Embattled Moscow-based cyber security firm, Kaspersky Lab, is appealing
against a U.S. Government’s ban on its software on the grounds that it is unconstitutional, and that there is no technical evidence.
Back in September, The U.S. Department of Homeland Security (DHS) issued a Directive ordering civilian government agencies to remove Kaspersky software from their networks within 90 days. Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions (anti-virus software).
Concerns Over Many Years
The U.S. Directive (ban) came after concerns about possible Russian state interference in the U.S. elections, but Kaspersky have long been the subject of suspicion and concerns by western governments.
In July this year, for example, security researchers claimed to have found a way to force the anti-virus product to assist snoops in stealing data from segmented networks (not connected to the wider internet).
Back in 2015, it was also reported that the US National Security Agency and GCHQ had sought to carry out reverse engineering of Kaspersky anti-virus as far back as 2008 to discover any vulnerabilities.
Long-running fears about Kaspersky have also been fuelled by leaks from the NSA through Edward Snowdon (2013), Hal Martin (2016), and by allegations (printed in the Wall Street Journal) that a Vietnamese NSA contractor was hacked on his home computer by Russian spies via Kaspersky.
Earlier this month Barclays bank in the UK emailed its 290,000 online banking customers to say that it will no longer be offering Kaspersky Russian anti-virus because of information and news stories about possible security risks.
A federal appeal has now been filed by Kaspersky Lab appeal under the Administrative Procedure Act against the U.S. Directive to remove Kaspersky software from civilian government agency networks. According to Kaspersky, the DHS has acted unconstitutionally and has violated Kaspersky Lab’s right to due process by issuing Binding Operational Directive 17-01.
Kaspersky Lab argues that the issuing of the Directive was based on no technical evidence, and the company has repeatedly denied any ties to any government and has said that it would not help a government with cyber espionage.
Kaspersky Lab has publicly stated that the Directive and the wide-scale media coverage and public / business reaction to it have damaged the company’s position in the market. Sales are reported to be down, Kaspersky has announced the closing of its D.C. headquarters as a direct result of the U.S. government’s public suspicion toward its business, and the company’s founder, Eugene Kaspersky, has said that the company has also suffered damage to its reputation.
As well as strenuously denying the allegations and launching an appeal, Kaspersky Lab said in October that it would submit the source code of its software and future updates for inspection by independent parties. U.S. officials.
What Does This Mean For Your Business?
For businesses using Kaspersky in the UK, it is worth remembering that although Barclays Bank have stopped using the software, and a U.S. Directive remains in place, no actual evidence of wrongdoing related to espionage / spying, or of the company colluding with the Russian state has been publicly provided.
Businesses will need to take an individual view of any possible risks, taking into account the context of a certain amount of paranoia and the recent focus in the media about Russia following allegations of interference in the US elections.
On a technical and security note, it may not be a good idea anyway to remove Kaspersky anti-virus from a computer without immediately putting a suitable alternative in place. Anti-virus forms an important part of a company / organisation’s basic cyber defences and this, and other software should be kept up to date with patches and updates to enable evolving threats to be combated as part of a wider strategy.