Ethan Burk
Man staring at at computer with hand over mouth with Kaspersky labs sign above him BBC
In 2017 there was a major outcry from the NSA and several members of Congress to prohibit the use of the cybersecurity products made by Kaspersky Labs. This aggressive action came after the Wall Street Journal published an article about how Russian-based hackers infiiltrated an NSA contractor’s home computer and stole sensitive files related to the US intelligence agency. According to the article the hacker had used the Kaspersky Labs Anti-Virus on the victim's computer to gain access to these files, causing an uproar in the US intelligence community. Kaspersky representatives claimed to have not supplied any knowledge to the operative and claimed no relation to the attack. The US intelligence community then introduced a prohibition on the use of any Kaspersky Labs products on any federal government computers and further prohibited Kaspersky products from being used by government contractors, and subcontractors on projects related to national security. After this initial prohibition the US electronic retail chain Best Buy discontinued the sale of Kaspersky Lab’s products causing further damage to their brand image in North America. After this prohibition the Russian Government responded by releasing a statement claiming this prohibition was done to discourage growth of Russian companies in the US marketplace.
Kaspersky Labs is a Moscow-based cybersecurity company mainly known for its antivirus software called Kaspersky Antivirus. It is a widely used antivirus software known for its extensive suite of cybersecurity tools including its VPN, Data leak check, and identity protection programs. According to Kaspersky’s website, they have over 400 million clients and over 270,000 corporate clients internationally and work with clients to prevent/mitigate cyber attacks. The ongoing controversy surrounding Kaspersky is its relationship with the Russian government as a whole and specifically the FSB, the Russian federal agency that conducts domestic security work and counterintelligence. In 2017, the newspaper Bloomberg published an article on leaked emails that showed Kaspersky had worked with FSB to develop some security technologies. The article went further to say that Kaspersky had been developing active countermeasures to locate hackers and that the company helped police conduct raids on hackers. Kaspersky claimed that these technologies were focused on protecting the agency from Distributed Denial of Service (DDOS) attacks as cyberattacks become more common in the region. Since this controversy, Kaspersky Labs has undertaken a project referred to as their “Global Transparency Initiative” where the company has built several international “Transparency Centers” to help showcase some of the security company's inner workings and data processing techniques. Many experts in the US intelligence community remain skeptical of the company’s independence since the majority of Kaspersky Lab’s headquarters are still based in Moscow. There is currently no evidence linking Kaspersky Labs to any cyber espionage campaigns and the company moved their servers and projects outside of Russia to maintain the independence of their data processing centers.
Since the inception of the 2022 Russian invasion of Ukraine, skepticism of Kaspersky has been revived and coupled with the Biden Administration’s stance on the Ukraine war. Kaspersky is once again being monitored by US security agencies as well as being targeted by the Federal Communications Commission(FCC). In May of 2022, the FCC added Kaspersky Lab’s software to the National Security Threat List, which prohibits companies that use this software from receiving certain federal subsidies under the Secure Networks Act of 2020, limiting the adoption and use of Kaspersky Labs products in the United States. A representative from Kaspersky stated this new decision was “…unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services.”
Since this decision from the FCC, several Western countries began discouraging, banning, or otherwise prohibiting the use of Kaspersky products (although none of these countries have directly sanctioned the company yet). On October 31st, 2023, Canada announced a ban on both the Chinese communication app WeChat as well as Kaspersky Antivirus on all government-issued mobile devices. While this ban is limited to government devices , the Canadian government did release a statement encouraging citizens to protect themselves from cyberattacks using the Canadian Centre for Cybersecurity’s website. Within the EU, Lithuania banned the use of Kaspersky antivirus on “sensitive” computers in 2017, and in 2022 the German Federal Office for Information Security (BSI) released a statement advising users against using Kaspersky antivirus. In both cases, Kaspersky released statements maintaining its commitment to independence and transparency for its users, and its frustration with the actions of various governments against it.
The future of Kaspersky Lab’s software remains uncertain with its continued involvement with the FSB and the ongoing conflict between Russia and Ukraine. There is valid concern that Kaspersky antivirus might be influenced or could be influenced by the Russian Government to become more involved in its offensive hacking operations. There has also been an outcry from western powers (namely the EU and the US) to officially sanction Kaspersky Labs. There is also equally valid evidence showing that Kaspersky will remain neutral in its operations, considering it has managed in maintaining its neutrality during the invasion of Ukraine. The lack of evidence on Kaspersky’s connection to offensive cyber campaigns against other nations, along with their proactive steps in becoming transparent, and their physical relocation of facilities further from the Kremlin demonstrate Kaspersky’s low involvement with the Russian government. This paucity of evidence illustrates a parallel between Kaspersky and cyber espionage, even as western powers continue to take aggressive action on the company.
