Kaspersky bans and allegations of Russian government ties

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The company Kaspersky Lab has faced controversy over allegations that it has engaged with the Russian Federal Security Service (FSB)—ties which the company has actively denied. The U.S. Department of Homeland Security banned Kaspersky products from all government departments on 13 September 2017, alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). In October 2017, subsequent reports alleged that hackers working for the Russian government stole confidential data from the home computer of a National Security Agency contractor in 2015 via Kaspersky antivirus software. Kaspersky denied the allegations, stating that the software had detected Equation Group malware samples which it uploaded to its servers for analysis in its normal course of operation. The company has since announced commitments to increased accountability, such as soliciting independent reviews and verification of its software's source code, and announcing that it would migrate some of its core infrastructure for foreign customers from Russia to Switzerland.

Alleged Russian intelligence collaboration[edit]

According to the International New York Times, Kaspersky has "become one of Russia's most recognized high-tech exports, but its market-share in the United States has been hampered by its origins".[1] According to Gartner, "There's no evidence that they have any back-doors in their software or any ties to the Russian mafia or state... but there is still a concern that you can’t operate in Russia without being controlled by the ruling party".[2] CEO Eugene Kaspersky's prior work for the Russian military and his education at a KGB-sponsored technical college has led to allegations of being employed by Russia to expose US cyberweapons, though he denies this.[3][4] Analysts such as Gartner's Peter Firstbrook say suspicions about the firm’s Russian roots have hindered its expansion in the US.[2] The company has denied that it has direct ties with or has engaged with the Russian government.[5]

In August 2015, Bloomberg News reported that Kaspersky Lab changed course in 2012, as "high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia's military or intelligence services. Some of these people actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers".[6] Kaspersky criticized Bloomberg's coverage on his blog, calling the coverage sensationalist and guilty of exploiting paranoia to increase readership.[7]

From July 2017 to December 2017, U.S. government agencies phased out their use of Kaspersky software. In July 2017, the United States' General Services Administration (GSA) removed Kaspersky Lab from its list of vendors authorized to do business with the U.S. government amid further reports by Bloomberg and McClatchy DC alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). Anti-Russian sentiment had also grown in the country in the wake of an investigation of Russian interference in the 2016 presidential election. Kaspersky denied these reports, stating that it did not have "inappropriate ties" with any government, and "never received a request from the Russian government or any affiliated organization to create or participate in any secret projects, including one for anti-DDoS protection".[8][9][10][11]

On 8 September 2017, U.S. electronics store chain Best Buy pulled Kaspersky products amid concerns over these ties.[12] On 13 September 2017, the Department of Homeland Security issued an order stating that in 90 days Kaspersky products will be banned from use within the U.S. civilian federal government, citing "[concerns] about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."[13]

NSA theft controversy[edit]

On 6 October 2017, The Wall Street Journal - citing "multiple people with knowledge of the matter" - alleged that in 2015, hackers working for the Russian government used Kaspersky antivirus software to steal classified material from a home computer belonging to a National Security Agency (NSA) contractor. According to the report, the incident occurred in 2015 and remained undiscovered until early 2016. The stolen material reportedly included "details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S."[14] The New York Times reported that the hacks had been discovered by Israeli intelligence agents who had themselves hacked into Kaspersky's network.[15] On 11 October 2017, The Wall Street Journal additionally alleged that Russian intelligence uses Kaspersky software to scan computers worldwide for material of interest.[16] The company once again denied the reports, arguing that they were "baseless paranoia" and a "witch hunt", and considered it suspicious that major U.S. media outlets simultaneously "went for us almost in full force and they fantasized simultaneously, as if receiving an order, but they've got confused in details."[17]

On 23 October 2017, Kaspersky announced a "Global Transparency Initiative", under which it would be more accountable for security issues surrounding its products, and would allow third-party analysts to validate its products and other business practices in order to validate their integrity. The company stated that trust "must be repeatedly earned through an ongoing commitment to transparency and accountability", and that this program was a "reaffirmation of the company's commitment to earning and maintaining the trust of their customers and partners every day."[18]

