Lawmakers in the European Union voted to ban computer equipment and security software from Kaspersky Labs. A partnership between Kaspersky and Europol, the European law enforcement agency, abruptly ended. The United States implemented a ban on Kaspersky products across the federal government.
And that was just in the past three days.
For Kaspersky Labs, the 72-hour stretch marked another period that has once again upended the Russia-based software company amid allegations that it is a sieve for authorities in Moscow. Officially stripped of its ability to sell software to the U.S. federal government on June 15, the losses for Kaspersky labs threatened to spread across the Atlantic Ocean after the E.U. parliament ripped the company as being “confirmed malicious.”
Although the report was nonbinding, the company’s founder, Eugene Kaspersky, reacted in a series of brash tweets, blaming a “media-ocracy” that is “a vehicle for instilling in readers’ minds images of an ‘enemy.’”
In retaliation, Kaspersky announced it will stop working with Europol and the No More Ransom initiative “until the withdraw of the European Parliament decision.”
A spokesperson for Kaspersky told Fifth Domain that the European decision “is based on untrue statements” and “demonstrates a distinct lack of respect.”
In the past decade, the U.S. government has spent more than a quarter-million dollars on contracts with Kaspersky, according to federal data.
Kaspersky’s servers are based in Russia, according to court filings.
“This isn’t a software vulnerability, but a systemic vulnerability based on what I call ’access,’” said Matthew Shabat, a former Department of Homeland Security official, adding the anti-virus software requires accessed privilege.
“The kicker was a concern that the Russian government had access to Kaspersky Labs through its people and a law that provides it with vast power to access information traversing Russian networks.”
Shabat, who now works for the security firm Glasswall, added that Kaspersky software has been used as a component of other programs inside the federal government.
On October 1, use of Kaspersky products will be banned inside the federal government. But agencies are having difficulty complying with the law, according to the Daily Beast. The ban came after years of allegations that products made by Kaspersky Labs were vulnerable to Russian interference.
Russia “has demonstrated the intent to target the U.S. government and the capability to exploit vulnerabilities in federal information systems,” Homeland Security Assistant Secretary for Cyber Security and Communications Jeanette Manfra wrote in a September 1 memo.
Manfra warned that Kaspersky or the Russian government could use the software to engage in a wide range of malicious cyber activities against the federal government that includes “exfiltrating files, modifying data, or installing malicious code.”
Hackers from the Russian government stole sensitive information related to U.S. cyber capabilities from a National Security Agency employee who was using Kaspersky Lab antivirus software on his computer, according to an October 2017 report from the Washington Post.
Kaspersky Labs claims to protect over 400 million users and help more than 270,000 corporate clients.
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.