Kaspersky’s attempt to overturn US government ban thrown out of court

Federal judge rules against security firm in lawsuit against Homeland Security

19/12/2017: Kaspersky Lab files lawsuit against Trump administration

Kaspersky Lab has filed a lawsuit against the Trump administration over a ban on its anti-virus products.

Eugene Kaspersky, CEO of Kaspersky Lab, said the company had filed an appeal against the US Department of Homeland Security's (DHS) Binding Operational Directive 17-01, which requires federal agencies and departments to remove the company's products from federal information systems.

Kaspersky said, in an open letter published yesterday, that the DHS failed to provide the company with adequate due process and "relied primarily on subjective, non-technical public sources like uncorroborated and often anonymously sourced media reports and rumors in issuing and finalising the Directive".

Advertisement
Advertisement - Article continues below

"DHS has harmed Kaspersky Lab's reputation and its commercial operations without any evidence of wrongdoing by the company," wrote Kaspersky. "Therefore, it is in Kaspersky Lab's interest to defend itself in this matter."

The DHS declined to provide a comment to IT Pro on this story.

The US government signed into law last week (see below) a government-wide ban on Kaspersky Lab software after months of suspicion the Russian-based cybersecurity company could spy on other countries through its products.

The company has repeatedly denied links to any government or state influence and underlines its business operations are independent of the Russian government.

Parliament's intelligence and security committee (ISC) is considering a Russia investigation into the country's activity against the UK, it emerged last month. The ISC has oversight of the UK intelligence committee, including MI5, MI6, and GCHQ.

13/12/2017: US renders it illegal to use Kaspersky in any government department

The US government has now signed into law a government-wide ban on Kaspersky Lab software, following months of rising suspicion that the Russian-based firm could spy on nation states.

The official ban, which was added this week as section 1634 of the Fiscal Year 2018 National Defense Authorization Act (NDAA), states that "no department, agency, organisation, or other element of the Federal Government" may use any products developed by Kaspersky Lab, or any company it controls.

Following a ban on Kaspersky products issued by the Department of Homeland Security in September, the act covers any hardware, services, or antivirus software that's either developed in whole, or in part by Kaspersky Lab, or companies in which it has a majority stake.

Part of the act stipulates that there will be a yet-to-be-determined authority responsible for overseeing the removal of all Kaspersky Lab products from federal systems, which will also perform regular audits to ensure the banned software hasn't slipped back into the network.

Advertisement
Advertisement - Article continues below

Kaspersky has consistently rejected allegations of colluding with Russia or spying on other countries.

"Considering the grave risk that Kaspersky Lab poses to our national security, it's necessary that the current directive to remove Kaspersky Lab software from government computers be broadened and reinforced by statute," said senator Jeanne Shaheen, a key proponent of the act.

"The case against Kaspersky is well-documented and deeply concerning. This law is long overdue, and I appreciate the urgency of my bipartisan colleagues on the Senate Armed Services Committee to remove this threat from government systems."

Shaheen added that she would continue to push for additional measures that protect the US from "harmful foreign interference".

Kaspersky said it has "serious concerns" about section 1634 and that the company has been unfairly targeted by Congress. 

"All software, including various products more widely deployed in government networks than Kaspersky Lab software, can have vulnerabilities exploited by a malicious cyber actor. Yet, Congress failed to address this fact or take a comprehensive look at federal IT sourcing policies to determine what improvements, if any, Congress could make to existing statutory and administrative authorities related to protecting government networks," the company said, in a statement to IT Pro.

"Instead, Congress singled out Kaspersky Lab based solely on the location of its headquarters, resulting in substantial and irreparable harm to the company, its U.S.-based employees, and its U.S.-based business partners. Kaspersky Lab is assessing whether any further action is appropriate to protect its interests.

"In the meantime, Kaspersky Lab continues to prioritize protecting its customers from cyber threats, regardless of their origin or purpose, and collaborating globally with the IT security community to fight cybercrime."

CEO Eugene Kaspersky also tweeted a map of his travels in December last week, showing multiple visits (but none to the US) to combat what he called "the recent false allegations by a handful of U.S.media".

The law is the latest government measure against the Moscow-based Kaspersky Lab at a time when it faces pressure over its alleged links to Russia. The UK's National Cyber Security Centre said last week that Kaspersky products risk the UK's national security, and has recommended that British government departments remove any Russian antivirus software from their systems.

