Kaspersky Lab's tussle with the US government could have ramifications for its dealings with the private sector. A new report claims the FBI has been meeting with companies to warn them of the threat posed by the cybersecurity firm. The briefings are the latest chapter in an ongoing saga concerning the use of Kaspersky's products by government agencies. Officials claim the company is a Russian stooge that can't be trusted with protecting America's critical infrastructure. The company denies these claims -- its CEO Eugene Kaspersky has even offered up its source code in a bid to clear his firm's name.
It appears that olive branch went unnoticed. Throughout the year, the FBI has been meeting with US firms to convince them to remove Kaspersky Lab's tools from their systems, according to officials that spoke to CyberScoop. In view of the cyberattacks that crippled Ukraine's power grid in 2016, the FBI has reportedly focussed its briefings on companies in the energy sector. Although, it has also supposedly met with major tech firms too.
The law enforcement agency has apparently been sharing its threat assessment with the companies, including Kaspersky Lab's alleged deep ties with Russian intelligence. However, the meetings have reportedly yielded mixed results. Whereas firms in the energy sector have been quick to cooperate, tech giants have resisted taking swift action, claims CyberScoop.
Source: EnGadget
Related Stories
Exclusive: U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources
U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said.
[...] Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.
The U.S. government has also blocked a string of Chinese acquisitions over national security concerns, including Ant Financial's proposed purchase of U.S. money transfer company MoneyGram International Inc.
The lawmakers are also advising U.S. firms that if they have ties to Huawei or China Mobile, it could hamper their ability to do business with the U.S. government, one aide said, requesting anonymity because they were not authorized to speak publicly.
Related: NSA Spied on Chinese Government and Huawei
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products
US officials: Kaspersky "Slingshot" report burned anti-terror operation
A malware campaign discovered by researchers for Kaspersky Lab this month was in fact a US military operation, according to a report by CyberScoop's Chris Bing and Patrick Howell O'Neill. Unnamed US intelligence officials told CyberScoop that Kaspersky's report had exposed a long-running Joint Special Operations Command (JSOC) operation targeting the Islamic State and Al Qaeda.
The malware used in the campaign, according to the officials, was used to target computers in Internet cafés where it was believed individuals associated with the Islamic State and Al Qaeda would communicate with their organizations' leadership. Kaspersky's report showed Slingshot had targeted computers in countries where ISIS, Al Qaeda, and other radical Islamic terrorist groups have a presence or recruit: Afghanistan, Yemen, Iraq, Jordan, Turkey, Libya, Sudan, Somalia, Kenya, Tanzania, and the Democratic Republic of Congo.
The publication of the report, the officials contended, likely caused JSOC to abandon the operation and may have put the lives of soldiers fighting ISIS and Al Qaeda in danger. One former intelligence official told CyberScoop that it was standard operating procedure "to kill it all with fire once you get caught... It happens sometimes and we're accustomed to dealing with it. But it still sucks. I can tell you this didn't help anyone."
This is good malware. You can't expose the good malware!
Related: Kaspersky Claims to have Found NSA's Advanced Malware Trojan
Ties Alleged Between Kaspersky Lab and Russian Intelligence Agencies
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products
Kaspersky Lab and Lax Contractor Blamed for Russian Acquisition of NSA Tools
The Washington Post is reporting U.S. moves to ban Kaspersky software in federal agencies amid concerns of Russian espionage:
Acting Homeland Security secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal civilian government networks, giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.
[...] "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."
[...] The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, the GSA suggested a vulnerability exists in Kaspersky that could give the Kremlin backdoor access to the systems the company protects.
Someone that is in a position to know all about it tells me that Kaspersky doesn't detect malware created by the Russian Business Network. My fear is that if I named that someone, the RBN will give that someone a bad hair day.
[Ed. addition follows]
The full text of the DHS notice is available at https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01.
Previously:
FBI Reportedly Advising Companies to Ditch Kaspersky Apps.
According to unverifiable sources, an NSA contractor stored classified data and hacking tools on his home computer, which were made available to Russian hackers through the contractor's use of Kaspersky Lab anti-virus software:
Russian government-backed hackers stole highly classified U.S. cyber secrets in 2015 from the National Security Agency after a contractor put information on his home computer, two newspapers reported on Thursday.
As reported first by The Wall Street Journal, citing unidentified sources, the theft included information on penetrating foreign computer networks and protecting against cyber attacks and is likely to be viewed as one of the most significant security breaches to date.
In a later story, The Washington Post said the employee had worked at the NSA's Tailored Access Operations unit for elite hackers before he was fired in 2015.
