred in 2015 and remained undiscovered until early 2016. The stolen material reportedly included "details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S."[15] The New York Times reported that the hacks had been discovered by Israeli intelligence agents who had themselves hacked into Kaspersky's network and recorded in real time how queries were being made for keywords on user machines.[16]

On 10 June 2015, Eugene Kaspersky in a blog announced that Kaspersky Labs discovered an advanced attack on its own internal network claiming with confidence that there's a nation state behind it, calling the attack Duqu 2.0.[17]

On 11 October 2017, The Wall Street Journal additionally alleged that Russian intelligence uses Kaspersky software to scan computers worldwide for material of interest.[18] The company once again denied the reports, arguing that they were "baseless paranoia" and a "witch hunt", and considered it suspicious that major U.S. media outlets simultaneously "went for us almost in full force and they fantasized simultaneously, as if receiving an order, but they've got confused in details."[19]

On 25 October 2017, Kaspersky confirmed that the incident described by The Wall Street Journal had occurred in 2014, and was the result of the software having detected a ZIP file containing samples and source code from the Equation Group. The user had enabled the Kaspersky Security Network (KSN) features of the software, so the files were automatically uploaded to Kaspersky as a malware sample to KSN for analysis, under the assumption that it was a new malware variant. Eugene Kaspersky stated that he ordered that the sample be destroyed. Kaspersky claimed that the antivirus software had been temporarily disabled by the PC's user in order to install a pirated copy of Microsoft Office. When the software was re-enabled, it detected both the Equation Group code, as well as unrelated backdoor infections created by a keygen program for Office, which may have facilitated third-party access to the computer.[20][21][22][23]

Concerns raised by other governments

On 13 November 2017, the British intelligence agency MI6 raised suspicions over Kaspersky Lab software after it was distributed free to more than 2 million UK Barclays customers.[24] On 2 December 2017, Barclay's announced that they would no longer provide their new customers with the company's software.[25] Also around 2 December 2017, Britain's National Cyber Security Center advised, as a national security precaution, that UK government departments avoid Russia-based anti-virus software such as Kaspersky, but stated there was "no compelling case at present to extend that advice" to the wider public.[26] On 9 December 2017, the U.S. government banned Kaspersky from federal civilian and military computers as part of a broader defense bill.[27]

On 21 December 2017, Lithuanian Government bans Kaspersky Lab software on sensitive computers claiming it to be a threat to Lithuanian national security.[28]

On 14 May 2018, the Dutch government announced it decided to phase out the use of anti-virus software made by Kaspersky Labs “as a precautionary measure” and was advising companies involved in safeguarding vital services to do the same.[29]

On 13 June 2018, European Union passed a motion that labeled Kaspersky as "confirmed as malicious" as part of a report on cyber defense written by Estonian MEP Urmas Paet of the Committee on Foreign Affairs. The report "Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab." The resolution was approved with 476 votes in favor and 151 against.[30] Kaspersky Lab responded by claiming the amendment to the report was based on untrue statements and by temporarily halting their numerous collaborative European cybercrime-fighting initiatives.[31] In March 2019, Belgian MEP Gerolf Annemans submitted a question for written answer to the Commission, requesting any evidence the Commission had justifying their labelling of Kaspersky as "malicious", citing reports from Germany, France, and Belgium which found no evidence of this.[32][33][34][35][36] On 12 April 2019 the Commission responded by stating, "The Commission is not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products." and that, "[...] the Commission did not commission any reports."[37]

On 15 March 2022, The German Federal Office for Information Security known as "BSI" urged consumers not to use anti-virus software made by Russia's Kaspersky, warning the firm could be implicated in hacking assaults amid Russia's war in Ukraine.[38] According to the agency, antivirus software has extensive system authorizations and must maintain a permanent connection to the manufacturer's servers.[39] The BSI claims a Russian IT manufacturer can be forced to partake in an attack against targets in the EU, NATO, and Germany. Kaspersky published a statement to its Twitter feed concerning the BSI recommendation to stop using Kaspersky.[40]

