In private briefings, the FBI is reportedly advising US energy and technology firms to cut their ties with Kaspersky over alleged national security risks
The FBI has given private briefings to US companies urging them to stop using products made by Moscow-based computer security firm Kaspersky Lab and citing the company as a threat to national security, according to a report by online magazine Cyberscoop.
Kaspersky has denied previous allegations by the US government that it colludes with Russian intelligence agencies.
It said the fact the briefings are allegedly taking place was “extremely disappointing” and reiterated that it has never had “inappropriate ties with any government”, saying the FBI’s actions appear to be politically motivated.
Energy companies targeted
The briefings have prioritised energy companies, including nuclear power firms, and have resulted in some organisations signing contracts with Kaspersky’s competitors, The report cited unnamed current and senior US officials as saying the briefings have been ongoing since the beginning of this year.
At the meetings, FBI officials allegedly present intelligence they say indicates Kaspersky Lab has active links to Russian intelligence agencies such as the FSB, successor to the Soviet-era KGB.
They present specific cases of alleged wrongdoing by Kaspersky, including a well-known instance from 2015 in which two former employees accused the company of faking malware data to cause rivals’ products to wrongly categorise legitimate files as malicious.
Kaspersky denied the claim at the time and reiterated to Cyberscoop its position that that the claims were “meritless” allegations by “disgruntled” former staff.
In the briefings the FBI reportedly argue that Russian legal measures such as the Yarovaya national security laws and the System for Operative Investigative Activities (SORM) internet and telephony laws mean the Russian government has few effective limits on its access to sensitive data held by Russian companies, and they reportedly allege the FSB positions active agents inside Russian firms.
What mobile network are you using?
- Three (30%)
- EE (25%)
- Vodafone (19%)
- O2 (16%)
- Other (11%)
Kaspersky told CyberScoop that data processed by the company is protected according to industry standards and said the company isn’t subject to legal tools such as SORM or the Yarovaya laws, which it said are aimed at the telecommunications industry.
The briefings reportedly mention the fact that Kaspersky figures including chief executive Eugene Kaspersky and chief legal officer Igor Chekunov have formerly worked in intelligence positions and allege they continue “in all but name” to work for the government.
The briefings have prioritised companies in the energy sector, particularly nuclear power companies and those using industrial control systems (ICS), due to the fact that these companies have been designated as critical infastructure by the Department of Homeland Security.
Large US technology firms who work with Kaspersky to provide services for products such as routers and virtual machines have also been briefed.
The FBI has urged companies to refrain from using Kaspersky’s products or to drop them if they’re in use. The officials said some energy companies had been responsive, while technology firms were less cooperative.
In July the US’ General Services Administration removed Kaspersky from an approved-vendors list, while Congress began efforts to pass a law that would ban the firm’s products from being used by the Department of Defence.
As part of those efforts a congressional panel in late July asked federal government agencies to share information on Kaspersky because the firm’s tools could be used to carry out “nefarious activities against the United States”.
Kaspersky said the reported briefings appeared to be part of a political conflict between Russia and the United States.
“If these briefings are actually occurring, it’s extremely disappointing that a government agency would take such actions against a law-abiding and ethical company like Kaspersky Lab,” the company said in a statement to Silicon.
“The company doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organisation… The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight.”
It added that the company “has never helped, nor will help, any government in the world with its cyber-espionage or offensive cyber efforts”.
Offers by Eugene Kaspersky to meet with US government officials, testify before congress or provide source code for an audit have met with no response, the firm said.
The US Department of Justice didn’t immediately respond to a request for comment.
In the past the US government has similarly targeted Chinese companies such as Huawei and ZTE over alleged national security risks.
Do you know all about security in 2017? Try our quiz!