Germany’s Federal Office for Information Security (BSI) has warned that Russia-based Kaspersky’s anti-virus software could be used for spying or launching cyber-attacks.
Russian Companies Forced To Launch Cyber-Attacks?
The warning was aimed at Russian IT businesses who, claims the BSI, could be used via the software to carry out offensive operations, or forced against their will to attack target systems, or be spied upon. The warning also suggests that Kaspersky’s anti-virus products could be used as a tool for attacks against an IT company’s own customers.
It is no surprise that Kaspersky has defended the safety of its products and stated that the BSI’s claims have been made purely on political grounds and not on any technical assessment of its products. Kaspersky has also denied any ties to any government, including Russia’s.
The warning by the BSI led to Eintracht Frankfurt football club dropping its sponsorship agreement with Kaspersky.
History of Kaspersky Accusations
There have been many well-publicised accusations in the past against Kaspersky centring around the allegation of a possible close tie with the Russian state and, therefore, a possible security risk. For example:
In December 2017, following a warning in a letter by Director of the UK National Cyber Security Centre (NCSC), Ciaran Martin, to Whitehall chiefs about the danger of Russian software, Barclays bank has emailed its online banking customers to say that it would no longer be offering Kaspersky Russian anti-virus because of possible security risks.
Also in December 2017, then US President Donald Trump banned the use of Kaspersky Lab within the U.S. government as part of a broader defence policy spending bill. The ban reinforced a directive from September that year that civilian agencies should remove Kaspersky Lab software within 90 days. Both the earlier directive and the ban were based on security fears over Kaspersky’s possible links with the Russian State.
In reply to the latest allegations from Germany, Kaspersky has issued a statement which explains that its “data processing infrastructure was relocated to Switzerland in 2018”, and that “the security and integrity of our data services and engineering practices have been confirmed by independent third-party assessment”.
Kaspersky says that “We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds.”
What Does This Mean For Your Business?
Suspicions about Kaspersky’s possible links to the Russian state have been the subject of several warnings from UK, US, and other nations’ security agencies over the past few years. It is not surprising, therefore, that with anti-Russian state feelings running high and sanctions being imposed that Kaspersky would again be in the frame. With a warning coming from such a credible and official source as Gemany’s Federal Office for Information Security (BSI), and with clear evidence of Russian cyber-attacks already (against Ukraine) it is not surprising that the warning has had an immediate commercial effect, i.e. dropped sponsorship by a major football club.
It is unlikely that Kaspersky’s assurances will be heard at this time and more commercial pain for the company is likely to follow. The warning is part of an expanding surface of pressure and sanctions being applied in a bid to force an end to Putin’s war being waged against Ukraine.