Advertisement
Advertisement - Article continues below

The increasing volatility prompted Kaspersky Labs to close its Washington DC office last week, which was responsible for developing the company's relationship with the US, according to Bloomberg

Kaspersky Lab has repeatedly rebuked claims of state influence and says its business operations are independent of the Russian government. In October the company invited independent security experts to review its source code in an attempt to dissuade fears, a process it has confirmed is ongoing.

23/10/2017: Kaspersky invites security experts to review its source code

Kaspersky is set to commission an independent review of its antivirus software as part of a "global transparency initiative", following fears that the vendor is colluding with Russian government spies.

In a move that is clearly an attempt to win back the trust of both customers and governments, the company today said it would allow its source code to be reviewed by a third-party, as well as committing to opening three "Transparency Centres" in Asia, Europe and the US by 2020.

It will also ask the wider cyber security community for testimonials on the validity of its software, and will raise the bounty award for finding security vulnerabilities up to 75,000 by the end of 2017.

The initiative will also see the company introduce measures to ensure accountability, and new controls to improve the way sensitive data is processed, which will also be independently reviewed.

CEO Eugene Kaspersky said in a statement: "Internet balkanisation benefits no one except cybercriminals. Reduced cooperation among countries helps the bad guys in their operations, and public-private partnerships don't work like they should."

He called for the cyber security community to reestablish trust between companies, governments and citizens, and that any attempts to introduce national boundaries "is counterproductive and must be stopped".

"We want to show how we're completely open and transparent," he added. "We've nothing to hide. And I believe that with these actions we'll be able to overcome mistrust and support our commitment to protecting people in any country on our planet."

Advertisement
Advertisement - Article continues below

Kaspersky, one of the world's most recognisable antivirus companies, has faced mounting scrutiny over the past year as suspected ties to the Russian government have led to growing distrust of its brand in the US public sector.

In May US authorities said they were investigating Kaspersky, which is headquartered in Moscow, after the NSA had expressed concerns that Russia could exploit the software to spy on government activities.

Kaspersky's antivirus software, which was previously widely used by US legislature, has since been banned from use within government departments.

Most recently the company was forced to defend itself when Israeli hackers discovered Russian agents had been using the software to scan targets' computers for secret US government programs - Kaspersky denied any knowledge of the alleged incident.

Eugene Kaspersky, who has been called to testify before Congress on the matter, has always maintained that his company operates as an independent entity, and that allegations of state influence are unfounded.

So far there has been no concrete evidence to suggest that Kaspersky has been knowingly involved in assisting state agencies, and in fact in one case the company operated directly against the Russian government.

Kaspersky Lab believes its latest measures will help restore trust in the company.

Its Transparency Centres, which will open by 2020, will allow customers, including government clients, to access the results of the independent reviews and engage in discussions over concerns about product security.

The firm has yet to say who will be conducting the third-party review.

11/10/2017: Israel 'discovered Russian hackers spying via Kaspersky'

Advertisement
Advertisement - Article continues below

Kaspersky Lab has again denied involvement in Russian state-sponsored hacking, in response to new claims that Russian spies used the firm's antivirus software to search target PCs for classified information.

Israeli hackers who managed to infiltrate Kaspersky's software witnessed Russian hackers using it to scan for US government classified programs, before then reporting their findings to Russian intelligence, the New York Times reported yesterday.

The Israeli spies promptly informed the NSA, leading to last month's Homeland Security order that all government departments rip out any Kaspersky software they were using (see below).

The Russian-based firm, which just recently announced plans to open new offices in America, vehemently refuted allegations it was colluding with Russia as baseless at the time.

Responding to this latest revelation about the supposed evidence, a spokesperson said: "Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question.

"Kaspersky Lab has never helped, nor will help, for any government in the world with its cyberespionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical."

They added: "It is also important to note, Kaspersky Lab detects all kinds of threats, including nation-state sponsored malware, regardless of the origin or purpose. The company tracks more than 100 advanced persistent threat actors and operations, and for 20 years, Kaspersky Lab has been focused on protecting people and organizations from these cyber threats - its headquarters' location doesn't change that mission."

Kaspersky's antivirus proved a useful spying tool - as would any antivirus tool - due to its requirement to access every file stored on a computer in order to look for viruses or other bugs, the NYT reported.

"Antivirus is the ultimate backdoor," former NSA operator Blake Darch told the publication. "It provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users."

Israeli spies discovered the alleged Russian infiltration when they broke into Kaspersky's systems themselves, using a more sophisticated version of a previous attack known as Duqu.

