Kaspersky loses Court of Appeals battle to reverse US government ban

The court maintains the threat of the Russian-based antimalware company is real

After a lengthy battle with the US government spanning over a year, Kaspersky Lab has lost its battle at the Washington DC Court of Appeals over the government's decision to ban its software from all federal government computers.

The court upheld the initial ruling made by a district court forbidding Kaspersky to bring a lawsuit against the US government following its "unconstitutional" claims which "relied on subjective, non-technical public sources such as uncorroborated and often anonymously sourced media reports, related claims and rumours", Kaspersky said in 2017.

Advertisement - Article continues below

The judges who upheld the district court's decision cited Congress's right to block the purchase of software provided by a specific vendor providing there is a genuine security risk associated with it.

"With or without Kaspersky's willing cooperation, explained the experts, the Russian government could use Kaspersky products as a backdoor into federal information systems," the court stated. "Then, having gained privileged and undetected access, Russia could make all manner of mischief."

Kaspersky's main argument centred around the punitive nature of the ban, claiming that the court's decision was less about protecting the government's safety, but punishing a firm with alleged ties with Russia's FSB.

"Since the company's inception over 21 years ago, it has always abided by the highest ethical business practices, and through our recently launched Global Transparency Initiative, Kaspersky Lab is exemplifying its ongoing commitment to assuring the integrity and trustworthiness of its products. Kaspersky Lab reaffirms that it has never, nor will ever, engage in cyber offensive activities, and the Court's decision does not conclude otherwise," the company said in a follow-up statement.

Advertisement - Article continues below
Advertisement - Article continues below

The order to ban Kaspersky from US government computers was originally made in 2017 by the Department of Homeland Security. All government departments and agencies were to develop plans to discontinue present and future use of Kaspersky's software from their computers within 90 days of the directive being issued.

"This action is based on the information security risks presented by the use of Kaspersky products on federal information systems," said the DHS in a statement. "Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."

Advertisement - Article continues below

The ban wasn't just an explosive response to Russia's influence on the 2016 presidential election, back in 2014 the anti-malware software company was accused of providing a backdoor into federal departments' systems after a top-secret exploit code was stolen in an NSA leak.

The software is also used by Russia's FSB and allegations were immediately pointed at them but Kaspersky refuted these claims, citing pirated Microsoft Office software installed by an employee as the cause.

The keygen used to create a counterfeit Office key was, in fact, a trojan which dropped a backdoor in the system; Kaspersky was turned off in order to illegally install the software thus allowing the FSB to access the system via the backdoor.

Most recently, the EU published a cyber security report in June 2018, calling for a comprehensive review of all IT software and equipment used by all member states in an attempt to stop "an unprecedented threat" of "politically motivated, state-sponsored cyber attacks". It labelled Kaspersky as software that had "been confirmed as malicious".

Advertisement - Article continues below

Earlier on in the year, Kaspersky attempted to make amends and rebuild a strong reputation for themselves, increasing the reward for its bug bounty program to $100,000 per critical vulnerability found in its own systems. Despite this peace offering, the EU remained unconvinced and labelled the Moscow-based company's software as 'malicious' anyway later in the year.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020