References
52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities. | Acquisition.GOV. https://www.acquisition.gov/far/52.204-23. Accessed 10 Feb. 2024.
“Best Buy Stops Sale of Russia-Based Kaspersky Products.” Reuters, 8 Sept. 2017. www.reuters.com, https://www.reuters.com/article/idUSKCN1BJ2O7/.
Bing, Christopher, and Christopher Bing. “EXCLUSIVE U.S. Warned Firms about Russia’s Kaspersky Software Day after Invasion -Sources.” Reuters, 31 Mar. 2022. www.reuters.com, https://www.reuters.com/technology/exclusive-us-warned-firms-about-russias-kaspersky-software-day-after-invasion-2022-03-31/.
“Canada Bans WeChat and Kaspersky over Fears of Spying.” Cybernews, 31 Oct. 2023, https://cybernews.com/news/canada-bans-wechat-kaspersky-spying/.
“Five Years of Transparency: Kaspersky Reveals Key Highlights and Global Transparency Initiative Expansion Plans.” Www.Kaspersky.Com, 11 July 2023, https://www.kaspersky.com/about/press-releases/2023_five-years-of-transparency-kaspersky-reveals-key-highlights-and-global-transparency-initiative-expansion-plans.
Kaspersky Cyber Security Solutions for Home and Business | Kaspersky. https://usa.kaspersky.com/. Accessed 27 Feb. 2024.
“Kaspersky Lab Has Been Working With Russian Intelligence.” Bloomberg.Com, 11 July 2017. www.bloomberg.com, https://www.bloomberg.com/news/articles/2017-07-11/kaspersky-lab-has-been-working-with-russian-intelligence.
Kaspersky: Russia Responds to US Ban on Software. 13 Sept. 2017. www.bbc.com, https://www.bbc.com/news/world-us-canada-41262049.
“Kaspersky Statement Regarding the BSI Warning.” Www.Kaspersky.Com, 15 Mar. 2022, https://www.kaspersky.com/about/press-releases/2022_kaspersky-statement-regarding-the-bsi-warning.
“Lithuania Bans Kaspersky Lab Software on Sensitive Computers.” Reuters, 21 Dec. 2017. www.reuters.com, https://www.reuters.com/article/idUSKBN1EF23M/.
Lubold, Gordon, and Shane Harris. “Russian Hackers Stole NSA Data on U.S. Cyber Defense.” Wall Street Journal, 5 Oct. 2017. www.wsj.com, https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108.
McKinnon, John D., and Dustin Volz. “WSJ News Exclusive | Biden Administration Weighs Action Against Russian Cybersecurity Firm.” Wall Street Journal, 7 Apr. 2023. www.wsj.com, https://www.wsj.com/articles/biden-administration-weighs-action-against-russian-cybersecurity-firm-b84afcd7.
Protect How You Connect - Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/guidance/protect-how-you-connect. Accessed 27 Feb. 2024.
Salama, Vivian, and Dustin Volz. “WSJ News Exclusive | Proposal to Sanction Russian Cybersecurity Firm Over Ukraine Invasion Splits Biden Administration.” Wall Street Journal, 30 Mar. 2022. www.wsj.com, https://www.wsj.com/articles/proposal-to-sanction-russian-cybersecurity-firm-over-ukraine-invasion-splits-biden-administration-11648671905.
Shepardson, David, et al. “U.S. FCC Adds Russia’s Kaspersky, China Telecom Firms to National Security Threat List.” Reuters, 26 Mar. 2022. www.reuters.com, https://www.reuters.com/business/media-telecom/us-fcc-adds-ao-kaspersky-lab-china-telecom-firms-national-security-threat-list-2022-03-25/.
“U.S. Finalizes Rule Banning Kaspersky Products From Government Contracts.” Nextgov.Com, 9 Sept. 2019, https://www.nextgov.com/cybersecurity/2019/09/us-finalizes-rule-banning-kaspersky-products-government-contracts/159742/.