How Kaspersky’s Software Fell Under Suspicion of Spying on America
Officials lack conclusive evidence, but incidents involving the firm’s antivirus products raised alarms
Eugene Kaspersky was late for his own dinner party.
At his invitation, guests from the Washington cybersecurity community waited one evening in 2012. Seated at the National Press Club were officials from the White House, State Department, Federal Bureau of Investigation and other agencies, said people who were there. Guests had started their first course when Mr. Kaspersky arrived, wearing a tuxedo with a drink in hand.
Mr. Kaspersky, chief executive of Russian security-software vendor Kaspersky Lab, proposed a toast to the ranking guest, Estonian President Toomas Hendrik Ilves, whose country had suffered a cyberattack five years earlier. The assault followed Estonia’s decision to remove a Soviet-era monument from its capital, and U.S. officials suspected Russia was behind it.
“Toomas,” Mr. Kaspersky said. “I am so sorry that we attacked you.”
The comment stopped all conversation until Mr. Ilves broke the silence. “Thank you,” he said, raising his glass. “This is the first time anyone from Russia has ever admitted attacking my country.”
No one suggested Kaspersky was involved in the Estonian hack, but Mr. Kaspersky’s toast played into a suspicion held by many in the U.S. intelligence community that his company might be wittingly or unwittingly in league with the Russian government—a suspicion that has only intensified since.
The process of evaluating Kaspersky’s role, and taking action against the company, is complicated by the realities of global commerce and the nature of how modern online software works. A top Department of Homeland Security official said in November congressional testimony the U.S. lacks “conclusive evidence” Kaspersky facilitated national-security breaches.
While the U.S. government hasn’t offered conclusive evidence, Wall Street Journal interviews with current and former U.S. government officials reveal what is driving their suspicions.
Some of these officials said they suspect Kaspersky’s antivirus software—the company says it is installed on 400 million computers world-wide—has been used to spy on the U.S. and blunt American espionage. Kaspersky’s suspected involvement in U.S. security breaches raises concerns about the relationship between the company and Russian intelligence, these officials said.
DHS, convinced Kaspersky is a threat, has banned its software from government computers. The company sued the U.S. government on Dec. 18 in U.S. District Court in Washington, D.C., saying the ban was arbitrary and capricious, and demanding the prohibition be overturned. DHS referred inquiries to the Justice Department, which declined to comment.
Kaspersky, in a statement, said: “Unverified opinions of anonymous officials about Kaspersky Lab continue to be shared, and should be taken as nothing more than unsubstantiated allegations against a company whose mission has always been to protect against malware regardless of its source, and which has repeatedly extended an offering to the U.S. government to help alleviate any substantiated concerns. We have never helped and will never help any government with its cyberespionage efforts.”
Read more https://www.wsj.com/articles/how-kasperskys-software-fel
