US government orders purge of Kaspersky Lab products

The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.

The decision represents a sharp response to what U.S. intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome.

In a statement, Kaspersky Lab rejected the allegations, as it has done repeatedly in recent months, and said its critics were misinterpreting Russian data-sharing laws that only applied to communications services.

‘No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions,’ the company said.

The Department of Homeland Security (DHS) issued a directive to federal agencies ordering them to identify Kaspersky products on their information systems within 30 days and begin to discontinue their use within 90 days.

The Department of Homeland Security issued a directive to federal agencies ordering them to identify Kaspersky products on their information systems and begin to discontinue their use. Former Homeland Security Secretary John Kelly is seen above on April 18

The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks. The above image is a stock photo of Kaspersky Lab headquarters in Moscow

The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks. The above image is a stock photo of Kaspersky Lab headquarters in Moscow

The order applies only to civilian government agencies and not the Pentagon, but U.S. intelligence leaders said earlier this year that Kaspersky was already generally not allowed on military networks.

In a statement accompanying its directive, DHS said it was ‘concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.’

It continued: ‘The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.’

The department said it would provide Kaspersky with the opportunity to submit a written response to address the allegations. The agency said other entities claiming commercial interests affected by the directive could also submit information

Eugene Kaspersky (seen above in this July 2017 file photo), the company's co-founder and chief executive, attended a KGB school, and the company has acknowledged doing work for the Russian intelligence agency known as the FSB

Eugene Kaspersky (seen above in this July 2017 file photo), the company’s co-founder and chief executive, attended a KGB school, and the company has acknowledged doing work for the Russian intelligence agency known as the FSB

Kaspersky Lab has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage.

However, the company has not been able to shake off the allegations. 

Last week, Best Buy Co, the No.1 U.S. electronics retailer, said it was pulling Kaspersky Lab´s cyber security products from its shelves and website.

Rob Joyce, the White House cyber security coordinator, said Wednesday at the Billington CyberSecurity Summit that the Trump administration made a ‘risk-based decision’ to order Kaspersky Lab’s products removed from federal agencies.

Asked by Reuters whether there was a smoking gun showing Kaspersky Lab had provided intelligence to the Russian government, Joyce replied: ‘As we evaluated the technology, we decided it was a risk we couldn´t accept.’

Some cyber security experts have warned that blacklisting Kaspersky Lab could prompt a retaliation from Russian President Vladimir Putin. 

Joyce said those concerns were a factor but that a ‘tough decision’ ultimately had to be made to protect government systems.

The direct financial impact of the decision will likely be minimal for Kaspersky Lab, one of the world’s leading anti-virus software companies, which was founded in 1997 and now counts over 400 million global customers.

Federal contracting databases reviewed by Reuters show only a few hundred thousand dollars in purchases from Kaspersky, and an employee told Reuters in July the company´s federal government revenue was ‘miniscule.’

But Kaspersky also sells to federal contractors and third-party software companies that incorporate its technology in their products, so its technology may be more widely used in government than it appears from the contracting databases, U.S. officials say.

Kaspersky has adamantly denied charges his company conducts espionage on behalf of the Russian government. The Kremlin is seen in the above undated stock image

Kaspersky has adamantly denied charges his company conducts espionage on behalf of the Russian government. The Kremlin is seen in the above undated stock image

The decision by the Trump administration came as the U.S. Senate was planning to vote as soon as this week on a defense policy spending bill that includes language that would ban Kaspersky Lab products from being used by U.S. government agencies.

Democratic U.S. Senator Jeanne Shaheen, who had led efforts in Congress to crack down on Kaspersky Lab, applauded the Trump administration’s announcement.

‘The strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented,’ Shaheen said, adding that she expected Congress to act soon to reinforce the decision by passing legislation.

Also on Wednesday, Democratic Senator Amy Klobuchar wrote to DHS asking whether the agency used Kaspersky products in relation to any critical infrastructure, such as election equipment, banks or energy suppliers, and if it knew whether any voting systems used the company’s software.

Eugene Kaspersky, the company’s co-founder and chief executive, attended a KGB school, and the company has acknowledged doing work for the Russian intelligence agency known as the FSB. 

But he has adamantly denied charges his company conducts espionage on behalf of the Russian government.

KASPERSKY LAB RESPONSE TO HOMELAND SECURITY DIRECTIVE

‘Given that Kaspersky Lab doesn’t have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS), but also is grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded. 

‘No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company. 

‘Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.

‘In addition, more than 85 percent of its revenue comes from outside of Russia, which further demonstrates that working inappropriately with any government would be detrimental to the company’s bottom line. 

‘These ongoing accusations also ignore the fact that Kaspersky Lab has a 20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy technology development.

‘Regarding the Russian polices and laws being misinterpreted, the laws and tools in question are applicable to telecom companies and Internet Service Providers (ISPs), and contrary to the inaccurate reports, Kaspersky Lab is not subject to these laws or other government tools, including Russia’s System of Operative-Investigative Measures (SORM), since the company doesn’t provide communication services. 

‘Also, it’s important to note that the information received by the company, as well as traffic, is protected in accordance with legal requirements and stringent industry standards, including encryption, digital certificates and more.

‘Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues. 

‘The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.’ 

Read more at DailyMail.co.uk