On 17 March 2022, The Italian government announced that it would curb the use of Russian anti-virus software in the public sector in the wake of Russia's invasion of Ukraine, fearing Moscow could hijack the programs to hack key websites.[41]

Twitter advertising ban

In January 2018, Twitter banned Kaspersky from advertising on Twitter, stating that "Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter Ads business practices", and citing the Department of Homeland Security's warning about Kaspersky.[42]

Transparency Initiative and data-centers moves

On 23 October 2017, Kaspersky announced a "Global Transparency Initiative", under which it would be more accountable for security issues surrounding its products to select countries, and would allow third-party analysts to validate its products and other business practices in order to validate their integrity. The company stated that trust "must be repeatedly earned through an ongoing commitment to transparency and accountability", and that this program was a "reaffirmation of the company's commitment to earning and maintaining the trust of their customers and partners every day."[43]

On 15 May 2018, Kaspersky Lab announced that it would be migrating some "core infrastructure" from Russia to new data centers in Switzerland. Kaspersky software and antivirus definitions for foreign markets will be compiled and digitally signed in Switzerland by the end of 2018 (products targeting Russia will still be compiled on existing domestic infrastructure). User data for Europe, the United States, Canada, Australia, New Zealand, Japan, Bangladesh, Brunei, Cambodia, India, Indonesia, South Korea, Laos, Malaysia, Nepal, Pakistan, Philippines, Singapore, Sri Lanka, Thailand and Vietnam markets is to be stored and processed on Swiss servers as of 2022. All other countries will continue to be processed in Moscow, Russia.[44] In November 2020 Kaspersky finished relocating the data of its foreign customers from Russia to Switzerland.[45]

Kaspersky, in addressing the relocation of data processing and why data from many countries was not moved to Switzerland and continues to be processed in Russia stated that it is based on market specifics, customer demands and local regulation.[44]

Kaspersky maintains data centers in Zürich, Switzerland; Frankfurt, Germany; Toronto, Canada; and Moscow, Russia. The Swiss operations will be overseen by a third-party organization holding "all access necessary to verify the trustworthiness of our products and business processes", and will be accompanied by one of the three planned "Transparency Center" facilities, at which "responsible stakeholders" will be allowed to inspect Kaspersky's source code and business practices to verify their integrity. Kaspersky stated that this move was "first and foremost in response to the evolving, ultra-connected global landscape and the challenges the cyber-world is currently facing", and was a further step in its goal to be more accountable and trustworthy in its business practices.[46]

Kaspersky Transparency Centers are operating in Zürich, Madrid, Kuala Lumpur and São Paulo. In early 2021, the North American Transparency Center will open in New Brunswick, Canada in partnership with the CyberNB Association. At all of Kaspersky's Transparency Centers, the company provides the opportunity to compile the company's software from its source code and compare it with the publicly available one.[44]

The Transparency Centers source code reviews do not address the methods used as alleged in the NSA theft controversy. The NSA theft controversy is alleged to have been performed at the Moscow, Russia data center where the results of the scanning of users machines reside and under Russian law the Russian Government can compel Kaspersky's assistance in intercepting communications as they move through Russian computer networks.[47]

The way anti-virus software works on computers where it is installed requires significant control of that computer to discover malware. Anti-virus software can retrieve, delete, or modify any file on any computer. In the review of the Kaspersky source code nothing would stand out as these are standard features and functionality that are routine of all antivirus products in the process of hunting for viruses or malware. These features and functions would not create any red flags in the any source code reviews promoted by the Transparency Centers. This makes anti-virus software an inherently advantageous channel to conduct espionage.[48] "U.S. official said the transparency centers are not "even a fig leaf" because they do not address the U.S. government's concerns" in the end its the "Moscow software engineers handle the [software] updates, that's where the risk comes," they said. "They can send malicious commands through the updaters and that comes from Russia."[49]

Lawsuits against US federal government

In December 2017 and February 2018 the company sued the Trump administration, arguing the ban to be a bill of attainder and a violation of due process, and arguing that the government unfairly tarnished Kaspersky's reputation.[50][51] Both cases were dismissed on May 30, 2018, by Judge Colleen Kollar-Kotelly, a former presiding judge of the Foreign Intelligence Surveillance Court, declaring both as unsubstantial.[52][53][54]

