The U.S. government began privately warning some American companies the day after Russia invaded Ukraine that Moscow could manipulate software designed by Russian cybersecurity company Kaspersky to cause harm, according to a senior U.S. official and two people familiar with the matter.
The classified briefings are part of Washington's broader strategy to prepare providers of critical infrastructure such as water, telecoms and energy for potential Russian intrusions.
President Joe Biden said last week that sanctions imposed on Russia for its Feb. 24 attack on Ukraine could result in a backlash, including cyber disruptions, but the White House did not offer specifics.
"The risk calculation has changed with the Ukraine conflict," said the senior U.S. official about Kaspersky's software. "It has increased."
Kaspersky, one of the cybersecurity industry's most popular anti-virus software makers, is headquartered in Moscow and was founded by a former Russian intelligence officer, Eugene Kaspersky.
A Kaspersky spokeswoman said in a statement that the briefings about purported risks of Kaspersky software would be "further damaging" to Kaspersky’s reputation "without giving the company the opportunity to respond directly to such concerns" and that it "is not appropriate or just."
The senior U.S. official said Kaspersky's Russia-based staff could be coerced into providing or helping establish remote access into their customers' computers by Russian law enforcement or intelligence agencies.
Kaspersky, which has an office in the United States, lists partnerships with Microsoft, Intel and IBM on its website. Microsoft declined to comment. Intel and IBM did not respond to requests for comment.
On March 25, the Federal Communications Commission added Kaspersky to its list of communications equipment and service providers deemed threats to U.S. national security. r
It is not the first time Washington has said Kaspersky could be influenced by the Kremlin.
The Trump administration spent months banning Kaspersky from government systems and warning numerous companies to not use the software in 2017 and 2018.
U.S. security agencies conducted a series of similar cybersecurity briefings surrounding the Trump ban. The content of those meetings four years ago was comparable to the new briefings, said one of the people familiar with the matter.
Over the years, Kaspersky has consistently denied wrongdoing or any secret partnership with Russian intelligence.
It is unclear whether a specific incident or piece of new intelligence led to the security briefings. The senior official declined to comment on classified information.
Until now no U.S. or allied intelligence agency has ever offered direct, public proof of a backdoor in Kaspersky software.
Following the Trump decision, Kaspersky opened a series of transparency centers, where it says partners can review its code to check for malicious activity. A company blog post at the time explained the goal was to build trust with customers after the U.S. accusations.
But the U.S. official said the transparency centers are not "even a fig leaf" because they do not address the U.S. government's concern.
"Moscow software engineers handle the [software] updates, that's where the risk comes," they said. "They can send malicious commands through the updaters and that comes from Russia."
Cybersecurity experts say that because of how anti-virus software normally functions on computers where it is installed, it requires a deep level of control to discovery malware. This makes anti-virus software an inherently advantageous channel to conduct espionage.
In addition, Kaspersky's products are also sometimes sold under white label sales agreements. This means the software can be packaged and renamed in commercial deals by information technology contractors, making their origin difficult to immediately determine.
While not referring to Kaspersky by name, Britain's cybersecurity centre on Tuesday said organizations providing services related to Ukraine or critical infrastructure should reconsider the risk associated with using Russian computer technology in their supply chains.
"We have no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests, but the absence of evidence is not evidence of absence," the National Cyber Security Centre said in a blog post.
Latest Stories
-
EC promises smoother operation from May 8 despite internet challenges on Day 1
16 mins -
UBA gross earnings rise by 143% year-on-year as profit hits $1.06bn
1 hour -
World Public Relations Day Festival 2024 puts spotlight on AI, sustainability PR
2 hours -
Actress Gloria Sarfo recounts embarrassing moment with taxi driver
2 hours -
Procure Utility-Scale Solar Power Plant for security of the grid
2 hours -
Miss USA Noelia Voigt resigns title on mental health grounds
2 hours -
King has no time to see Prince Harry on UK visit due to ‘full programme’
2 hours -
Security guard shot at Drake’s Toronto home amid beef with Kendrick Lamar
2 hours -
NPA to engage Finance Ministry to consider removing taxes on LPG
2 hours -
Paris Olympics: 70 teams qualify for relay events
2 hours -
Passport e-gate outage causing delays at UK airports
2 hours -
Anti-corruption agencies from 21 African countries storm Ghana for conference
2 hours -
Farouk Aliu Mahama apologises for Citi FM reporter assault
2 hours -
Unilever pledges to remain committed to delivering profitability
2 hours -
”Nobody expected this’ – Hummels
3 hours