U.S. Senate committee wants to ban Kaspersky products from the Department of Defense

Cites reports of “Russian government influence,” but still not a trace of evidence…

U.S. Senate committee intent on prohibiting DOD's use of Kaspersky products

A committee in the United States Senate intends to prohibit the Department of Defense from using Kaspersky Lab's products for fear of "Russian government influence".

In its National Defense Authorization Act (NDAA) for Fiscal Year 2018 (PDF), the Senate Armed Services Committee sets out funding for the U.S. military. The NDAA proposes $640 billion for 2018. This amount exceeds President Trump's budget request in order to "help the U.S. military restore readiness, rebuild capacity, and modernize the force for future challenges."

On page 12, the act contains a section on "Countering Russian Aggression". Therein we find a very peculiar clause:

"Prohibits the DOD from using software platforms developed by Kaspersky Lab due to reports that the Moscow-based company might be vulnerable to Russian government influence."

Screen shot 2017 06 29 at 8.52.59 am

This clause doesn't come as too much of a surprise considering recent events. In May 2017, Defense Intelligence Agency Director Vincent Stewart told a Senate Committee they were reviewing the U.S. government's use of Kaspersky's products for fear that Moscow might use the security firm's software to hack American corporate networks.

As quoted by Reuters:

"We are tracking Kaspersky and their software. There is as far as I know no Kaspersky software on our networks."

During that hearing, Sen. Marco Rubio, R-Fla., asked the chiefs of the NSA, Central Intelligence Agency, FBI, and three other intelligence agencies if they would be comfortable using Kaspersky's products. Each said no. Perhaps that's because they still believe some (misrepresenting) reports from back in 2015 that Eugene Kaspersky secures contracts for his company with Russian spies when he heads to the sauna.

Kaspersky boxIn a statement to the media, Kaspersky Lab has said it "has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts. The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations. Kaspersky Lab is available to assist all concerned government organizations with any ongoing investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded."

Statements like that, however, haven't been enough to stop FBI agents grilling several of the company's US employees on Tuesday night.

Just like Sophos aids the British government, and American firms cooperate with U.S. officials, Kaspersky Lab does work with the Russian government to help identify and track down criminal hacker groups. But this collaborative effort in the interest of digital security doesn't imply criminal collusion. In fact, the U.S. government has yet to produce a shred of evidence backing up their suspicions of Russian influence.

With that said, we said it before, and we'll say it again:

"If someone genuinely believes Kaspersky's software is somehow secretly spying on selected customers, now's the time to put up or shut up. Show us the evidence."

Otherwise, stop wasting everyone's time.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

5 Responses

  1. Nuke'em

    June 30, 2017 at 10:34 am #

    This is a non story. The DoD has had policy in place for years requiring manufacturers of certain parts, e.g. integrated circuits for certain equipment items, be verified as trusted. Holding antivirus software manufacturers to the same type of scrutiny is warranted and should have been implemented long ago.

  2. J.R. Guthrie

    June 30, 2017 at 4:56 pm #

    After the Bloomberg interviews, I was already done with Kaspersky. LogMeIn, are you getting this yet?

  3. Alfonso

    June 30, 2017 at 7:32 pm #

    CIA, NSA tools? Microsoft interfering with Kaspersky Security and literally stopping it from doing it's work? Why don't we go after the real bad guys who are doing all the damage?

    How is that Win Defender doing for you?

    I believe all security companies have to twitch with all key infrastructures security in every government industries, corporations, etc to actually verify how secure or insecure they are. This is one way to discover bugs, vulnerabilities, etc. ( You have bad and good actors )

    They are going after Kaspersky because they can.

  4. Pete

    June 30, 2017 at 7:34 pm #

    I love the irony in the fact that NSA says they wouldn't be "comfortable" using Kaspersky products. Of course they wouldn't. They prefer to do their own undetected spying.

    Anyhow, this whole thing about banning Kaspersky's software is stupid. Is the U.S. state admitting that they are utterly incompetent to examine the software and verify whether it's doing anything sinister?

    And what about the fact that the Russian state uses software produced in the U.S.? I would fully expect the Russians to retaliate by banning U.S. software if this fear-mongering against Kaspersky is allowed to stand.

    Sure enough, today (June 30), Russia threatened retaliation against U.S. software companies if Kaspersky's software is banned: https://www.bloomberg.com/news/articles/2017-06-30/russia-threatens-retaliation-if-pentagon-bans-kaspersky-software-j4k2inwq

    Terrific. The only thing these political clowns are going to accomplish is to prove (once again) that stupidity is self-propagating.

  5. Jim

    July 1, 2017 at 12:31 pm #

    Hum, perhaps good business for USA antivirus companies? Wouldn't be the first time that policy was guided by local business concerns.

Leave a Reply