A committee in the United States Senate intends to prohibit the Department of Defense from using Kaspersky Lab’s products for fear of “Russian government influence”.
In its National Defense Authorization Act (NDAA) for Fiscal Year 2018 (PDF), the Senate Armed Services Committee sets out funding for the U.S. military. The NDAA proposes $640 billion for 2018. This amount exceeds President Trump’s budget request in order to “help the U.S. military restore readiness, rebuild capacity, and modernize the force for future challenges.”
On page 12, the act contains a section on “Countering Russian Aggression”. Therein we find a very peculiar clause:
“Prohibits the DOD from using software platforms developed by Kaspersky Lab due to reports that the Moscow-based company might be vulnerable to Russian government influence.”
This clause doesn’t come as too much of a surprise considering recent events. In May 2017, Defense Intelligence Agency Director Vincent Stewart told a Senate Committee they were reviewing the U.S. government’s use of Kaspersky’s products for fear that Moscow might use the security firm’s software to hack American corporate networks.
“We are tracking Kaspersky and their software. There is as far as I know no Kaspersky software on our networks.”
During that hearing, Sen. Marco Rubio, R-Fla., asked the chiefs of the NSA, Central Intelligence Agency, FBI, and three other intelligence agencies if they would be comfortable using Kaspersky’s products. Each said no. Perhaps that’s because they still believe some (misrepresenting) reports from back in 2015 that Eugene Kaspersky secures contracts for his company with Russian spies when he heads to the sauna.
In a statement to the media, Kaspersky Lab has said it “has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts. The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations. Kaspersky Lab is available to assist all concerned government organizations with any ongoing investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded.”
Statements like that, however, haven’t been enough to stop FBI agents grilling several of the company’s US employees on Tuesday night.
Just like Sophos aids the British government, and American firms cooperate with U.S. officials, Kaspersky Lab does work with the Russian government to help identify and track down criminal hacker groups. But this collaborative effort in the interest of digital security doesn’t imply criminal collusion. In fact, the U.S. government has yet to produce a shred of evidence backing up their suspicions of Russian influence.
With that said, we said it before, and we’ll say it again:
“If someone genuinely believes Kaspersky’s software is somehow secretly spying on selected customers, now’s the time to put up or shut up. Show us the evidence.”
Otherwise, stop wasting everyone’s time.