In light of the latest ransomware attack, it might be good to revisit this report from May 2017.
Many cybersecurity experts are saying that Kaspersky software may be responsible for assisting the worm’s spread.
One expert Tweeted today:
Still use KAPERSKY software? Get it the hell off your network
I’ve been questioning experts about Kaspersky for decades. Seldom do I get straight answers, but occasionally I will get an answer, such as, ‘just assume they’re spying on us, they’re Russian.’
Nothing Russia says, does, writes, or promises is trusted. The same goes for many Russian corporations.
Even with the Senate Intelligence Committee focused this week on its investigation of Russia’s alleged meddling in last year’s presidential election, the committee met behind closed doors today for a classified briefing from senior FBI and Homeland Security officials over another alleged threat emanating from Moscow: a major software company whose products are used widely across the United States.
The visit from FBI and Homeland Security officials has long been planned. But congressional sources told ABC News that in recent days the agenda expanded to specifically include an update on U.S. intelligence about Kaspersky Lab, a Moscow-based firm that has become one of the world’s largest and most respected cybersecurity firms.
Current and former U.S. officials worry that state-sponsored hackers could try to exploit Kaspersky Lab’s anti-virus software to steal and manipulate users’ files, read private emails or attack critical infrastructure in the U.S. And they point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies.
“We are very much concerned about this, very much concerned about the security of our country,” Sen. Joe Manchin, D-West Virginia, said about Kaspersky Lab at a recent Senate hearing.
The company has repeatedly insisted it poses no threat to U.S. customers and would never allow itself to be used as a tool of the Russian government.
- Officials fear Russia could try to target US through popular software firm under FBI scrutiny
- For 1st time, US intelligence officials publicly express concern over Russian cyber firm
But in a secret memorandum sent last month to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions, the Senate Intelligence Committee raised possible red flags about Kaspersky Lab and urged the intelligence community to address potential risks posed by the company’s powerful market position.
“This [is an] important national security issue,” declared the bipartisan memorandum, described to ABC News by congressional sources.
In February, the Department of Homeland Security issued a secret report on the matter to other government agencies. And the FBI is in the midst of a counterintelligence investigation looking into the nature of Kaspersky Lab’s relationship to the Russian government, sources with knowledge of the probe told ABC News.
Among the high-level officials briefing senators today was FBI Assistant Director Gregory Brower, the head of the FBI’s Office of Congressional Affairs.
During a televised Senate Intelligence Committee hearing two weeks ago, senior members of the U.S. intelligence community for the first time publicly expressed concern that Kaspersky Lab could pose a threat to the U.S. homeland.
At the hearing, the acting head of the FBI, Andrew McCabe, told the Senate Intelligence Committee that his agency is “very concerned about it … and we are focused on it closely.”
Robert Cardillo, the director of National Geospatial-Intelligence Agency, said he is “aware of the Kaspersky lab challenge and/or threat.” CIA Director Mike Pompeo said the matter “has risen to the director of the CIA as well.” And the head of the National Security Agency, Adm. Mike Rogers, said he is “personally aware and involved” in “national security issues” associated with Kaspersky Lab.
Until those remarks at the Senate Intelligence Committee hearing, such concerns have been communicated only behind closed doors and in private memos, as ABC News first disclosed in a report two days before the Senate hearing.
“I think we do ourselves a disservice by not speaking about this openly,” Michael Carpenter, who until January served as the Defense Department’s deputy assistant secretary for Russia, Ukraine and Eurasia, told ABC News.
Products from Kaspersky Lab are widely used in homes and businesses throughout the U.S.
But ABC News found that — largely through outside vendors — Kaspersky Lab software has also been procured by such federal agencies as the U.S. Bureau of Prisons, the Consumer Product Safety Commission and even some segments of the Defense Department.
When Sen. Marco Rubio, R-Florida, asked the panelists at the Senate hearing two weeks ago whether they’d be willing to use Kaspersky Lab software on their devices, Director of National Intelligence Coats said: “A resounding no from me.”
All five of the other U.S. intelligence officials unanimously agreed.
Manchin urged each of the U.S. officials testifying to verify that Kaspersky Lab software is not on their agencies’ systems.
In a statement issued after the first ABC News report, Kaspersky Lab insisted: “As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.
“The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations,” the statement continued.
“Kaspersky Lab is available to assist all concerned government organizations with any ongoing investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded,” the statement added.
In fact, the FBI and other agencies in the U.S. intelligence community have yet to publicly present any evidence connecting company executives with Russian security services. And sources who spoke with ABC News did not offer any evidence suggesting Kaspersky Lab has helped breach a U.S. system or taken hostile action on behalf of the Russian government.
“For 20 years, Kaspersky Lab has been focused on protecting people and organizations from cyberthreats, and its headquarters’ location doesn’t change that mission,” Kaspersky Lab said in its statement. “[J]ust as a U.S.-based cybersecurity company doesn’t allow access or send any sensitive data from its products to the U.S. government, Kaspersky Lab products also do not allow any access or provide any private data to any country’s government.”
In an interview with ABC News, Eugene Kaspersky said, “My response if I’m asked to spy on anyone coming from any state, any government -— not only Russian —- will be definite ‘no.'”