- The US government privately informed American companies about software
- Kaspersky considers briefings unfair and damages its reputation
MARCH 31 – The US government began privately warning some American companies that Moscow could tamper with software owned by Russian cybersecurity firm Kaspersky to cause harm the day after Russia invaded Ukraine, according to a senior US official and two people familiar with the matter.
The secret briefings are part of Washington’s broader strategy to prepare critical infrastructure providers, such as water, telecommunications and power, for possible Russian invaders.
President Joe Biden said last week that sanctions against Russia over its February 24 attack on Ukraine could lead to a backlash, including cyber disruption, but the White House gave no details.
“The risk calculation has changed with the Ukraine conflict,” says the senior US official about Kaspersky’s software. “It has increased.”
One of the most popular antivirus software makers in the cybersecurity industry, Kaspersky is headquartered in Moscow and was founded by Eugene Kaspersky, whom US officials describe as a former Russian intelligence officer.
A Kaspersky spokeswoman said in a statement that the briefings about alleged risks posed by Kaspersky software would “further damage Kaspersky’s reputation without giving the company an opportunity to directly respond to such concerns,” and that this ” not appropriate or just”.
The senior US official said Kaspersky’s Russia-based employees could be coerced by Russian law enforcement or intelligence agencies into providing remote access to their customers’ computers or helping set them up.
Eugene Kaspersky graduated from the Institute of Cryptography, Telecommunications and Informatics previously administered by the Soviet KGB, according to his company website. The company spokeswoman said Kaspersky worked as a “software engineer” during military service.
The Russian cybersecurity firm, which has an office in the United States, lists partnerships with Microsoft, Intel and IBM on its website. Microsoft declined to comment. Intel and IBM did not respond to requests for comment.
On March 25, the Federal Communications Commission included Kaspersky on its list of communications equipment and service providers considered threats to US national security. Continue reading
This isn’t the first time Washington has claimed that Kaspersky can be influenced by the Kremlin.
People walk next to Russia’s Kaspersky booth during the GSMA’s Mobile World Congress (MWC) 2022 in Barcelona, Spain March 2, 2022. REUTERS/Albert Gea/File Photo
Continue reading
The Trump administration spent months banning Kaspersky from government systems and warning numerous companies not to use the software in 2017 and 2018.
US security agencies conducted a series of similar cybersecurity briefings surrounding the Trump ban. The content of those meetings four years ago is comparable to the new briefings, said one of the people familiar with the matter.
Over the years, Kaspersky has consistently denied wrongdoing or a secret partnership with Russian intelligence.
It is unclear whether a specific incident or new information led to the safety briefings. The senior official declined to comment on classified information.
To date, no US or allied intelligence agency has ever provided direct, public evidence of a backdoor in Kaspersky software.
Following the Trump decision, Kaspersky opened a series of transparency centers where partners can review its code for malicious activity. A blog post by the company at the time explained that the goal was to build trust with customers after the US allegations.
But the US official said the transparency centers are “not even a fig leaf” because they fail to address the US government’s concerns.
“Moscow software engineers take care of that [software] Updates, there is a risk,” they said. “They can send malicious commands through the updaters, and that’s coming from Russia.”
Cybersecurity experts say that antivirus software requires a deep level of control to detect malware due to the normal way it works on computers on which it is installed. This makes antivirus software an inherently beneficial channel to engage in spying.
Additionally, Kaspersky products are sometimes sold under white-label sales agreements as well. This means that in commercial stores, the software can be packaged and rebranded by IT contractors, making its origin difficult to determine immediately.
Without referring to Kaspersky by name, Britain’s Cybersecurity Center said on Tuesday that organizations offering Ukraine-related or critical infrastructure-related services should reconsider the risk associated with using Russian computer technology in their supply chains.
“We have no evidence that the Russian state intends to subsidize Russian commercial products and services to harm British interests, but lack of evidence is not evidence of absence,” the National Cyber Security Center said in a blog post.
Reporting by Christopher Bing; Adaptation by Chris Sanders and Grant McCool