Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/29/2017
06:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence

Lawmaker proposes ban on DoD use of Moscow-based security vendor's products.

Moscow-based Kaspersky Lab this week found itself the subject of escalating concerns about the company's possible connections with the Russian government.

The immediate worries this time were prompted by news that FBI agents had questioned several of the security vendor's US-based employees at or near their residences Tuesday night.

The employees were apparently informed they were not the subjects of any formal criminal investigation and that they were being interviewed as part of an effort to get general information about the company's operations and communications with Moscow.

It is unclear at this time if the questioning had anything to do with Special Counsel Robert Mueller's broader investigation into potential Russian interference in the U.S. elections last year.

News of the FBI's apparent investigation of Kaspersky's activities prompted U.S. Senator Jeanne Shaheen [D-NH] to propose a total ban on the Pentagon's use of Kaspersky's products. In an amendment Wednesday to a Senate Armed Services Committee defense spending policy bill, Shaheen said the prohibition was required because of reports that Kaspersky Lab "might be vulnerable to Russian government interference."

A Kaspersky Lab spokeswoman said neither the company nor its founder and CEO Eugene Kaspersky had any ties to any government. "The company has never helped, nor will help, any government in the world with any cyber espionage efforts," the spokeswoman said in a statement to Dark Reading.

Kaspersky Lab has been an IT security vendor for 20 years and has adhered to ethical practices. "Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations," the statement said.

John Pescatore, director of emerging security threats at the SANS Institute and a former NSA analyst says that so far at least there indeed doesn't appear to be any credible evidence that Kaspersky Lab's products have been compromised or contain hidden doors. "NSA and the UK GCHQ have had many years to look at Kaspersky’s products and I've seen no warnings before this," Pescatore says.

At the same time though, there's little doubt that Russian intelligence agencies are just as interested as the NSA in exploiting cyber techniques to infiltrate other countries.

"NSA knew of vulnerabilities in US security products and told no one. Russia may have known of similar vulnerabilities in Kaspersky's products and told no one," he says.

Just as the NSA might have influenced U.S. technology vendors to leave vulnerabilities in their products, the Russian government could have done the same with Kaspersky. "Russia went further, in economic espionage and trying to influence our presidential election, but there are many other similarities."

The takeaway for organizations is that all software needs to be checked for vulnerabilities and malicious capabilities, he said.

This week's developments add to the pressure that the $620 million Kaspersky Lab has been under in recent years about possible links with the Russian government and intelligence agencies. The company's products are relatively widely used in the US by consumers, commercial entities, and government organizations.

In May, U.S. intelligence officials said they were investigating the government's use of Kaspersky Lab products and whether those products could be used to attack American systems. At a U.S. Senate Select Committee on Intelligence hearing on Russian interference, the U.S. director of national intelligence and other intelligence officials unanimously expressed discomfort about US Kaspersky Lab products on their computers without explaining why. That time, as now, Kaspersky denied the company had any links with the Russian government and suggested it was being picked on for political reasons.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

Related content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Planned vacation simulation
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10100
PUBLISHED: 2019-07-15
couchcms 2 is affected by: Web Site physical path leakage. The impact is: disclosure the full path. The component is: includes/mysql2i/mysql2i.func.php and addons/phpmailer/phpmailer.php. The attack vector is: network connectivity.
CVE-2019-10100
PUBLISHED: 2019-07-15
borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable.
CVE-2019-10103
PUBLISHED: 2019-07-15
Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated use...
CVE-2019-10103
PUBLISHED: 2019-07-15
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136...
CVE-2019-10103
PUBLISHED: 2019-07-15
Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after ...