Russian invasion of Ukraine

On 24 February 2022, the 2022 Russian invasion of Ukraine began. On 28 February, Eugene Kaspersky signed a letter to customers reaffirming Kaspersky's priority in fulfillment of all of its obligations to partners and customers and highlighting its transparency initiative. No mention of Russia was made and the only mention of Ukraine was around watching the events unfolding in and around Ukraine.[55] The U.S. government began privately warning some American companies the day after Russia invaded Ukraine that Moscow could manipulate software designed by Russian cybersecurity company Kaspersky to cause harm.[49]

On 26 February 2022, over 10,000 employees of Russian IT companies (including those of Kaspersky Lab) signed a petition opposing Russian governments actions in Ukraine and stating "We, employees of the Russian IT industry, are categorically against military operations on the territory of Ukraine initiated by the armed forces of the Russian Federation. We consider any display of force that leads to the outbreak of war unjustified and call for the reversal of decisions that could inevitably entail human casualties on each side. Our countries have always been close to each other. And today we are worried about our Ukrainian colleagues, friends and relatives."[56] In connection with the adoption by the Russian Duma of new tougher laws, on 4 March 2022, even before they came into force, the acceptance of signatures for the petition was stopped. "Also, from 4 March 2022, any distribution of the letter and communication with the media has ceased. In connection with the adoption of new laws, we considered it unsafe to leave this letter in the public domain with a list of signers".[57] "There were no big names, opinion leaders or influencers behind the letter, so people mainly signed it and shared with each other on Telegram and other messengers.” Eugene Kaspersky did not sign this form prior to its removal.

On 1 March 2022, the date of the first cease-fire talks between Russia and Ukraine, Eugene Kaspersky made the following statement in Twitter, "We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone".[58] This statement led to much controversy as it failed to condemn Russia for invading Ukraine nor mention Russia.[59][60]

The company in an interview made a statement: "Kaspersky is focused on its mission to build a safer world. For 25 years, the company delivers deep threat intelligence and security expertise that is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. Kaspersky's business operations remain stable. The company guarantees the fulfillment of its obligations to partners and customers—including product delivery and support and financial transaction continuity. The global management team is monitoring the situation carefully and is ready to act very quickly if needed."[61] This has further ignited a renewed conversation around Kaspersky and the allegations of Russian Government ties and support of the Russian Government.[62]

On 15 March 2022, the German Bundesamt für Sicherheit in der Informationstechnik (BSI) issued a warning against the usage of Kaspersky antivirus and cloud software, claiming that it could be used in cyberattacks against foreign agencies.[63] Kaspersky responded to the BSI in a public letter by stating that the accusations are based on "political grounds" rather than on a technical assessment of its products and that it will be working with the BSI for clarification on its decision and for the means to address its and other regulators concerns.[64]

On 15 March 2022, Eintracht Frankfurt, German soccer club announced it terminated the sponsoring agreement with Russian software company Kaspersky with immediate effect.[65]

On 17 March 2022, the Italian government announced that it would curb the use of Russian anti-virus software in the public sector in the wake of Russia's invasion of Ukraine, fearing Moscow could hijack the programs to hack key websites.[41]

On 17 March 2022, Scuderia Ferrari announced a pause in its F1 partnership with Kaspersky which began in 2010, this comes after Ferrari donated €1 million to help Ukrainians affected by the Russian invasion.[66] The partnership pause will have all Kaspersky logos removed from all Ferrari F1 activities.[67] Ferrari also stated that the use of Kaspersky software would be evaluated.[68]

On 26 March 2022, the Federal Communications Commission (FCC) put Kaspersky on its national security list, saying that it poses an "unacceptable risk" to the United States' national security. This forbids Kaspersky from receiving FCC funds through its Universal Service Fund. This follows a previous ban forbidding United States government agencies from using products made by the firm.[69] Kaspersky responded to the FCC's move in a press release on its website, saying that the agency's decision was “made on political grounds” in light of Russia's invasion of Ukraine, and that the company “remains ready to cooperate with US government agencies to address the FCC's and any other regulatory agency's concerns.”[70]

