The Kaspersky Labs security products are now banned for use by the US government agencies according to several reports. The concerns are linked to potential links between the company and the Russian Federation intelligence services.
The General Service Administration (GSA) has stated that the vendor has been been removed from the list of approved companies. This effectively means that government agencies will find it very difficult to acquire products made by the company. The company denied any allegations, naming them as “inaccurate statements”.
Kaspersky Anti-Virus – Potential Threat or a False Warning
The news came after several large media reported about the GSA decision. According to Bloomberg journalists the CEO of the Russian company Eugene Kaspersky has communicated with senior staff via emails about a secret cybersecurity initiative linked with the FSB, the Russian intelligence service. The reports state that Kaspersky has described software that is able to both “protect against attacks” and action “active countermeasures”. It is possible that such applications can be used to gain sensitive information about the hosts intentionally, as telemetry data is actively collected and relayed to the vendors servers. The potential dangers associated with such infections can include the following:
- Surveillance – Anti-virus products actively monitor all system and user processes. This gives them the ability to monitor all actions made by the users or in an automated way. Implanting malicious code into Kaspersky anti-virus products or other tools can give the vendor or the intelligence services real-time surveillance capabilities.
- Data Theft – FSB-issued Kaspersky anti-virus installers can be used by the Russian intelligence officers to steal sensitive data from the infected computers.
- Additional Malware Infection – Active infections can lead to code execution that has the potential to download other malware to the victims.
- System Modification – Similar to computer viruses any malicious code can be used to modify the behavior and configuration of the affected computers. Depending on the built-in in commands such actions can hinder performance or even cause system malfunction.
Kaspersky Denies the Allegations
Kaspersky Lab officially denied the allegations in a public statement by calling them “inaccurate representations”. Any possible links with Russian intelligence services or other state actors for conducting criminal surveillance or hacker attacks against the USA has been labeled as “false theory”. The company testifies that it abides by all ethical standards to protect their customers from computer viruses and malware.
Kaspersky has responded to the allegations by addressing potential issues in several points:
1. The media reported about Kaspersky developed technologies that are embedded in numerous devices that do not the name of the company. This is due to the license agreements with Kaspersky’s partners that permit the inclusion of anti-malware engines in third-party solutions.
2. Kaspersky officials are alleged to maintain a close relationship with the Russian intelligence services. The company stated that it has publicly acknowledged its cooperation with state agencies and institutions of many countries to defend them against computer criminals.
3. Any requests made by the Russian government or its agencies are denied. Kaspersky revealed that internal communication between Eugene Kaspersky and other officials explicitly forbids any information leaks on secret projects, especially to outside parties.
4. Kaspersky Lab state that their products are one of the first to feature hourly updates. They oblige not to spy on their customers or perform malicious actions in any case.
5. The emails cited by Bloomberg may be authentic however according to the company they do not correspond to the truth.
6. The company actively works with Internet hosting providers (ISPs) and other entities to combat botnets and other large-attacks. Virus infections and potential intrusions can be countered by coordinating effectively defensive strategies.
7. The term “active countermeasures” is described as part of the anti-virus’s engine that prevents hacker attacks. Kaspersky Labs state that this term should not be used to reference any potential malicious activity towards customers.
8. The link between Kaspersky and the Russian FSB, as well as other intelligence services is described as professional. According to Russian laws the company complies with expertise when combating cyber attacks in assistance to the government. The company does not provide the agencies with data from their customers as that is “technically impossible”.
9. The emails state of Mr. Chekunov that is described as a former KGB officer and the chief legal officer of the alleged secret project. In fact the programmer has worked for the Border Service in the Soviet Union and does not work as the head of such a project.
So far the US government has not been able to identify any real evidence of a connection between the company and the Russian intelligence services or another state actor. It is very likely that these actions are a follow-up action to political decisions made by the government. A similar incident occurred when the proprietary secured OS made by the vendor (KasperskyOS) was introduced a few months ago.
The idea behind the project was to create a secure operating system from scratch to minimize the possibility of using any known exploits or discovering weaknesses. The company is offering the product to hardware partners citing it as a reliable and secure option. When it was released to the public there were some reports and statements issued by media that allegedly blamed it for being a spy service operated by the Russian intelligence services.
It is possible that we might see other anti-virus vendors or hardware companies removed from the GSA’s list in the future as well.