
Audio By Carbonatix
The U.S. government began privately warning some American companies the day after Russia invaded Ukraine that Moscow could manipulate software designed by Russian cybersecurity company Kaspersky to cause harm, according to a senior U.S. official and two people familiar with the matter.
The classified briefings are part of Washington's broader strategy to prepare providers of critical infrastructure such as water, telecoms and energy for potential Russian intrusions.
President Joe Biden said last week that sanctions imposed on Russia for its Feb. 24 attack on Ukraine could result in a backlash, including cyber disruptions, but the White House did not offer specifics.
"The risk calculation has changed with the Ukraine conflict," said the senior U.S. official about Kaspersky's software. "It has increased."
Kaspersky, one of the cybersecurity industry's most popular anti-virus software makers, is headquartered in Moscow and was founded by a former Russian intelligence officer, Eugene Kaspersky.
A Kaspersky spokeswoman said in a statement that the briefings about purported risks of Kaspersky software would be "further damaging" to Kaspersky’s reputation "without giving the company the opportunity to respond directly to such concerns" and that it "is not appropriate or just."
The senior U.S. official said Kaspersky's Russia-based staff could be coerced into providing or helping establish remote access into their customers' computers by Russian law enforcement or intelligence agencies.
Kaspersky, which has an office in the United States, lists partnerships with Microsoft, Intel and IBM on its website. Microsoft declined to comment. Intel and IBM did not respond to requests for comment.
On March 25, the Federal Communications Commission added Kaspersky to its list of communications equipment and service providers deemed threats to U.S. national security. r
It is not the first time Washington has said Kaspersky could be influenced by the Kremlin.
The Trump administration spent months banning Kaspersky from government systems and warning numerous companies to not use the software in 2017 and 2018.
U.S. security agencies conducted a series of similar cybersecurity briefings surrounding the Trump ban. The content of those meetings four years ago was comparable to the new briefings, said one of the people familiar with the matter.
Over the years, Kaspersky has consistently denied wrongdoing or any secret partnership with Russian intelligence.
It is unclear whether a specific incident or piece of new intelligence led to the security briefings. The senior official declined to comment on classified information.
Until now no U.S. or allied intelligence agency has ever offered direct, public proof of a backdoor in Kaspersky software.
Following the Trump decision, Kaspersky opened a series of transparency centers, where it says partners can review its code to check for malicious activity. A company blog post at the time explained the goal was to build trust with customers after the U.S. accusations.
But the U.S. official said the transparency centers are not "even a fig leaf" because they do not address the U.S. government's concern.
"Moscow software engineers handle the [software] updates, that's where the risk comes," they said. "They can send malicious commands through the updaters and that comes from Russia."
Cybersecurity experts say that because of how anti-virus software normally functions on computers where it is installed, it requires a deep level of control to discovery malware. This makes anti-virus software an inherently advantageous channel to conduct espionage.
In addition, Kaspersky's products are also sometimes sold under white label sales agreements. This means the software can be packaged and renamed in commercial deals by information technology contractors, making their origin difficult to immediately determine.
While not referring to Kaspersky by name, Britain's cybersecurity centre on Tuesday said organizations providing services related to Ukraine or critical infrastructure should reconsider the risk associated with using Russian computer technology in their supply chains.
"We have no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests, but the absence of evidence is not evidence of absence," the National Cyber Security Centre said in a blog post.
Latest Stories
-
Trafficked at 7, rescued at 17 — Survivor Godson Glawu calls for sustained child protection funding
15 seconds -
COCOBOD misses June deadline to clear GH¢6bn cocoa arrears, leaves GH¢3.4bn unpaid
11 minutes -
Eight officers interdicted as police investigate deadly Sayerano shooting
17 minutes -
Over 3 million pupils in 13 regions learn under trees and temporary shelters – A-G’s report
20 minutes -
102 illegal border routes identified in Volta Region alone — Interior Minister
22 minutes -
Ghana Medical Trust Fund, TTH inspect progress of work at Tamale Cardiology Centre
42 minutes -
Let Love Lead NGO supports flood victims, calls for preventive action against future flood disasters
44 minutes -
Ghana cedi outlook improves as PwC projects medium term stability
1 hour -
IJM identifies sustainable funding, partnerships and data as key to combating child trafficking
2 hours -
IJM cites 50–85% drop in trafficking, violence in countries with sustained justice investment
2 hours -
Bankers expect Central Bank to hold benchmark rate
2 hours -
Muntaka reveals suspected insider involvement in Ghana-Australia meth-trafficking case
2 hours -
Ghana-South Africa tensions: ‘Use diplomacy, not social media exchanges’ – Asafo-Adjei
2 hours -
South Africa risks export decline, job losses if African partners turn away — Prof Peprah
2 hours -
Ghana’s Human Trafficking Fund needs sustained financing to deliver on mandate — IJM
2 hours