On 30 March 2022, The Wall Street Journal published an article stating the Biden administration is split on a proposal to sanction Kaspersky Labs over the invasion of Ukraine. The division in the administration was driven by a deep concern that such action could trigger a response, and "in addition, some officials in the U.S. and Europe fear sanctioning Kaspersky Lab will increase the likelihood of triggering a cyberattack against the West by Moscow, even potentially leveraging the software itself." The idea of using sanctions against Kaspersky Labs or to Eugene Kaspersky directly were on hold for now. Should the United States Department of the Treasury be asked to sanction Kaspersky they would "block or freeze the assets of companies or individuals who are targeted and bar U.S. citizens from engaging in transactions with those companies or people".[71]

On 26 April 2022, the government of Poland was imposing sanctions on 50 Russian oligarchs and companies. Individuals on the list include Eugene Kaspersky, founder of Russian cybersecurity company Kaspersky.[72] The sanctions include the freezing of assets and, for the individuals named, a ban on entering Poland.

See also

References

  1. ^ Perlroth, Nicole (2015-02-16). "U.S. Embedded Spyware Overseas, Report Claims". The New York Times. Archived from the original on 2022-03-31. Retrieved 2022-03-31.
  2. ^ a b Kramer, Andrew E.; Perlroth, Nicole (2012-06-03). "Expert Issues a Cyberwar Warning". The New York Times. Archived from the original on 2018-09-22. Retrieved 2018-11-30.
  3. ^ Kaspersky, Eugene (December 2012). "100 Top Global Thinkers of 2012: For decoding the secrets of cyberwar; Computer security expert, Russia". Foreign Policy (197). Archived from the original on 2012-12-04. Retrieved 2018-11-30.
  4. ^ Zetter, K. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Crown/Archetype. p. 293. ISBN 978-0-7704-3618-6. Retrieved 2015-11-11.
  5. ^ Nakashima, Ellen (2017-09-14). "Why the U.S. government is moving to ban this Russian software company". Washington Post. Archived from the original on 2018-09-07. Retrieved 2017-09-15.
  6. ^ Matlack, Carol (2015-03-19). "The Company Securing Your Internet Has Close Ties to Russian Spies". Bloomberg.com. Archived from the original on 2015-03-20. Retrieved 2016-04-26.
  7. ^ "Eugene Kaspersky intensifies US vs Russia flame war, accusing Bloomberg of creating 'conspiracy theories' about his company". computing.co.uk. 2015-03-20. Archived from the original on 2015-09-23. Retrieved 2018-11-30.
  8. ^ "Why the US Government Shouldn't Ban Kaspersky Security Software". Wired.com. Archived from the original on 2017-09-09. Retrieved 2017-09-09.
  9. ^ Shaheen, Jeanne (2017-09-04). "The Russian Company That Is a Danger to Our Security". The New York Times. ISSN 0362-4331. Archived from the original on 2017-09-08. Retrieved 2017-09-09.
  10. ^ "Kaspersky under scrutiny after Bloomberg story claims close links to FSB". Ars Technica. Archived from the original on 2017-09-09. Retrieved 2017-09-09.
  11. ^ Solon, Olivia (2017-09-13). "US government bans agencies from using Kaspersky software over spying fears". The Guardian. ISSN 0261-3077. Archived from the original on 2018-01-15. Retrieved 2017-12-18.
  12. ^ "Best Buy stops sale of Russia-based Kaspersky products". Reuters. 2017-09-08. Archived from the original on 2018-11-30. Retrieved 2018-11-30.
  13. ^ "What the Kaspersky Antivirus Hack Means for Consumers". Consumer Reports. 2017-10-12. Archived from the original on 2022-04-15. Retrieved 2022-03-14.
