Kaspersky loses Court of Appeals battle to reverse US government ban

The court maintains the threat of the Russian-based antimalware company is real

After a lengthy battle with the US government spanning over a year, Kaspersky Lab has lost its battle at the Washington DC Court of Appeals over the government's decision to ban its software from all federal government computers.

The court upheld the initial ruling made by a district court forbidding Kaspersky to bring a lawsuit against the US government following its "unconstitutional" claims which "relied on subjective, non-technical public sources such as uncorroborated and often anonymously sourced media reports, related claims and rumours", Kaspersky said in 2017.

The judges who upheld the district court's decision cited Congress's right to block the purchase of software provided by a specific vendor providing there is a genuine security risk associated with it.

"With or without Kaspersky's willing cooperation, explained the experts, the Russian government could use Kaspersky products as a backdoor into federal information systems," the court stated. "Then, having gained privileged and undetected access, Russia could make all manner of mischief."

Kaspersky's main argument centred around the punitive nature of the ban, claiming that the court's decision was less about protecting the government's safety, but punishing a firm with alleged ties with Russia's FSB.

Advertisement - Article continues below
Advertisement - Article continues below

"Since the company's inception over 21 years ago, it has always abided by the highest ethical business practices, and through our recently launched Global Transparency Initiative, Kaspersky Lab is exemplifying its ongoing commitment to assuring the integrity and trustworthiness of its products. Kaspersky Lab reaffirms that it has never, nor will ever, engage in cyber offensive activities, and the Court's decision does not conclude otherwise," the company said in a follow-up statement.

The order to ban Kaspersky from US government computers was originally made in 2017 by the Department of Homeland Security. All government departments and agencies were to develop plans to discontinue present and future use of Kaspersky's software from their computers within 90 days of the directive being issued.

"This action is based on the information security risks presented by the use of Kaspersky products on federal information systems," said the DHS in a statement. "Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."

The ban wasn't just an explosive response to Russia's influence on the 2016 presidential election, back in 2014 the anti-malware software company was accused of providing a backdoor into federal departments' systems after a top-secret exploit code was stolen in an NSA leak.

Advertisement - Article continues below

The software is also used by Russia's FSB and allegations were immediately pointed at them but Kaspersky refuted these claims, citing pirated Microsoft Office software installed by an employee as the cause.

The keygen used to create a counterfeit Office key was, in fact, a trojan which dropped a backdoor in the system; Kaspersky was turned off in order to illegally install the software thus allowing the FSB to access the system via the backdoor.

Most recently, the EU published a cyber security report in June 2018, calling for a comprehensive review of all IT software and equipment used by all member states in an attempt to stop "an unprecedented threat" of "politically motivated, state-sponsored cyber attacks". It labelled Kaspersky as software that had "been confirmed as malicious".

Earlier on in the year, Kaspersky attempted to make amends and rebuild a strong reputation for themselves, increasing the reward for its bug bounty program to $100,000 per critical vulnerability found in its own systems. Despite this peace offering, the EU remained unconvinced and labelled the Moscow-based company's software as 'malicious' anyway later in the year.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
endpoint security

Kaspersky Endpoint Security for Business Advanced review

1 May 2019

Kaspersky Internet Security 2019 review: Unbeatable value

12 Feb 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020