US intelligence chiefs don't trust Kaspersky. But why?

Beware rushing to accuse Russian anti-virus of dirty tricks.

US intelligence chiefs don't trust Kaspersky.  But why?

The chiefs of the United States's intelligence agencies have publicly stated that they wouldn't feel comfortable running Kaspersky anti-virus software on their computers.

That's what they told a Senate intelligence committee yesterday, when specifically quizzed on the topic by Marco Rubio:

MARCO RUBIO: As has been widely reported, and people know this, Kaspersky Lab software is used by not hundreds of thousands, millions of Americans. To each of our witnesses I would just ask, would any of you be comfortable with the Kaspersky Lab software on your computers?

ANDREW MCCABE (Acting FBI director): A resounding no, from me.

MICHAEL POMPEO (Director of the CIA): No.

DAN COATS (Director of National Intelligence): No, Senator.

MICHAEL ROGERS (NSA Director): No, sir.

VINCENT STEWART (Defense Intelligence Agency director): No, Senator.

ROBERT CARDILLO (Director of the National Geospatial-Intelligence Agency): No, sir.

And I have to wonder - why?

Is it because - gulp - Kaspersky is Russian?

Kaspersky is a global company, with offices in over 30 countries around the world. but it was founded, 20 years ago, in Moscow by Russian anti-virus guru Eugene Kaspersky.

Eugene kaspersky In the last few years there have been a stream of stories attempting to link Kaspersky to the FSB (the modern name for the KGB). Some have even tried to suggest that founder Eugene Kaspersky might be surreptitiously meeting spies in Moscow saunas.

Eugene is sometimes portrayed as suspicious because he served in the Russian military - forgetting that umm... conscription is mandatory in Russia.

It's easy to cast aspersions, but all anyone ever seems to have come up with are furtive whispers, rather than any actual concrete facts of wrong-doing.

And it's a story which some Western security companies are in no hurry to dispel, presumably thinking it's Kaspersky's image problem to resolve - not theirs.

For what it's worth, I have no doubt that Kaspersky sometimes helps Russian law enforcement when the hunt is on to identify online criminal gangs. Similarly, Sophos works with the British police, and there must be dozens of American security firms that have assisted the authorities there over the years.

But that doesn't mean that the different anti-virus firms are spying on any of their customers for intelligence agencies, does it?

And if Kaspersky was somehow in bed with the-powers-that-be in Moscow, then why would it have published detailed research on Russian-borne cybercrime campaigns like Epic Turla (sometimes known as Uroburos) and Red October?

A question worth asking is have all US-based security firms worked quite so hard in uncovering America's own state-sponsored cybercrime campaigns?

And how would people feel if they knew their all-American apple-pie-loving anti-virus software is often written by people who come from Eastern Europe and Russia, and - yes! - might even include former Kaspersky employees.

After all, the anti-virus industry is a small world, and it's not unusual for people to switch from company to company.

If Kaspersky gives you the collywobbles then maybe you should be wary of trusting any security software you install on your computer. Actually, that's not such a bad idea. But please don't let it stop you protecting your computer with something.

If someone genuinely believes Kaspersky's software is somehow secretly spying on selected customers, now's the time to put up or shut up. Show us the evidence.

While you're working on that, read Kaspersky's statement on the rumours.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

16 Responses

  1. Bob

    May 12, 2017 at 9:08 pm #

    Graham, you've written previously about the ludicrous allegations levelled towards Kaspersky by some American newspapers. Personally I don't believe a word of it.

    Kaspersky and Bitdefender are always the top two products consistently recommended by independent expert lab tests across the world. Kaspersky's AV detection is second to none and is used by major businesses in every country. That tells me something that Kaspersky is doing something right.

    Look at the ongoing "WannaCry" ransomware incident that Kasperky's software successfully blocked:

    "Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world." [1]

    Kaspersky's AV is *so* effective at preventing infections/trojans that GCHQ obtained a warrant to reverse engineer the software because it was thwarting the spooks who were trying to implant monitoring software onto the computers of suspects/targets! [2]

    "Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities,” the warrant renewal request said."

    [1] https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/

    [2] https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/

  2. David Harrison

    May 12, 2017 at 9:14 pm #

    I find this amusing and mildly ridiculous at the same time! As in independent computer consultant, I have had Kaspersky products on my own systems for over 8 years now; I have installed them on Clients systems for in excess of 6 years. I have informed them UP FRONT, here, in conservative West Texas, that Kaspersky was founded by a RUSSIAN NATIONAL, and yet NOT ONE, including SEVERAL OIL CONSULTANCIES has even balked at the installation of the software (SHAME ON YOU TED CRUZ REPRESENTING TEXAS).

  3. Bob

    May 12, 2017 at 9:56 pm #

    Here's Eugene Kaspersky's Reddit Ask Me Anything:

    https://eugene.kaspersky.com/2017/05/12/they-asked-me-everything/

    "Is your company subject to SORM given you operate servers in Russia?

    No, SORM is for ISPs and telecom companies, and we are not them. EDIT: The same goes to PRISM or similar systems."

    "The US Senate Intel committee is currently interviewing the heads of the intelligence community. They were just asked whether they would be comfortable running Kaspersky software on their computers. The answer was unanimous:
    No.
    Thoughts?