  14. ^ Nakashima, Ellen; Gillum, Jack (2017-09-13). "U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage". Washington Post. ISSN 0190-8286. Archived from the original on 2017-09-13. Retrieved 2017-09-13.
  15. ^ "Russian Hackers Stole NSA Data on U.S. Cyber Defense". Wall Street Journal. 2017-10-05. Archived from the original on 2022-01-07. Retrieved 2018-11-30.
  16. ^ Perlroth, Nicole; Shane, Scott (2017-10-10). "How Israel Caught Russian Hackers Scouring the World for U.S. Secrets". The New York Times. ISSN 0362-4331. Archived from the original on 2017-10-18. Retrieved 2017-10-19.
  17. ^ "Kaspersky Lab investigates attack on its own network | Kaspersky official blog". 2015-06-10. Archived from the original on 2022-02-08. Retrieved 2022-03-14.
  18. ^ Harris, Shane; Lubold, Gordon (2017-10-11). "Russia Has Turned Kaspersky Software Into Tool for Spying". Wall Street Journal. ISSN 0099-9660. Archived from the original on 2017-10-19. Retrieved 2017-10-19.
  19. ^ "Spy v spy v spy in Kaspersky case". The Australian. 2017-10-18. Archived from the original on 2017-10-21. Retrieved 2017-10-19.
  20. ^ Corera, Gordon (2017-11-16). "Kaspersky defends its role in NSA breach". BBC News. Archived from the original on 2017-11-16. Retrieved 2017-11-16.
  21. ^ "Preliminary results of the internal investigation into alleged incidents reported by US media". Kaspersky. 2017-10-25. Archived from the original on 2017-10-26. Retrieved 2017-10-26.
  22. ^ "Kaspersky Says Suspected NSA Code Was Lifted From U.S. Computer". Bloomberg.com. 2017-10-25. Archived from the original on 2017-10-25. Retrieved 2017-10-25.
  23. ^ Hern, Alex (2017-10-26). "NSA contractor leaked US hacking tools by mistake, Kaspersky says". The Guardian. Archived from the original on 2018-12-29. Retrieved 2017-10-26.
  24. ^ Jones, Sam; Arnold, Martin (2017-11-12). "UK spymasters raise suspicions over Kaspersky software's Russia links". The Financial Times. Archived from the original on 2017-11-13. Retrieved 2017-11-16.
  25. ^ "Barclays axes free Kaspersky product as a 'precaution'". BBC News. 2017-12-02. Archived from the original on 2018-09-24. Retrieved 2018-11-30.
  26. ^ "UK agencies warned off Russian anti-virus software". CNN. 2017-12-02. Archived from the original on 2018-06-23. Retrieved 2017-12-02.
  27. ^ "Trump signs into law U.S. government ban on Kaspersky Lab software". Reuters. 2017-12-12. Archived from the original on 2018-10-10. Retrieved 2018-01-14.
  28. ^ "Lithuania bans Kaspersky Lab software on sensitive computers". Reuters. 2017-12-21. Archived from the original on 2022-03-20. Retrieved 2022-03-20 – via www.reuters.com.
  29. ^ "Dutch government to phase out use of Kaspersky anti-virus software". Reuters. 2018-05-14. Archived from the original on 2022-03-20. Retrieved 2022-03-20 – via www.reuters.com.
  30. ^ "European Parliament Votes to Ban Kaspersky Products". www.securityweek.com. 2018-06-14. Archived from the original on 2022-03-15. Retrieved 2022-03-14.
  31. ^ "Kaspersky Lab response to EU Parliament vote on Report on Cyber Defence". www.kaspersky.com. 2021-05-26. Archived from the original on 2020-10-22. Retrieved 2022-03-14.
  32. ^ Annemans, Gerolf (2019). "Question for written answer P-001206/2019 to the Commission" (PDF). European Parliment. Archived (PDF) from the original on 2024-01-07. Retrieved 2024-01-07.
  33. ^ "Behördlicher Umgang mit Kaspersky-Software" (PDF). Deutscher Bundestag. 2018-11-27. Archived (PDF) from the original on 2021-05-07. Retrieved 2024-01-07.
