Kaspersky loses Court of Appeals battle to reverse US government ban

The court maintains the threat of the Russian-based antimalware company is real

After a lengthy battle with the US government spanning over a year, Kaspersky Lab has lost its battle at the Washington DC Court of Appeals over the government's decision to ban its software from all federal government computers.

The court upheld the initial ruling made by a district court forbidding Kaspersky to bring a lawsuit against the US government following its "unconstitutional" claims which "relied on subjective, non-technical public sources such as uncorroborated and often anonymously sourced media reports, related claims and rumours", Kaspersky said in 2017.

The judges who upheld the district court's decision cited Congress's right to block the purchase of software provided by a specific vendor providing there is a genuine security risk associated with it.

"With or without Kaspersky's willing cooperation, explained the experts, the Russian government could use Kaspersky products as a backdoor into federal information systems," the court stated. "Then, having gained privileged and undetected access, Russia could make all manner of mischief."

Kaspersky's main argument centred around the punitive nature of the ban, claiming that the court's decision was less about protecting the government's safety, but punishing a firm with alleged ties with Russia's FSB.

"Since the company's inception over 21 years ago, it has always abided by the highest ethical business practices, and through our recently launched Global Transparency Initiative, Kaspersky Lab is exemplifying its ongoing commitment to assuring the integrity and trustworthiness of its products. Kaspersky Lab reaffirms that it has never, nor will ever, engage in cyber offensive activities, and the Court's decision does not conclude otherwise," the company said in a follow-up statement.

The order to ban Kaspersky from US government computers was originally made in 2017 by the Department of Homeland Security. All government departments and agencies were to develop plans to discontinue present and future use of Kaspersky's software from their computers within 90 days of the directive being issued.

"This action is based on the information security risks presented by the use of Kaspersky products on federal information systems," said the DHS in a statement. "Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."

The ban wasn't just an explosive response to Russia's influence on the 2016 presidential election, back in 2014 the anti-malware software company was accused of providing a backdoor into federal departments' systems after a top-secret exploit code was stolen in an NSA leak.

The software is also used by Russia's FSB and allegations were immediately pointed at them but Kaspersky refuted these claims, citing pirated Microsoft Office software installed by an employee as the cause.

The keygen used to create a counterfeit Office key was, in fact, a trojan which dropped a backdoor in the system; Kaspersky was turned off in order to illegally install the software thus allowing the FSB to access the system via the backdoor.

Most recently, the EU published a cyber security report in June 2018, calling for a comprehensive review of all IT software and equipment used by all member states in an attempt to stop "an unprecedented threat" of "politically motivated, state-sponsored cyber attacks". It labelled Kaspersky as software that had "been confirmed as malicious".

Earlier on in the year, Kaspersky attempted to make amends and rebuild a strong reputation for themselves, increasing the reward for its bug bounty program to $100,000 per critical vulnerability found in its own systems. Despite this peace offering, the EU remained unconvinced and labelled the Moscow-based company's software as 'malicious' anyway later in the year.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020

Most Popular

Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020