On 25 October 2017, Kaspersky confirmed that the incident described by The Wall Street Journal had occurred in 2014, and was the result of the software having detected a ZIP file containing samples and source code from the Equation Group. The user had enabled the Kaspersky Security Network (KSN) features of the software, so the files were automatically uploaded to Kaspersky as a malware sample to KSN for analysis, under the assumption that it was a new malware variant. Eugene Kaspersky stated that he ordered that the sample be destroyed. Kaspersky claimed that the antivirus software had been temporarily disabled by the PC's user in order to install a pirated copy of Microsoft Office. When the software was re-enabled, it detected both the Equation Group code, as well as unrelated backdoor infections created by a keygen program for Office, which may have facilitated third-party access to the computer.[19][20][21][22]

On 13 November 2017, the British intelligence agency MI6 raised suspicions over Kaspersky Lab software after it was distributed free to more than 2 million UK Barclays customers.[23] On 2 December 2017, Barclay's announced that they would no longer provide their new customers with the company's software.[24] Also around 2 December 2017, Britain's National Cyber Security Center advised, as a national security precaution, that UK government departments avoid Russia-based anti-virus software such as Kaspersky, but stated there was "no compelling case at present to extend that advice" to the wider public.[25] On 9 December 2017, the U.S. government banned Kaspersky from federal civilian and military computers as part of a broader defense bill.[26]

Twitter advertising ban[edit]

In January 2018, Twitter banned Kaspersky from advertising on Twitter, stating that "Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter Ads business practices", and citing the Department of Homeland Security's warning about Kaspersky.[27]


On 15 May 2018, Kaspersky Lab announced that it would be migrating some "core infrastructure" from Russia to new data centers in Switzerland. Kaspersky software and antivirus definitions for foreign markets will be compiled and digitally signed in Switzerland by the end of 2018 (products targeting Russia will still be compiled on existing domestic infrastructure), and user data for most foreign markets will be stored and processed on Swiss servers by the end of 2019. The Swiss operations will be overseen by a third-party organization holding "all access necessary to verify the trustworthiness of our products and business processes", and will be accompanied by one of the three planned "Transparency Center" facilities, at which "responsible stakeholders" will be allowed to inspect Kaspersky's source code and business practices to verify their integrity. Kaspersky stated that this move was "first and foremost in response to the evolving, ultra-connected global landscape and the challenges the cyber-world is currently facing", and was a further step in its goal to be more accountable and trustworthy in its business practices.[28]

Lawsuits against US federal government[edit]

In December 2017 and February 2018 the company sued the Trump administration, arguing the ban to be a bill of attainder and a violation of due process, and arguing that the government unfairly tarnished Kaspersky's reputation.[29][30] Both cases were dismissed on May 30, 2018 by Judge Colleen Kollar-Kotelly, a former presiding judge of the Foreign Intelligence Surveillance Court, declaring both as unsubstantial.[31][32][33]

See also[edit]