  34. ^ "Commission des affaires étrangères, de la défense et des forces armées". Sénat. 2018-10-03. Archived from the original on 2024-01-07. Retrieved 2024-01-07.
  35. ^ "België bant Russische antivirussoftware niet". De Tijd. 2018-10-30. Archived from the original on 2022-03-08. Retrieved 2024-01-07.
  36. ^ Cimpanu, Catalin (2019-04-16). "EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification". ZDNET. Archived from the original on 2024-01-07. Retrieved 2024-01-07.
  37. ^ "P-001206/2019 Answer given by Ms Gabriel on behalf of the European Commission" (PDF). European Parliment. 2019-04-12. Archived (PDF) from the original on 2024-01-07. Retrieved 2024-01-07.
  38. ^ "Archived copy". Archived from the original on 2022-04-15. Retrieved 2022-03-15.{{cite web}}: CS1 maint: archived copy as title (link)
  39. ^ "Fears of Russian spying prompts Germany to ditch Kaspersky". CyberNews. 2022-03-15. Archived from the original on 2022-03-15. Retrieved 2022-03-15.
  40. ^ Kaspersky [@kaspersky] (2022-03-15). "Our statement in regard to the warning of German Federal Office for Information Security (BSI) Unser Statement zur Warnung des Bundesministeriums für Sicherheit in der Informationstechnik (BSI) https://t.co/KfH8daDGeE" (Tweet) (in German). Archived from the original on 2022-03-15. Retrieved 2022-03-18 – via Twitter.
  41. ^ a b Amante, Angelo (2022-03-17). "Italy set to curb use of Russian anti-virus software in public sector". Reuters. Archived from the original on 2022-03-18. Retrieved 2022-03-18 – via www.reuters.com.
  42. ^ Finkle, Jim. "Twitter bans ads from Russia's Kaspersky Lab". U.S. Archived from the original on 2018-09-16. Retrieved 2018-09-15.
  43. ^ "Kaspersky Lab announces global transparency initiative". ComputerWeekly.com. Archived from the original on 2018-05-16. Retrieved 2018-05-15.
  44. ^ a b c "Kaspersky Transparency Center | Kaspersky". www.kaspersky.com. Archived from the original on 2022-07-14. Retrieved 2022-03-12.
  45. ^ "Kaspersky completes its data-processing relocation to Switzerland and opens new Transparency Center in North America". kaspersky.com. 2020-11-17. Archived from the original on 2022-03-16. Retrieved 2022-03-27.
  46. ^ "Kaspersky to move some core infrastructure out of Russia to fight for trust". TechCrunch. 2018-05-15. Archived from the original on 2018-05-15. Retrieved 2018-05-15.
  47. ^ Lewis, James Andrew (2014-04-18). "Reference Note on Russian Communications Surveillance". csis.org. Archived from the original on 2022-03-07. Retrieved 2022-03-14.
  48. ^ Perlroth, Nicole; Shane, Scott (2017-10-10). "How Israel Caught Russian Hackers Scouring the World for U.S. Secrets". The New York Times. Archived from the original on 2018-11-29. Retrieved 2018-11-30.
  49. ^ a b Bing, Christopher (2022-03-31). "EXCLUSIVE U.S. Warned firms about Russia's Kaspersky software day after invasion -sources". Reuters. Archived from the original on 2022-03-31. Retrieved 2022-03-31.
  50. ^ "Kaspersky sues US government over federal software ban". Engadget. Archived from the original on 2018-09-16. Retrieved 2018-09-15.
  51. ^ Volz, Dustin. "Kaspersky Lab asks court to overturn U.S. government software ban". U.S. Archived from the original on 2018-09-14. Retrieved 2018-09-15.
  52. ^ "KASPERSKY LAB, INC. et al v. UNITED STATES OF AMERICA, No. 1:2018cv00325 - Document 14 (D.D.C. 2018)". Justia Law. Archived from the original on 2018-09-16. Retrieved 2018-09-15.
