Kaspersky loses Court of Appeals battle to reverse US government ban

The court maintains the threat of the Russian-based antimalware company is real

After a lengthy battle with the US government spanning over a year, Kaspersky Lab has lost its battle at the Washington DC Court of Appeals over the government's decision to ban its software from all federal government computers.

The court upheld the initial ruling made by a district court forbidding Kaspersky to bring a lawsuit against the US government following its "unconstitutional" claims which "relied on subjective, non-technical public sources such as uncorroborated and often anonymously sourced media reports, related claims and rumours", Kaspersky said in 2017.

The judges who upheld the district court's decision cited Congress's right to block the purchase of software provided by a specific vendor providing there is a genuine security risk associated with it.

"With or without Kaspersky's willing cooperation, explained the experts, the Russian government could use Kaspersky products as a backdoor into federal information systems," the court stated. "Then, having gained privileged and undetected access, Russia could make all manner of mischief."

Kaspersky's main argument centred around the punitive nature of the ban, claiming that the court's decision was less about protecting the government's safety, but punishing a firm with alleged ties with Russia's FSB.

"Since the company's inception over 21 years ago, it has always abided by the highest ethical business practices, and through our recently launched Global Transparency Initiative, Kaspersky Lab is exemplifying its ongoing commitment to assuring the integrity and trustworthiness of its products. Kaspersky Lab reaffirms that it has never, nor will ever, engage in cyber offensive activities, and the Court's decision does not conclude otherwise," the company said in a follow-up statement.

The order to ban Kaspersky from US government computers was originally made in 2017 by the Department of Homeland Security. All government departments and agencies were to develop plans to discontinue present and future use of Kaspersky's software from their computers within 90 days of the directive being issued.

"This action is based on the information security risks presented by the use of Kaspersky products on federal information systems," said the DHS in a statement. "Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."

The ban wasn't just an explosive response to Russia's influence on the 2016 presidential election, back in 2014 the anti-malware software company was accused of providing a backdoor into federal departments' systems after a top-secret exploit code was stolen in an NSA leak.

The software is also used by Russia's FSB and allegations were immediately pointed at them but Kaspersky refuted these claims, citing pirated Microsoft Office software installed by an employee as the cause.

The keygen used to create a counterfeit Office key was, in fact, a trojan which dropped a backdoor in the system; Kaspersky was turned off in order to illegally install the software thus allowing the FSB to access the system via the backdoor.

Most recently, the EU published a cyber security report in June 2018, calling for a comprehensive review of all IT software and equipment used by all member states in an attempt to stop "an unprecedented threat" of "politically motivated, state-sponsored cyber attacks". It labelled Kaspersky as software that had "been confirmed as malicious".

Earlier on in the year, Kaspersky attempted to make amends and rebuild a strong reputation for themselves, increasing the reward for its bug bounty program to $100,000 per critical vulnerability found in its own systems. Despite this peace offering, the EU remained unconvinced and labelled the Moscow-based company's software as 'malicious' anyway later in the year.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Kaspersky Internet Security review: Powerful, highly configurable protection
antivirus

Kaspersky Internet Security review: Powerful, highly configurable protection

19 Oct 2021
Kaspersky Internet Security review: Perfect for power users
antivirus

Kaspersky Internet Security review: Perfect for power users

27 Aug 2021
Kaspersky Endpoint Security Cloud review: Merciless against malware
endpoint security

Kaspersky Endpoint Security Cloud review: Merciless against malware

4 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021