[...] Citing unidentified sources, both the Journal and the Post also reported that the contractor used antivirus software from Moscow-based Kaspersky Lab, the company whose products were banned from U.S. government networks last month because of suspicions they help the Kremlin conduct espionage.
(Score: 5, Insightful) by Runaway1956 on Monday August 21 2017, @11:16PM (1 child)
What the FBI is saying is, security companies located outside the US aren't subject to the same pressures and coercion that security companies inside the US are. In this case, BUY AMERICAN!! Makes sense to me!!
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 3, Funny) by Osamabobama on Monday August 21 2017, @11:24PM
Normally, the marketing plan is rolled out ahead of the product. In this case, though, it seems that NSA got it backward, releasing their service years before the marketing was ready. I blame it on interagency synchronization difficulties.
Appended to the end of comments you post. Max: 120 chars.
(Score: 0) by Anonymous Coward on Tuesday August 22 2017, @12:21AM
can't touch this
gonna keep usin it my brother. gonna keep usin it.
(Score: 5, Insightful) by Snotnose on Tuesday August 22 2017, @12:23AM (1 child)
I interpret this as "we refuse to install the backdoors the FBI requires', so the fibbies say "don't use Kaspersky.
It's sad when you trust a foreign company (Russian for bonus points) more than your own TLA.
Of course I'm against DEI. Donald, Eric, and Ivanka.
(Score: 1, Interesting) by Anonymous Coward on Tuesday August 22 2017, @06:46AM
Exactly what I was thinking.
The fact is Kaspersky was willing to offer up their source code for evaluation, and the apparent grievance from our intelligence agencies is they, a Russian digital security company, offered digital security solutions for the Russian government. That's about as grievous an allegation as Starbucks offering a 'coffee solution' for the CIA, which by the way is not a joke. [independent.co.uk] And Kaspersky is currently outperforming [av-test.org] literally every single other antivirus in every department, including the avoidance of false positives. There's a reason people that are tech oriented aren't racing to follow the FBI's... advice.
(Score: 0) by Anonymous Coward on Tuesday August 22 2017, @12:39AM
So, when will we have a don't use Windows, Facebook, etc... (PRISM companies) by everyone else?
(Score: 2) by krishnoid on Tuesday August 22 2017, @12:47AM
Company. Right.
(Score: 4, Insightful) by SanityCheck on Tuesday August 22 2017, @01:06AM (2 children)
"It's obvious Russian government has a back-door in these products. Because if they were American products, we would have back-doors in them!"
(Score: 2) by etherscythe on Tuesday August 22 2017, @03:49PM (1 child)
The point, I suspect, is actually to apply economic pressure without an official sanction. "Don't buy Russian - you're supporting the enemy." Appeal to nationalist/bogeyman logic.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by SanityCheck on Tuesday August 22 2017, @11:19PM
I think I rather let the Russians search through my dirty laundry than the FBI. Besides, I rather enjoyed the job they did with the election.
(Score: 0) by Anonymous Coward on Tuesday August 22 2017, @01:11AM (1 child)
If malware comes from the Russian "Business" Network then Kaspersky won't detect it.
I got this from someone in a position to know all the details. That's why I'm posting anonymously.
(Score: 0) by Anonymous Coward on Tuesday August 22 2017, @01:26AM
so cycle between antimalware programs from as many countries as possible. in this way you could possibly stumble upon state sponsored malware from different countries.
some of the "false positives" aren't!
(Score: 2) by Azuma Hazuki on Tuesday August 22 2017, @03:38AM (2 children)
Time to switch to Linux or BSD or OpenSolaris/Indiana/Whateveritisnow. Are they flawless? No, of course not, I'm sure there are backdoors in there too. But there is something to be said for minimizing your attack surface. If you must use Windows for something--for me it's a MIDI sequence--run it virtualized. And yes, I know there are theoretical hypervisor escapes.
I am "that girl" your mother warned you about...
(Score: 4, Insightful) by https on Tuesday August 22 2017, @03:48AM (1 child)
The time to switch was more than a decade ago.
Offended and laughing about it.
(Score: 3, Interesting) by Gaaark on Tuesday August 22 2017, @12:49PM
Yup!
"Officials claim the company is a Russian stooge that can't be trusted with protecting America's critical infrastructure”
I read it as "Officials claim Microsoft is an American stooge that can't be trusted with protecting America's (or anyone's) critical infrastructure"
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 2) by Rivenaleem on Tuesday August 22 2017, @04:39PM (1 child)
If you found an exploit like this, would you report it? I've seen enough articles of people who report flaws being charged with hacking to put me off reporting something like this if I came across it.
(Score: 2) by chromas on Tuesday August 22 2017, @10:37PM
Do it anonymously. Behind seven proxies. And go through Tor twice.