Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Warns US Private Sector To Cut Ties With Kaspersky (cyberscoop.com)

Posted by EditorDavid on from the watching-in-Washington dept.

An anonymous reader quotes CyberScoop: The FBI has been briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security, current and former senior U.S. officials familiar with the matter tell CyberScoop... The FBI's goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say.

The FBI's counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In light of successive cyberattacks against the electric grid in Ukraine, the FBI has focused on this sector due to the critical infrastructure designation assigned to it by the Department of Homeland Security... The U.S. government's actions come as Russia is engaged in its own push to stamp American tech giants like Microsoft out of that country's systems.
Meanwhile Bloomberg Businessweek claims to have seen emails which "show that Kaspersky Lab has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly admitted" -- and that Kaspersky Lab "confirmed the emails are authentic."

Kaspersky Lab told ZDNet they have not confirmed the emails' authenticity. A representative for Kaspersky Lab says that the company does not have "inappropriate" ties with any government, adding that "the company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."

11 of 173 comments (clear)

  1. Cum grano salis by sehlat · · Score: 5, Insightful

    Given that the FBI has repeatedly made it plain that they want unrestricted and owner-involuntary access to every piece of hardware on this planet, I'd take any cybersecurity recommendation they make with a grain of salt the size of the Benjamin Franklin.

    1. Re:Cum grano salis by fustakrakich · · Score: 4, Insightful

      Kaspersky can make a great advertising campaign out of this.

      *Banned in the US for refusing to whitelist government malware*

      --
      “He’s not deformed, he’s just drunk!”
  2. Better idea. by Gravis+Zero · · Score: 3, Insightful

    Cut all ties with Microsoft and you won't even need ties to Kaspersky Lab. We should all cut ties with Microsoft.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Better idea. by Gravis+Zero · · Score: 3, Informative

      You will be shocked to learn, that there are OSes that aren't affiliated with any of those companies!

      --
      Anons need not reply. Questions end with a question mark.
  3. Guess which company hasn't given them access yey by guruevi · · Score: 4, Informative

    Symantec and the like have outright admitted cooperation with US spooks. At this point, if I were in charge of security I would be buying all computer hardware from outside sources like Huawei and Kaspersky, at least they've indicated unwillingness to cooperate with US stooges and Chinese/Russians infiltration would both be easy to detect and any positive evidence would seriously damage their reputation. Symantec and Microsoft have plainly given NSA and even BSA access to their information.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  4. Welcome to the land of the Free by Dunbal · · Score: 4, Interesting

    Government is telling you which software to use. You wouldn't want people to think you were a terrorist, would you?

    --
    Seven puppies were harmed during the making of this post.
  5. What would be inappropriate? by LeftCoastThinker · · Score: 5, Insightful

    Maybe the question to ask Kaspersky is what exactly would an inappropriate relationship with the FSB look like according to them? It seems like there is some pretty damning evidence that a bad actor state (Russia) has been working closely with Kaspersky in a way that violates the expectation of most of the free world. If Kaspersky is serious about clearing it's name, it should clearly define and limit it's relationship with the FSB and the Russian government. Unfortunately for Kaspersky, being based in Russia, a country without a constitution or bill of rights limits what they can actually back up with action, unless they shift the bulk of their organization out of Russia, and I don't see that happening.

    --
    If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
  6. Offers to see code by Tyrsal · · Score: 5, Insightful

    Considering Kaspersky has been distressed enough about this negative publicity to directly offer both the FBI and CIA access to it's source code and these offers have been rebuffed, I'm not exactly sold on anything the FBI has to say here as being anything more than a stunt

    1. Re:Offers to see code by chill · · Score: 4, Insightful

      Access to source code is meaningless. You need to be able to match it to the different binaries, otherwise how do you know what you're looking at is what is actually executed?

      With complex code that uses dynamic libraries, and is updated sometimes DAILY like anti-malware software is, there is no benefit from viewing source that you don't compile and maintain yourself.

      --
      Learning HOW to think is more important than learning WHAT to think.
  7. Personally I am more worried... by Anonymous Coward · · Score: 3, Interesting

    about ClamAV (Cisco), McAfee (or whatever it is called now.), Symantec (Garbage since the Norton buy and ruination.), and Defender (Microsoft, who according to the EULA for Windows, nevermind Defender, can scan all your files and report believed infringing files to whoever they want as well as remotely access any of your files for any reason including Law Enforcement usage.)

    Given all of these, and Kaspersky's overall good (but definitely not perfect) reputation as an AV company dating back 15+ years, they seem far more trustworthy than 90 percent of the field. And given that most of that 90 percent of the field is intentionally or unwillingly stooges of the US Intelligence apparatus, I would say trusting Kaspersky, as long as you have a backup a/v application/network monitoring tool, is probably far safer than most of the alternatives you can currently get free or paid for.

    As stated by pp and others: the FBI/NSA/CIA have all shown a lazy interest in compromising both domestic and foreign information security for their own purposes, while doing nothing to ensure even domestic services are sufficiently hardened to keep out foreign or domestic adversaries, of which there are thousands dedicated and with resources, and millions of 'fleas' who just need that one 'big score' to move up to the big leagues. Giving them those opportunities by compromising system integrity at the hardware, firmware, and os level is a crime against humanity. But it won't be until the digital equivalent of 9/11 happens that we will see even a half assed attempt to secure those backdoors, and no doubt it will only resort in less convenience to the owner of the device, while the hackers will still have the same level of fettered access that they did in the past.

  8. Whitelisting by detritus. · · Score: 3, Insightful

    It probably has more to do with AV definitions and white-listing than a willingness to hand over code. Not only does the US government probably feel Kaspersky could whitelist Russian malware/heuristics, they also can't strong arm a Russian company to white-list their own.