Advertisement
Advertisement - Article continues below

Kaspersky only discovered this intrusion in 2015, when it revealed the hack publicly, dubbing it Duqu2, owing to its similarities to Duqu, spyware created to snoop on Iran's nuclear negotiations. Duqu had already been widely attributed to the same team behind Stuxnet, a separate hack developed by the US and Israel that curbed Iran's nuclear ambitions.

"With regards to unverified assertions that this situation relates to Duqu2, a sophisticated cyber attack of which Kaspersky Lab was not the only target, we are confident that we have identified and removed all of the infections that happened during that incident," said Kaspersky's spokesperson. "Furthermore, as the article itself notes, Kaspersky Lab publicly reported the attack, and the company offered its assistance to affected or interested organisations to help mitigate this threat."

The spokesperson also denied helping any government with cyber espionage, saying the company's software contains no backdoors, dubbing them "illegal and unethical".

This is despite the NYT's assertion that the Russian government started demanding security firms' source code in June 2017, allegedly to examine it for signs of hacking, but really to find holes to exploit itself.

Kaspersky Lab CEO Eugene Kaspersky has accepted an ivitation to testify to the nature of the company and its proiducts in front of Congress's US House of Representatives Committee on Science, Space, and Technology.

15/09/2017: Eugene Kaspersky to testify before US Congress

The co-founder and CEO of Kaspersky Lab, Eugene Kaspersky, has accepted an invitation to testify to US lawmakers over the security of his products.

Kaspersky told IT Pro: "I appreciate and accept the invitation to testify before the US House of Representatives Committee on Science, Space, and Technology, and if I can get an expedited visa, I look forward to publicly addressing the allegations about my company and its products."

The CEO posted the letter from the Committee on Twitter which states the hearing will take place on 27 September at 10am EST in Washington. The Committee wrote: 'The purpose of this hearing is to conduct oversight of the cybersecurity posture o[f] federal government, and examine the extent to which the federal government utilizes your company's products."

He published an opinion piece in Forbes on Thursday where he reiterated that Kaspersky does not have ties to any government. He outlined "...there's a lack of facts or proof to validate any potential concerns, given that we haven't done anything wrong".

Advertisement
Advertisement - Article continues below

Kaspersky also wrote: "I've repeatedly offered to meet with government officials, testify before the U.S. Congress, provide the company's source code for an official audit and discuss any other means to help address any questions the U.S. government has about Kaspersky Lab - whatever it takes, I will do it. And I look forward to working with any agency or government officials that are interested."

Yesterday the Trump administration issued a directive to government agencies to throw out Kaspersky Lab products. It said it was worried about ties between Kaspersky Lab and the Kremlin which could potentially have an effect on US national security.

The Department of Homeland Security has given federal agencies 30 days to identify Kaspersky products on their systems and 90 days to begin to remove them.

14/09/2017: Trump throws out Kaspersky Lab products from US government

The Trump administration has ordered government agencies to rip out Kaspersky Lab products from their networks.

It said it was worried about alleged ties between Kaspersky Lab and the Kremlin, without providing any evidence, claiming they could have an effect on US national security, as reported by Reuters.

The Department of Homeland Security (DHS) ordered federal agencies to identify Kaspersky products on their systems within 30 days and then begin to remove them within 90 days.

Along with its directive, the DHS issued a statement seen by Reuters. It said: "[We are] concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.

"The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security."

CEO of Kaspersky Lab Eugene Kaspersky responded on Twitter, saying: "Given that Kaspersky Lab doesn't have inappropriate ties with any government, the company is disappointed with the decision by the US Department of Homeland Security (DHS) and we will use this opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded."

Advertisement
Advertisement - Article continues below

Kaspersky highlighted that no evidence had been presented publicly by anyone and said the accusations are false, based on inaccurate assumptions.

A spokesperson for Kaspersky Lab told IT Pro: "Kaspersky Lab has never helped, nor will help, any government in the world with its cyber espionage or offensive cyber efforts, and it's disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues.

"The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit."

When Rob Joyce, the White House cybersecurity coordinator, was asked by Reuters if there was any evidence Kaspersky Lab had provided intelligence to the Russian government he replied: "As we evaluated the technology, we decided it was a risk we couldn't accept."

Democratic US senator Jeanne Shaheen, who has called for Kaspersky to be banned from government use, told Reuters: "The strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented." She said she expects Congress to reinforce the order by passing legislation.

Yesterday Kaspersky Lab underlined its commitment to North American customers and said it would continue to invest in key US states over the next year, despite increasing US hostility towards the business.

