- Donald E. Hester
The US government has concerns about using Kaspersky Labs Antivirus software. So much so that they have ordered the removal of it from all US government computers and suggested other organizations should follow their lead. The concern is that the Kaspersky Labs may be working with the Kremlin on cyberespionage operations and poses a risk to national security.
Sen. Jeanne Shaheen leaves the situation vague and says they can't reveal the full extent of classified information that they received in briefings that has caused her to be so concerned about the company's products. Apparently, the public will not be allowed to be able to make an informed decision thanks to the cryptic response.
Nicholas Weaver, a cybersecurity at UC Berkeley, has been calling for the US government to stop using it but "for most everybody else, the software is fine." Again, possibly good advice but vague and cryptic. If it is bad for the US government way is it not bad for everyday user?
Kaspersky Labs in an official statement has denied any affiliate with Russian espionage. Eugene Kaspersky has been asked to testify before Congress and has accepted the offer hoping to clear the air. Other cybersecurity professionals have called for the US government to disclose more information. Exactly what could Kaspersky software do? Can it transmit data from host computers back to Russia or allow for remote control of those computers? Is this more of a political issue? What about the other software vendors that are headquartered in other countries? Should we be concerned? What do you think?
Update 6 OCT 2017
It has been reported that an NSA contractor had taken classified information home on a personal computer and that Russian hackers somehow were notified by Kaspersky Anti-malware software of the presence of the information. Then Kaspersky's software was exploited to extract the data. This breach purportedly happened in 2015 and was discovered in 2016. In an official statement Kaspersky Labs bemoans the media reporting unsubstantiated claims. I foresee future updates to this story.
Updated 10 OCT 2017
New York Times, "Kaspersky Lab Antivirus Software Is Ordered Off U.S. Government Computers," by Mathew Rosenberg, Ron Nixon; 14 SEP 2017:
Reuters, U.S. Senate Votes to Ban Kaspersky Lab Software From Government Networks, By Dustin Volz, 18 SEP 2017: http://www.reuters.com/article/us-usa-cyber-kasperskylab/u-s-senate-votes-to-ban-kaspersky-lab-software-from-government-networks-idUSKCN1BT2PW
Kaspersky Lab Debate: Put Up or Shut Up, Show Your Cards, or Fold, Cybersecurity Professionals Tell FBI, by Mathew J. Schwartz, 20 SEP 2017: https://www.govinfosecurity.com/blogs/kaspersky-lab-debate-put-up-or-shut-up-p-2548
Kaspersky Lab Response to Issuance of DHS Binding Operational Directive 17-01: https://usa.kaspersky.com/about/press-releases/2017_kaspersky-lab-response-to-issuance-of-dhs-binding-operational-directive-17-01
International Business Times, "NSA hack: Russian hackers allegedly used Kaspersky's software to steal secret cyberweapons, The theft reportedly took place in 2015 and was discovered in 2016." By India Ashok 6 OCT 2017: http://www.ibtimes.co.uk/nsa-hack-russian-hackers-allegedly-used-kasperskys-software-steal-secret-cyberweapons-1642090
The Wall Street Journal, "Russian Hackers Stole NSA Data on U.S. Cyber Defense, The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks," By Gordon Lubold and Shane Harris, 5 OCT 2017: https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108
ISMG, "NSA Secrets Stolen From Computer Using Kaspersky Software, Hack Reportedly Occurred in 2015, But Was Discovered This Spring" by Eric Chabrow, 5 OCT 2017: https://www.govinfosecurity.com/report-nsa-secrets-stolen-from-computer-using-kaspersky-software-a-10359
ISMG, "Russian Theft of NSA Secrets: Many Questions, Few Answers, Pawn or Not, Kaspersky Lab May Face Uphill Battle for Reputation," by Jeremy Kirk, 6 OCT 2017: https://www.govinfosecurity.com/russian-theft-nsa-secrets-many-questions-few-answers-a-10361
ISMG, "10 Reactions: Allegations Against Kaspersky Lab, Analysis: No Conspiracy Theories Necessary to Explain Epic NSA Pwnage," by Mathew J. Schwartz, 7 OCT 2017: https://www.govinfosecurity.com/10-reactions-allegations-against-kaspersky-lab-a-10363