Are Kaspersky Lab products a threat to U.S. national security?
That’s the premise of an explosive new report by social news site BuzzFeed, which claims that U.S. intelligence officials are increasingly concerned that the Moscow-based cybersecurity vendor maintains a “close relationship” with the Russian government and that its products are widely used by U.S. government agencies.
Citing three unnamed American intelligence sources, the article claims that officials are trying to figure out how Kaspersky products were approved for government use in the first place, and how to get rid of them.
“Kaspersky’s use within the US government has been of concern — particularly by the FBI — for at least a year, the three intelligence officials said,” according to the article. “But it wasn’t until recently that the wider intelligence community began paying attention, once the scope of its multiple US government contracts became clear.”
The intelligence officials are quoted as telling BuzzFeed that part of the problem involves third party contractors that use Kaspersky products.
“There’s a running concern, they said, that the US government was not properly vetting the access agreements between those third-party vendors and Kaspersky,” the article said.
In an email statement to MSPmentor, Kaspersky officials said the company’s reputation is being attacked unfairly.
A Kaspersky spokesperson told BuzzFeed that the company was unaware of any official concerns by U.S. government officials.
“The company’s reputation and success depends on abiding by normal business ethics, which is why it’s disappointing that Kaspersky Lab is being unjustly judged by ‘concerned sources’ without any hard evidence to back up their false allegations,” the piece states.
It’s not the first time Kaspersky Lab has come under scrutiny over alleged links to Russian intelligence.
In March 2015, Bloomberg published a scathing investigative report entitled “The Company Securing Your Internet Has Close Ties to Russian Spies.”
“Founder and Chief Executive Officer Eugene Kaspersky was educated at a KGB-sponsored cryptography institute, then worked for Russian military intelligence,” the Bloomberg article said.
It added that, since 2012, “high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia’s military or intelligence services.”
“Some of these people actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers who rely on Kaspersky Lab’s software, say six current and former employees who declined to discuss the matter publicly because they feared reprisals,” Bloomberg reported then.
Eugene Kaspersky fired back following that report, arguing that the company’s relationship with Russian authorities is no different than the cooperation it provides to law enforcement in other countries where it does business.
“Exploiting paranoia is always a great tool for increasing readership,” he wrote in a blog post at the time.
“Of course we want to dispel any speculation about our participation in any conspiracy,” the blog continues. “We’ve nothing to hide: we’re in the security business and to be successful in it you have to be open to scrutiny.”
In the new BuzzFeed story, the unnamed U.S. officials say sensitivity to Kaspersky’s government contracts has grown more acute in the wake of Russian cyberattacks during the U.S. Presidential election.
“Public contracting records show Kaspersky began getting US government contracts to protect online systems at the National Institute of Health in 2008, and by 2014, the company’s products were being used by the Department of Justice, the Treasury Department and several offices within the State Department, including some US embassies,” the article states.
“The scope of Kaspersky’s use within US systems, the official said, could be even larger than it appears based on public contracting records,” it goes on. “The official did not go into detail, but said Kaspersky software appears to be a ‘licensed component of other cyber products’ sold by other vendors in use by the US government.”
The article quotes an exchange at a March 30 meeting of the Senate Intelligence Committee, during which Sen. Marco Rubio asked former NSA director Keith Alexander if he would use Kaspersky products.
“I wouldn’t,” Alexander is quoted as telling the senator. “You shouldn’t either.”
Another cybersecurity expert, however, took an opposing view.
Thomas Rid, a professor at the Department of War Studies at King’s College London, pointed out to the committee that Kaspersky has published unflattering information about Russian cyberattacks.
“Kaspersky is not an arm of the Russian government,” he said, according to BuzzFeed.
Send tips and news to [email protected].