Kaspersky Labs Accused of Working for Russian Spies

John Lister's picture

Russian-based antivirus company Kaspersky Labs has denied working with intelligence agencies in Russia. The denial follows a crackdown on US government agencies using the company's software.

The claims follow a series of previously unpublished emails sent in 2009 between company founder Eugene Kaspersky and colleagues. They mention a secret project "per a big request on the Lubyanka side." That's a reference to the headquarters of the FSB, the Russian security agency that's the modern-day equivalent of the KGB.

In principle the project was to work on defensive software for the FSB, protecting it from distributed denial of service attacks, in which troublemakers use a network of computers (often hijacked by malware) to flood a website or server with bogus data requests to knock it offline.

"Active Countermeasures" Raise Concerns

However, an email from Eugene Kaspersky reveals that the project also involved "active countermeasures." Bloomberg cites a source as saying these included providing real-time information on the physical location of the troublemakers and even accompanying the police and FSB staff on raids of suspects to provide technical support. (Source; Bloomberg.com)

The US General Services Administration announced this week that it has removed Kaspersky Labs from its list of approved vendors for IT services such as antivirus protection. Government agencies can still buy and use Kaspersky products, but won't be able to do so through a standard GSA contract, meaning it will become more time-consuming and bureaucratic to do so.

Company Says It's a Political Pawn

A Kaspersky Labs statement says the emails were misinterpreted and that it is being used as a pawn in political games between the US and Russia. It insisted that "The company has never helped, nor will help, any government in the world with its cyber-espionage efforts."

Nobody has made any public allegations that Kaspersky Labs has attempted to inappropriately gather or share any information on its antivirus customers, whether business, government or consumer. However, US politicians argued there's too much risk that the Russian government might try to persuade the company to help it either disrupt or compromise US networks. (Source: reuters.com)

What's Your Opinion?

Do you use or have you used Kaspersky security products? Does its Russian ownership concern you given ongoing political and cybersecurity tensions? Is the US right to reduce the usage of Kaspersky software among government agencies?

Rate this article: 
Average: 4.6 (12 votes)

Comments

Dennis Faas's picture

Whether or not Kaspersky is guilty of spying - one must wonder why the US is specifically pointing fingers at them for wrongdoing. In other words, there is likely much more evidence to the case than what is indicated in the story. At any rate, I can bet that this is going to have a hugely negative impact on their subscriptions.

Brian's picture

I have never used Kaspersky products because I assumed they WERE part of a Russian Spy Agency.

Time's picture

I have been using Kaspersky for quite a few years. I found that after they downloaded something to their software on my computer towards the end of last year that the hard drive is constantly running and my browser keeps freezing. I have to keep shutting down the browser constantly to use it. I also had to restore my computer to a date in June last night because I couldn't use my administrator permissions. I set it to run a scans only on the weekend but it run's it every day. I would have thought it would have found some kind of virus or something on the computer since I found changes I didn't make and wouldn't let me fix. I plan to uninstall Kaspersky tonight because I don't trust them anymore.

Don Cook's picture

I have no worries about "Kaspersky" as I'm not in the USA, so I'm not worth recording.

matt_2058's picture

Really, think about the damage ANY trusted software could do if so inclined. Instant, choreographed updates could affect millions in an instant. More so if that software was the gatekeeper.

It's interesting the US is concerned another country might use assets at their disposal to affect another country by playing dirty. Isn't that the norm? And directly from all the playbooks?

"However, US politicians argued there's too much risk that the Russian government might try to persuade the company to help it either disrupt or compromise US networks."

Kinda like the US Gov was pressuring Apple to unlock devices? And the talk about requiring a backdoor from companies? Granted, some differences, but basics are the same.

Nothing like karma.

ecash's picture

i STARTED USING AV software Long ago,
and I will tell you there is good/bad/Ugly and it CHANGES ALL the TIME...

YOU have more of a problem getting BOTS, Tracking software, monitoring software, on and on...By wondering the net..THEN a single program EVER setup to TRACK/MONITOR EVERYONE..
CIA/FBI/all the rest.. KNOW you cant track everyone, without getting 1/2 the world to watch the other 1/2.. It has to be Specific. They have to know WHO they want to track, WHERE they are, and SELL then the program to trace them.. Unless they know who is on the other end, You cant do it.
IF you want to be SECURE, DONT GET ON THE NET..Dont allow access to your machine from the net..Not even your cellphone..

ted_4434's picture

take the chance and use ANY security software designed by another country, especially a communist country? Especially mother Russia??? There are U.S. companies that make this type of software and seriously, I'm not sure which of those we can trust. Can we trust any of them? Who knows...

gsteele531_6987's picture

Does Microsoft have any employees working in Russia, or any Russian employees working in the US? Or Apple? Or any of the Ubuntu or other linux distributions? I'm not saying this to be too paranoid - I'm suggesting that the elephant in the room is being ignored, and there's insufficient paranoia. In Microsoft's case, of course, there are enough holes without needing FSB IT operatives to create them; but vulnerability rises with complexity, and the OS's are the most complex things we have running on our machines. The old saw applies, in the case of data security: frequent backups are mandatory. As for identity-related security, if you are on the net (hard not to be) you can not be guaranteed secure, period. Security is only ever as good as you proactively are able to make it - in IT, and in life.