Kaspersky investigated by the F.B.I. for possible links to Russian security services.
On Wednesday, the federal government moved to wipe any software made by a prominent Russian cybersecurity firm, Kaspersky Lab, from its computer systems. Kaspersky Lab antivirus software is being investigated by the F.B.I. for possible links to Russian security services.
The concerns surrounding Kaspersky, whose software is sold throughout the United States, are longstanding. The F.B.I., aided by American spies, has for years been trying to determine whether Kaspersky’s senior executives are working with Russian military and intelligence, according to current and former American officials. The F.B.I. has also been investigating whether Kaspersky software, including its well-regarded antivirus programs, contain back doors that could allow Russian intelligence access into computers on which it is running. The company denies the allegations.
The debate broke open last week when the Wall Street Journal reported that Russian government hackers had stolen classified data from the home computer of an NSA contractor who had Kaspersky antivirus software installed. Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software (known as malware).
According to several recent reports, the Russian government has used antivirus software from the private Russian company Kaspersky to steal classified U.S. data.
The revelations, following months of vague warnings from U.S. officials, suggest that the U.S. has “direct evidence that there are ways to remote into Kaspersky and pull data back without the user’s intention,” David Kennedy, a prominent security consultant and former U.S. Marines hacker, told Yahoo Finance. “And that is very, very scary. That means that anybody in the world that has Kaspersky installed may have the potential to have their data accessed by Kaspersky.”
But many in the cybersecurity community, such as American cyberwarfare expert Jeffrey Carr, argue that the U.S. government’s allegations shouldn’t be trusted and that “Kaspersky Lab has suffered more slander from more supposedly reputable news outlets than any company in recent memory.”
A subsequent report detailed how Israeli intelligence alerted the U.S. of the Russian espionage-via-antivirus after infiltrating Kaspersky’s system in 2014 and watching Russian hackers search computers running Kaspersky for specific codenames of classified American programs.
U.S. intelligence agencies reported that “we studied the software and even set up controlled experiments to see if they could trigger Kaspersky’s software into believing it had found classified materials on a computer being monitored by U.S. spies,” and that the experiments “persuaded officials that Kaspersky was being used to detect classified information.”
The officials, all of whom spoke on the condition of anonymity because the inquiries are classified, would not provide details of the information they have collected on Kaspersky. But on Wednesday, Elaine C. Duke, the acting secretary of Homeland Security, ordered federal agencies to develop plans to remove Kaspersky software from government systems in the next 90 days. Kaspersky has denied the allegations, saying, “Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question.” Consequently, the question is whether observers should trust Kaspersky or the U.S. government, who is making the claims through selective leaks and mostly anonymous sources.