    I respectfully disagree with their opinion, and I’m very sorry these gentlemen can’t use the best software on the market because of political reasons."

    "What is your reaction to the Intelligence Committee’s (CIA Director Mike Pompeo, Acting FBI Director Andrew McCabe, DNI Director Dan Coats, National Geospatial-Intelligence Agency Director Robert Cardillo, and Defense Intelligence Agency Director Lt. General Vincent Steward) universal statement of a lack of confidence in Kaspersky Labs software on their systems?

    Once again, I think that due to political reasons, these gentlemen don’t have an option, and are deprived from the opportunity to use the best endpoint security on the market without any real reason or evidence of wrongdoing from our side. I would be very happy to testify in front of the Senate, to participate in the hearings and to answer any questions they would decide to ask me."

    "Is there a backdoor built into your software?

    Our software is designed to protect our customers, not to breach into their devices. There is no hidden functionality in our products, including backdoors."

    "On the inevitable KGB questions and misinformation: Is the statement “Once KGB Agent, Always a KGB Agent” true?

    Really can’t say, I haven’t been by a KGB agent / employee for a second."

    "On allegations that we help governments commit cybercrime

    Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.

    In closing, we weren’t asked to participate in any hearings or investigations. As mentioned earlier, we are always happy to assist in investigations where our expertise could benefit the greater good or to meet with a congressional panel with questions into the work of my company."

  4. Enrique Romero

    May 13, 2017 at 3:54 pm #

    I stopped using it over a decade ago simply because it had become a very bloated product and was not as lean as it once was. Have had good luck with the baseline AV products from www.eset.com (another global company for which I am not affiliated with) instead.

    The government needs to take great care in calling out or endorsing specific companies in subject matter areas that are outside of their expertise (ahem Solyndra, Fisker, Brightsource, SunPower, etc..)

  5. Daniel Svoboda

    May 13, 2017 at 8:45 pm #

    If i didn't like Sophos so much I would totally "pack the K" https://www.youtube.com/watch?v=k_y1OvEhZvg

    • furriephillips in reply to Daniel Svoboda.

      May 16, 2017 at 9:59 am #

      Thank you – this made me smile :)

    • Dynvor in reply to Daniel Svoboda.

      May 16, 2017 at 9:22 pm #

      That also made me smile fair play

    • Bob in reply to Daniel Svoboda.

      May 19, 2017 at 10:04 pm #

      Sophos unfortunately calls home with way too much data.

      https://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx

  6. Marcelo D.

    May 14, 2017 at 9:58 pm #

    Im a Kaspersky user/subscriber since their antivirus was named AVP. And its much, much, way better than the other antivirus around. Mcaffee, Symantec, Avast, AVG…Im a really happy Kaspersky user.

  7. John Lewis

    May 15, 2017 at 9:31 am #

    The real question is "Who do you trust?" Would you trust a VPN product certified by GCHQ (the one in Cheltenham) or the NSA?

  8. BaliRob

    May 15, 2017 at 10:01 am #

    Great page Graham – as informative and very interesting as always.

    I look forward to every issue.

    Rob

  9. Alex

    May 15, 2017 at 1:25 pm #

    We use Sophos but I remember in the leaked Snowden documents there was a chart that showed when each major AV product had been worked round, the only one that was still causing them trouble was Kaspersky.

    What's everyone's thoughts on non signature based AV like Cylance?

    • Jason in reply to Alex.

      November 14, 2017 at 3:01 pm #

      "We use Sophos but I remember in the leaked Snowden documents there was a chart that showed when each major AV product had been worked round, the only one that was still causing them trouble was Kaspersky."

      That's exactly what this is about. It's giving them trouble, so this is their way of spreading FUD to hopefully get people to switch to a more easily crackable product.

      It's as plain as a Bulgarian pin-up.

  10. Ray

    May 15, 2017 at 4:33 pm #

    I have some sympathy with the American intelligence response. It doesn't matter how many countries Kaspersky has offices in, the company is Russian and it is not unlikely that the Russian government would have some influence there. Forget about everyday spying – much too likely to be found out. But more strategically what if there was a back door which would stop computers working in 'enemy' countries in time of war or an off-the-shelf update which could be sent out to achieve the same end when required? Yes there are many Eastern Bloc people working for other security companies but they are monitored to some extent by their co-workers and managers – its not the same as working in Russia. Western intelligence services just could not afford to take the chance,

  11. Alfonso

    May 15, 2017 at 11:35 pm #

    And these are US. "intelligence officers"???? and our Senators???? THEY PICKED the wrong target – s > they always do (or pretend to do) They should be asking about all their spying on US citizens just because they can. They should be asking MIcros#^%& and the other American?!!?? companies these questions. These companies who deliver the keys on "HOW TO GET INTO EVERY COMPUTER AROUND THE WORLD AND IN THE US". A complete disgrace!
    They all offer and promise "TRANSPARENCY". The only transparency I got came from people that the "intelligence community" classify as "enemies" or "traitors" : Snowden, Assange, among others.
    To be clear, I use Kaspersky in my Systems. If it does what it is supposed to do, I will continue to use it. I also follow the work Kaspersky is doing (for years) with law enforcement ( Interpol, Europol, etc.) in helping to stop the bad guys.

  12. furriephillips

    May 16, 2017 at 9:55 am #

    Kaspersions

Leave a Reply