Russia has been implicated in hacking campaigns against the US in recent years including the breach of the Democratic National Committee.

Picture: Bigstock

13/09/2017: Kaspersky ignores US hostility while opening new offices

Kaspersky Lab has underlined its commitment to North American customers despite increasing US hostility towards its business, saying that it will continue to invest in key states over the next year.

Advertisement
Advertisement - Article continues below

Senator Jeanne Shaheen has led vocal efforts to ban the vendor's antivirus software from US government departments, claiming the Moscow-based company could be exploited by the Russian government.

But Kaspersky released a statement yesterday that said: "Given that US government sales have not been a significant part of the company's activity in North America, Kaspersky Lab is exploring opportunities to better optimise the Washington DC office responsible for threat intelligence offerings to US government entities."

"North America remains a strategic market for Kaspersky Lab," the statement continued, adding that "expanding the company's presence in the region will better enable Kaspersky Lab to provide its customers with the best cybersecurity solutions and services".

Russia has been implicated in some of the largest hacking campaigns against the US in recent years, including the breach of the Democratic National Committee during the presidential election.

However, there is no actual evidence of Kaspersky's involvement in Russian hacking, or anything to suggest it supports a Russian national agenda - in fact, Kaspersky has found itself on the receiving end of Russian investigations in the past. 

Yet the anti-Russian sentiment is beginning to spread to the consumer market, as leading US retailer Best Buy has now pulled all Kaspersky products from its shelves, giving no official reason.

Kaspersky has operated in North America since 2005, and currently employs around 300 people across the region. The company said it remains committed to the market, and plans to open three new offices in Chicago, Los Angeles and Toronto by the end of 2018.

11/07/2017: Kaspersky denies leaked emails to Russia's FSB are "inappropriate"

Kaspersky Labs has said emails suggesting it works with Russian security services were taken out of context.

The security firm has long faced questions about its ties to government, with American authorities advising against the use of its software by military contractors. Founder and CEO Eugene Kaspersky has frequently denied any undue influence or access by Russia.

Advertisement
Advertisement - Article continues below

Now, a Bloomberg report raises further questions. The publication reveals details of internal emails from 2009 that it says show the company works more closely with Russian security services, the FSB, than it has previously said.

The report says Kaspersky Labs has directly worked on joint projects that Eugene Kaspersky would be embarrassed to have made public.  That includes the creation of software to protect Russian government, including filters to fight back against DDoS attacks, as well as "active countermeasures", that may have included handing over the location of hackers to the FSB  and even accompanying them on raids. On the countermeasures, Eugene Kaspersky advises in the emails, "we keep quiet".

In a statement sent to IT Pro, the company said the leaked email details were taken out of context. "Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime," said a spokesperson for Kaspersky Lab.

The statement continues: "In the internal communications referenced within the recent article, the facts are once again either being misinterpreted or manipulated to fit the agenda of certain individuals desperately wanting there to be inappropriate ties between the company, its CEO and the Russian government, but no matter what communication they claim to have, the facts clearly remain there is no evidence because no such inappropriate ties exist."

03/07/2017: Kaspersky offers to allow the US to inspect his source code

The CEO of Kaspersky Labs has said the US government can inspect his company's source code in order to quell suspicions about its ties to the Kremlin.

In an interview with the Associated Press, Eugene Kaspersky said he is ready to move part of his research work to the US to help counter these rumours.

Kaspersky stated he was ready to testify before US lawmakers and disclose his company's source code if needs be. "Anything I can do to prove that we don't behave maliciously I will do it," he said. 

Kaspersky once worked for Russia's Ministry of Defence and speculators have said he may have kept his Soviet era connections while others claim it's unlikely his company could operate independently in Russia.

Despite there being no firm evidence of the accusations, last week a US defence committee proposed that Kaspersky Lab be banned from all future military contracts. The committee argued that the Department of Defence shouldn't use any Kaspersky software as it "might be vulnerable to Russian government influence".

Advertisement
Advertisement - Article continues below

Kaspersky confirmed reports that a dozen US Kaspersky employees had been visited in their homes by FBI agents last week. He did not know the focus of the FBI's questioning.

He said: "Unfortunately, now the links to the FBI are completely ruined." He also added: "It means that if some serious crime happens that needs Russian law enforcement to cooperate with FBI, unfortunately, it's not possible."

Kaspersky understands why his company may look strange, pointing out that in Russia it's very "unusual" for a Russian IT to be very successful around the world.

