WASHINGTON — Concerned that a popular producer of anti-virus software “is susceptible to manipulation by the Russian government,” the House Science, Space, and Technology Committee is probing the use of Kaspersky Lab products by U.S. government agencies.
Earlier this month, Bloomberg Businessweek reported that internal Kaspersky emails show the company working on projects with Russia’s FSB, the intelligence service, and developing technology for the KGB successor. “Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have any unethical ties or affiliations with any government, including Russia,” the company replied in a statement. Eugene Kaspersky further slammed “unfounded conspiracy theories” about his company’s relationship with the Kremlin as “total BS” in a Reddit post.
Kaspersky released free anti-virus software last week. The company says about 400 million users have Kaspersky on their computers, though Bloomberg notes that about half of those may not know it because of licensing agreements that embed Kaspersky products without the company name.
On Thursday, Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) sent a letter to agencies requesting information on that government department’s use of Kaspersky products, citing in part a 2015 Reuters exclusive saying that Kaspersky ran a sabotage campaign against its U.S. rivals by “tricking their antivirus software programs into classifying benign files as malicious.”
The committee, Smith’s letter states, is concerned “that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States.”
Government contracting data “indicating that several federal departments and agencies use or have used cybersecurity or anti-virus products manufactured by Kaspersky Lab is even more troubling,” the letter continues.
“…Cybersecurity is a greater threat to our nation than ever before. If these widely reported allegations prove true, then the American public has ample grounds on which to rest their concerns about the security of data stored and transmitted on federal information systems — especially those allegedly protected by Kaspersky Lab’s products.”
Sen. Jeanne Shaheen’s (D-N.H.) amendment to block the use of Kaspersky products at the Defense Department and connected networks was included in the defense reauthorization bill. Shaheen has encouraged a government-wide ban of Kaspersky as a “wise precaution.”
In a Senate Intelligence Committee hearing last month on Russia election interference, Sen. Tom Cotton (R-Ark.) asked a trio of Homeland Security and FBI officials if they would “advise states and localities in the conduct of their elections, or more broadly, in their government services, not to use, or not to do business with Kaspersky Labs, companies that do business with Kaspersky or companies that use Kaspersky products in their systems.” None would comment in an unclassified setting.
Asked in a May Senate hearing if Homeland Security was using Kaspersky products, then-DHS Secretary John Kelly replied, “I believe we do.”