  53. ^ "Kaspersky Lab lawsuits against US thrown out". CNET. 2018-05-30. Archived from the original on 2018-09-16. Retrieved 2018-09-15.
  54. ^ Blake, Andrew. "Kaspersky Lab lawsuits against U.S. government dismissed in D.C. federal court". The Washington Times. Archived from the original on 2018-09-16. Retrieved 2018-09-15.
  55. ^ https://www.e-antivirus.info/files/user/20220302_EN.pdf Archived 2022-03-16 at the Wayback Machine [bare URL PDF]
  56. ^ "Thousands of Russian tech workers sign a petition opposing Putin's invasion of Ukraine". The Washington Post. 2022-02-26. Archived from the original on 2022-02-27. Retrieved 2022-03-28.
  57. ^ "Оставить подпись под открытым письмом представителей российской ИТ-индустрии по поводу военной операции на территории Украины". Archived from the original on 2022-03-31. Retrieved 2022-03-31.
  58. ^ Kaspersky, Eugene [@e_kaspersky] (2022-03-01). "We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone" (Tweet). Archived from the original on 2022-03-16. Retrieved 2022-03-18 – via Twitter.
  59. ^ Coker, James (2022-03-01). "Eugene Kaspersky's Statement Provokes Controversy Within Cybersecurity Industry". Infosecurity Magazine. Archived from the original on 2022-03-14. Retrieved 2022-03-14.
  60. ^ Novinson, Michael (2022-03-04). "Kaspersky: We're 'Not Affected' By The Sanctions On Russia". CRN. Archived from the original on 2022-03-11. Retrieved 2022-03-14.
  61. ^ "Russian Cybersecurity Giant Kaspersky Tries to Maintain Neutrality During Ukraine War". www.vice.com. March 2022. Archived from the original on 2022-03-14. Retrieved 2022-03-14.
  62. ^ "Kaspersky neutral stance in doubt as it shields Kremlin". CyberNews. 2022-03-03. Archived from the original on 2022-03-15. Retrieved 2022-03-15.
  63. ^ "BSI warnt vor dem Einsatz von Kaspersky-Virenschutzprodukten". Bundesamt für Sicherheit in der Informationstechnik. Archived from the original on 2022-04-24. Retrieved 2022-03-20.
  64. ^ "Kaspersky statement regarding the BSI warning". www.kaspersky.com. 2022-03-15. Archived from the original on 2022-03-18. Retrieved 2022-03-19.
  65. ^ "Eintracht Frankfurt end sponsorship deal with Russia's Kaspersky". 2022-03-15. Archived from the original on 2022-03-15. Retrieved 2022-03-19.
  66. ^ "Ferrari donates £830,000 to help Ukrainians and cancels deliveries to Russia · RaceFans". RaceFans. 2022-03-09. Archived from the original on 2022-03-19. Retrieved 2022-03-19.
  67. ^ "Ferrari pauses F1 partnership with Russian-based software maker Kaspersky - spokesman". Reuters. 2022-03-17. Archived from the original on 2022-03-18. Retrieved 2022-03-18 – via www.reuters.com.
  68. ^ "Ferrari - Enterprise Security Case Study - Kaspersky". usa.kaspersky.com. Archived from the original on 2022-08-31. Retrieved 2022-03-31.
  69. ^ David Shepardson; Raphael Satter (2022-03-26). "U.S. FCC adds Russia's Kaspersky, China telecom firms to national security threat list". reuters. Archived from the original on 2023-11-08. Retrieved 2022-03-26.
  70. ^ "Kaspersky statement on the FCC public notice". kaspersky.com. 2022-03-26. Archived from the original on 2022-03-27. Retrieved 2022-03-27.
  71. ^ "Proposal to Sanction Russian Cybersecurity Firm over Ukraine Invasion Splits Biden Administration". Wall Street Journal. 2022-03-30. Archived from the original on 2022-03-31. Retrieved 2022-03-31.
  72. ^ "Poland sanctions Gazprom among 50 Russian firms and oligarchs". Reuters. 2022-04-26. Archived from the original on 2022-04-27. Retrieved 2022-04-27.