The CEO also hinted that unnamed governments had tried to push him towards hacking in the past. He highlighted he would never cooperate with another country's offensive cyber operations "We stay on the bright side, and never, never go to the dark side".

30/06/2017: Senators want to ban Kaspersky from US military contracts

A US defence committee has proposed that Kaspersky Lab is banned from all future military contracts, claiming the Russian security vendor is vulnerable to manipulation by its home country's government.

Vladmir Putin's administration criticised the recommendation and said that it will "not rule out retaliation" against the US.

The recent budget proposal by the US Senate Armed Services Committee, underneath the category "Countering Russian Aggression", argues that the Department of Defence should prohibit the use of any software platform developed by Russian-based Kaspersky Lab, due to reports that it "might be vulnerable to Russian government influence".

The budget would also authorise $500 million to be sent to Ukraine to help shore up their defences against cyber attacks, which is particularly timely given the recent Petya ransomware attack affecting the country.

Russia's communications minister Nikolai Nikiforov told the RIA news agency that Moscow would not rule out retaliatory measures if the proposals are accepted, according to a Reuters report.

Advertisement
Advertisement - Article continues below

Eugene Kaspersky, Kaspersky Lab's CEO, described the proposals as "meritless speculations" and that it isn't right for the US to sanction technology firms as "retaliation towards another country".

The US has previously voiced concerns of the use of Kaspersky software in its government's departments, with the NSA claiming it could be used to facilitate attacks on computer networks.

It was also widely reported ealier this week that US-based Kaspersky employees received an unannounced evening visit by FBI officials. Although there was no criminal investigation, the agents were gathering information on the company's operations and its data-sharing policy with Russia.

Kaspersky has always maintained that it has "no ties to any government, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts".

IT Pro has contacted Kaspersky for comment, also asking how many contracts Kaspersky currently has with the US military.

No justification is provided in the proposal for the ban on Kaspersky products. It could be that the government has uncovered genuine evidence of manipulation, however it could otherwise be due to a general distrust towards Russian-based software at a time when Russia's government is thought to be behind many hacking attacks, including a campaign to interfere with the US general election.

Ironically, Kaspersky has been investigated by the Russian government for practices that the government deemed treasonous, and has been instrumental in the uncovering of Russian-based hacking groups, like the Poseidon Group in 2016.

12/05/2017: Officials say Russia may use Kaspersky to spy on Americans

US officials have said they are investigating the use of Russia's Kaspersky Lab by government departments, after concerns were raised that the software could be used to facilitate attacks on computer networks.

National Security Agency director Mike Rogers briefed a Senate committee on Thursday stating that he was "personally involved" in the Kaspersky investigation, but failed to give any further details, according to Reuters.

Advertisement
Advertisement - Article continues below

Reports from earlier in the week suggested that the US agencies were becoming increasingly concerned that Moscow could exploit Kaspersky, which was founded in Russia in 1997, to spy on Americans or launch attacks against US networks.

Defense Intelligence Agency director Vincent Stewart, also said officials were "tracking Kaspersky and their software", and that "there is as far as I know no Kaspersky software on our networks".

Eugene Kaspersky, founder and current CEO of Kaspersky Lab responded to questions in a Reddit 'Ask Me Anything' session on Thursday, stating: "I respectfully disagree with their opinion, and I'm very sorry these gentlemen can't use the best software on the market because of political reasons."

In a statement released by Kaspersky Lab, the company said that it has "no ties to any government, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts."

"Just as a US-based cyber security company doesn't allow access or send any sensitive data from its products to the US government, Kaspersky Lab products also do not allow any access or provide any private data to any country's government."

The company also stated it is willing to assist any concerned government officials in their investigations, in the view that this would "confirm that these allegations are unfounded".

Ironically, Kaspersky Lab has been subject to investigations by its own government over practices that have been deemed treasonous. In January it emerged that a Kaspersky executive had been arrested over his links to the hacking group "Humpty Dumpty", which had been cooperating with Ukrainian security agencies during the annexation of Crimea.

Kaspersky has also been instrumental in the discovery and subsequent arrests of a number of Russian hacking groups, including the take down of Poseidon Group in 2016, and the uncovering of a malware campaign known as Red October in 2013, most likely written by Russian-speaking hackers.

In 2015, Kaspersky identified a new threat actor known as "The Equation Group", which was able to load specialised spying software onto the firmware of banks and government agencies in countries that were often targeted by US intelligence agencies. Kaspersky researchers believed this campaign was developed by the United States' own National Security Agency.

Main image: Bigstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019