  1. ^ Sanger, David; Perlroth, Nicole (February 16, 2015). "Bank hackers reportedly steal vast sums: Security firm puts toll from international gang at $300 million or more". International New York Times.[dead link]
  2. ^ a b Kramer, Andrew E.; Perlroth, Nicole (June 3, 2012). "Expert Issues a Cyberwar Warning". The New York Times.
  3. ^ Kaspersky, Eugene (December 2012). "100 Top Global Thinkers of 2012: For decoding the secrets of cyberwar; Computer security expert, Russia". Foreign Policy (197).
  4. ^ Zetter, K. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Crown/Archetype. p. 293. ISBN 978-0-7704-3618-6. Retrieved November 11, 2015.
  5. ^ Nakashima, Ellen (14 Sep 2017). "Why the U.S. government is moving to ban this Russian software company". Washington Post. Retrieved 15 September 2017.
  6. ^ Matlack, Carol (March 19, 2015). "The Company Securing Your Internet Has Close Ties to Russian Spies". Bloomberg.com. Retrieved April 26, 2016.
  7. ^ "Eugene Kaspersky intensifies US vs Russia flame war, accusing Bloomberg of creating 'conspiracy theories' about his company". computing.co.uk.
  8. ^ "Why the US Government Shouldn't Ban Kaspersky Security Software". Wired.com. Retrieved 2017-09-09.
  9. ^ Shaheen, Jeanne (2017-09-04). "The Russian Company That Is a Danger to Our Security". The New York Times. ISSN 0362-4331. Retrieved 2017-09-09.
  10. ^ "Kaspersky under scrutiny after Bloomberg story claims close links to FSB". Ars Technica. Retrieved 2017-09-09.
  11. ^ Solon, Olivia (2017-09-13). "US government bans agencies from using Kaspersky software over spying fears". The Guardian. ISSN 0261-3077. Retrieved 2017-12-18.
  12. ^ "Best Buy stops sale of Russia-based Kaspersky products". Reuters. September 8, 2017.
  13. ^ Nakashima, Ellen; Gillum, Jack (2017-09-13). "U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage". Washington Post. ISSN 0190-8286. Retrieved 2017-09-13.
  14. ^ Lubold, Gordon; Harris, Shane (6 October 2017). "Russian Hackers Stole NSA Spy Secrets". The Wall Street Journal. New York City. pp. 1, 4. Retrieved 12 October 2017.
  15. ^ Perlroth, Nicole; Shane, Scott (2017-10-10). "How Israel Caught Russian Hackers Scouring the World for U.S. Secrets". The New York Times. ISSN 0362-4331. Retrieved 2017-10-19.
  16. ^ Harris, Shane; Lubold, Gordon (2017-10-11). "Russia Has Turned Kaspersky Software Into Tool for Spying". Wall Street Journal. ISSN 0099-9660. Retrieved 2017-10-19.
  17. ^ "Spy v spy v spy in Kaspersky case". The Australian. 2017-10-18. Retrieved 2017-10-19.
  18. ^ "Kaspersky Lab announces global transparency initiative". ComputerWeekly.com. Retrieved 2018-05-15.
  19. ^ Corera, Gordon (2017-11-16). "Kaspersky defends its role in NSA breach". BBC News. Retrieved 2017-11-16.
  20. ^ "Preliminary results of the internal investigation into alleged incidents reported by US media". Kaspersky. 2017-10-25. Retrieved 2017-10-26.
  21. ^ "Kaspersky Says Suspected NSA Code Was Lifted From U.S. Computer". Bloomberg.com. 2017-10-25. Retrieved 2017-10-25.
  22. ^ Hern, Alex (26 October 2017). "NSA contractor leaked US hacking tools by mistake, Kaspersky says". The Guardian. Retrieved 26 October 2017.
  23. ^ Jones, Sam; Arnold, Martin (12 November 2017). "UK spymasters raise suspicions over Kaspersky software's Russia links". The Financial Times. Retrieved 2017-11-16.
  24. ^ "Barclays axes free Kaspersky product as a 'precaution'". BBC News. 2 December 2017.
  25. ^ "UK agencies warned off Russian anti-virus software". CNN. 2 December 2017. Retrieved 2 December 2017.
  26. ^ "Trump signs into law U.S. government ban on Kaspersky Lab software". 12 December 2017. Retrieved 14 January 2018 – via Reuters.
  27. ^ Finkle, Jim. "Twitter bans ads from Russia's Kaspersky Lab". U.S. Retrieved 2018-09-15.
  28. ^ "Kaspersky to move some core infrastructure out of Russia to fight for trust". TechCrunch. Retrieved 2018-05-15.
  29. ^ "Kaspersky sues US government over federal software ban". Engadget. Retrieved 2018-09-15.
  30. ^ Volz, Dustin. "Kaspersky Lab asks court to overturn U.S. government software ban". U.S. Retrieved 2018-09-15.
  31. ^ "KASPERSKY LAB, INC. et al v. UNITED STATES OF AMERICA, No. 1:2018cv00325 - Document 14 (D.D.C. 2018)". Justia Law. Retrieved 2018-09-15.
  32. ^ "Kaspersky Lab lawsuits against US thrown out". CNET. 2018-05-30. Retrieved 2018-09-15.
  33. ^ http://www.washingtontimes.com, The Washington Times. "Kaspersky Lab lawsuits against U.S. government dismissed in D.C. federal court". The Washington Times. Retrieved 2018-09-15.