Trump administration orders purge of Kaspersky products from U.S. government

FILE PHOTO: An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow
FILE PHOTO: An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow July 29, 2013. REUTERS/Sergei Karpukhin/File Photo

September 14, 2017

By Dustin Volz

WASHINGTON (Reuters) – The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.

The decision represents a sharp response to what U.S. intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome.

In a statement, Kaspersky Lab rejected the allegations, as it has done repeatedly in recent months, and said its critics were misinterpreting Russian data-sharing laws that only applied to communications services.

“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions,” the company said.

The Department of Homeland Security (DHS) issued a directive to federal agencies ordering them to identify Kaspersky products on their information systems within 30 days and begin to discontinue their use within 90 days.

The order applies only to civilian government agencies and not the Pentagon, but U.S. intelligence leaders said earlier this year that Kaspersky was already generally not allowed on military networks.

In a statement accompanying its directive, DHS said it was “concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”

It continued: “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

The department said it would provide Kaspersky with the opportunity to submit a written response to address the allegations. The agency said other entities claiming commercial interests affected by the directive could also submit information

Kaspersky Lab has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage.

However, the company has not been able to shake off the allegations. Last week, Best Buy Co <BBY.N>, the No.1 U.S. electronics retailer, said it was pulling Kaspersky Lab’s cyber security products from its shelves and website.

‘TOUGH DECISION’

Rob Joyce, the White House cyber security coordinator, said Wednesday at the Billington CyberSecurity Summit that the Trump administration made a “risk-based decision” to order Kaspersky Lab’s products removed from federal agencies.

Asked by Reuters whether there was a smoking gun showing Kaspersky Lab had provided intelligence to the Russian government, Joyce replied: “As we evaluated the technology, we decided it was a risk we couldn’t accept.”

Some cyber security experts have warned that blacklisting Kaspersky Lab could prompt a retaliation from Russian President Vladimir Putin. Joyce said those concerns were a factor but that a “tough decision” ultimately had to be made to protect government systems.

The direct financial impact of the decision will likely be minimal for Kaspersky Lab, one of the world’s leading anti-virus software companies, which was founded in 1997 and now counts over 400 million global customers.

Federal contracting databases reviewed by Reuters show only a few hundred thousand dollars in purchases from Kaspersky, and an employee told Reuters in July the company’s federal government revenue was “miniscule.”

But Kaspersky also sells to federal contractors and third-party software companies that incorporate its technology in their products, so its technology may be more widely used in government than it appears from the contracting databases, U.S. officials say.

The decision by the Trump administration came as the U.S. Senate was planning to vote as soon as this week on a defense policy spending bill that includes language that would ban Kaspersky Lab products from being used by U.S. government agencies.

Democratic U.S. Senator Jeanne Shaheen, who had led efforts in Congress to crack down on Kaspersky Lab, applauded the Trump administration’s announcement.

“The strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented,” Shaheen said, adding that she expected Congress to act soon to reinforce the decision by passing legislation.

Also on Wednesday, Democratic Senator Amy Klobuchar wrote to DHS asking whether the agency used Kaspersky products in relation to any critical infrastructure, such as election equipment, banks or energy suppliers, and if it knew whether any voting systems used the company’s software.

Eugene Kaspersky, the company’s co-founder and chief executive, attended a KGB school, and the company has acknowledged doing work for the Russian intelligence agency known as the FSB. But he has adamantly denied charges his company conducts espionage on behalf of the Russian government.

(Reporting by Dustin Volz, additional reporting by Doina Chiacu and Jim Finkle; Editing by Jonathan Oatis and Cynthia Osterman)

  • tj hessmon

    Since Russian government involvement is a concern related to Kaspersky’s software, it would stand to reason that Chinese government involvement in PC hardware manufacturing would be of equal concern. I would suggest the American government oust both, purchasing only American made hardware and American written software. Sounds like opportunity knocking…….

  • Native Born American

    Purge the employees in the Federal government who authorized the purchases as well.

  • AllAmericanTDS

    Pelosi will give the info to the Russians

  • Comanche457

    Sounds like a wise move.

  • Allmedialies

    The only products that stop Russian hackers?

  • Fred Jones

    but..
    but..
    but..
    ….
    ….

    RUSSIA!

  • Ocitman

    Buy american

  • Henry McKay

    Finally, a politician who will make common sense moves. Why we ever let Russian and Chinese businesses have access to sensitive parts of our infrastructure I will never know…..oh wait….its because politicians have sold us out in the past. Politicians who only care about themselves and not about real Americans.

    • SleepersAwake

      The brain trust of America resides in Washington DC, didn’t you know that? /sarc

      • allright

        Then we’re screwed…

  • vladdy

    have seen it both recommended as a way to get rid of stubborn malware AND as a source that will install malware on your computer.

  • “The” Bobguy

    It wouldn’t be a problem until it does.

  • allright

    “DHS said it was concerned about the ties between certain Kaspersky
    officials and Russian intelligence and other government agencies, and
    requirements under Russian law that allow Russian intelligence agencies
    to request or compel assistance from Kaspersky and to intercept
    communications transiting Russian networks.”

    Why would the DHS or any other US Govt. entities be concerned? This is exact same heavy handed approach to cyber policing the DIA, CIA, NSA, etc. etc. etc. do with American companies and citizens it wants to “investigate”…just say’n.

    • vladdy

      DHS, NSA, FBI, DOJ — none of the security/investigaive agencies have any credibility, now that we’ve seen the people with questionable alliances at the top, the firing of America-first types and the promotion of globalists; and the consistent ignoring and cover-up of crimes among the elitists.

      • allright

        Exactly.

  • disqus_D87XRi0Gy7

    Every has an opinion when it comes to antivirus software, myself I prefer Malwarebytes and Avast which I have no problem with and as they say, if it’s digital then it is not safe ! that is the bottom line. Now invisible ink and paper and pencil might make a comeback soon. ;0)

  • Bill Bobb

    is our government really that stupid !

    • allright

      What’s stupid about mitigating risk? Besides, maybe now the govt. can/will buy products and services from American only companies. Nothing stupid about that.

    • David Bagdasarian

      You can actually seriously ask that question with killary et al having run it? Murder for Hire is in a temporary hiatus while their demented momma goat is temporarily out of commission.

  • andronimo

    Yes as y2k said. A cloth may fix it.

  • andronimo

    I just bought Kapersky for my home a couple of months ago switching from webroot because of their high ranking and peer reviews. Kapersky was said to be one of the best.

    • The Truth

      I recommend PC-Matic. It is the best.

      • Larry Blair

        I second that. I have had it for over 6 years. I paid 150.00 for life for 5 computers. Never a problem and it is all in the good old US of A.

        • The Truth

          I paid the $150.00 for life on 5 computers too. Best money I ever spent! And, it is made and supported in the good old US of A!!

  • CoastRanger

    This is all about optics. If Kaspersky was transmitting data to Mother Russia, the entire IT industry would have known about it already. It would be knowledge so common the entire country would know not to buy their products. Not to mention their competitors would have been screaming the news from every steeple. On the contrary, they’re one of the top rated antivirus product available today. For reference take a look at: https://fatsecurity.com/tools/test-results-calculator

  • Y2K

    I have found their products to be very good but see the concern.

    I suppose they could keep using them if they wiped everything down with a cloth.

    I hear that is very effective. [/sarc]

    • allright

      I’ve heard by high level govt. officials that security is even better when servers are kept in the bathroom and personal devices are used instead of govt. issued ones…

      • vladdy

        Yeah, and those truly were HIGH government officials.