According to a CyberScoop report, the FBI has been quietly meeting with companies to warn them of the threat posed by Russian security firm Kaspersky:
The briefings are one part of an escalating conflict between the U.S. government and Kaspersky amid long-running suspicions among U.S. intelligence officials that Russian spy agencies use the company as an intelligence-gathering tool of global proportions.
The FBI's goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say.
The FBI's counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.
The continuing rumblings from US intelligence agencies about whether Kaspersky products can be trusted, implying possible collusion with the Russian government, is more than a headache for the security firm. It's a direct challenge to Kaspersky's attempt to grow its American marketshare.
Kaspersky has said the allegations are baseless, and founder Eugene Kaspersky has offered to let the US government examine his product's source code.
The problem for Kaspersky is that rumours can cause damage, even if nobody ever comes up with any actual evidence of wrongdoing. Some of the rumours have verged on the absurd, attempting to link Eugene Kaspersky's sauna visits to secret meetings with FSB agents.
There will always be some people whose belief that Kaspersky's Russian connection might be a problem, even if it's a tiny chance, could be enough for them to choose a competitor instead.
And you can bet your bottom dollar that some of Kaspersky's competitors will be (either subtly or brazenly) bringing the scuttlebutt surrounding Kaspersky
to customers' attention, in the hope of winning business.
The FBI's emphasis on briefing energy and businesses that use industrial control systems isn't much of a surprise. Past attacks on Ukraine's power grid (widely believed to have originated in Russia) may have made some energy companies more receptive to the FBI's anti-Kaspersky warning, even without the discovery of a "smoking gun".
At the other end of the spectrum, I'm finding an increasing number of emails in my inbox from home users who have heard that Kaspersky are "bad guys because they're Russian" and asking me for advice as to what software they should use to protect their PCs.
I admit that I feel highly uncomfortable with Kaspersky being targeted in this way. Security companies around the world work with law enforcement agencies in the fight against online criminals, but that's a very different thing from spying on your own customers at the behest of your government.
Furthermore, it would be commercial suicide for Kaspersky if any evidence was ever found that one of its customers was being secretly spied upon by its anti-virus software.
The whole thing feels like an anti-Kaspersky witch-hunt to me, fed by competitors who are either actively exploiting the awkward pickle Kaspersky finds itself in or allowing it to continue by choosing not to speak out in defence of their commercial rival. Such companies would be wise to remember that the real enemy is not your competitor in the anti-virus industry, but the organised criminals who are infecting millions of computers with malware.
And I have to ask, if we're so worried about Russia, what about China?
How much pressure might Chinese companies be receiving from their government?
How many technological devices do you have in your home or office that rely upon components, software or hardware that was built in China? If it is so worried about Russia, shouldn't it be similarly kicking up a stink about that?
My guess is that it would simply be unacceptable to tell America to throw away its Chinese-made smartphones and laptops, as there are few decent all-American equivalents to take their place.