Kaspersky is in what you might call "a bit of a pickle."
The Russian cybersecurity firm, famous for its antivirus products and research reports on active threat groups is facing mounting accusations of working with, or for, the Russian government.
These accusations have been made in press and infosec gossip for years. In the past month there's been more scuttlebutt in the press, an NSA probe surfaced, and the Senate got involved by pushing for a product ban. This week things reached a peak with fresh accusations from Bloomberg and a surprising attack from the Trump administration. Which is odd, considering how eager the current regime is to please and grease the wheels of its Russian counterparts.
Either way, Kaspersky is really in a tight spot this time. The hammer dropped Tuesday when Bloomberg published Kaspersky Lab Has Been Working With Russian Intelligence. It comes from the same reporters who started 2015's "banyagate," in which Kaspersky Lab Has Close Ties to Russian Spies alleged CEO Eugene Kaspersky colluded with Russian intel in secret sauna meetings.
In each instance Kaspersky -- the company, and its CEO of the same name -- issued statements refuting the articles point by point and denying the accusations.
This week's piece claims to be operating on information from 2009 internal company emails obtained from anonymous sources. In them, the company allegedly discusses working on a DDoS product for a Russian government entity.
Without technical descriptions, what Bloomberg wrote about the deployment and maintenance of the DDoS product is quite hazy. On the one hand, it comes across as maybe nefarious; on the other, it's maybe just enterprise-level threat services. The article did state that Kaspersky participates in "hacking back" on the Russian government's behalf and that the company's employees also go on raids with the FSB -- both of which are incredibly serious charges which aren't fully substantiated.
In its statement, Kaspersky said that it does not hack back, but it does assist Russian law enforcement, saying:
"Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."
Here I'll say a couple of things "everyone knows" but few want to admit (or will like to hear). Cybersecurity firms have gone from being infosec startups to becoming intelligence brokers, no matter how anyone tries to package it. This is a permanent feature in the infosec landscape.
What upsets people even more, is that pretty much everyone has worked for, or with, a government or law enforcement at some point. Infosec isn't black and white: Good luck finding someone in infosec that hasn't worked for the government -- any government -- or knows exactly who they've worked for at any given time, for that matter.
Which brings us back to Kaspersky.
So far there's been no public evidence to substantiate accusations that Kaspersky is under Kremlin influence. Yet Bloomberg's article moved the needle in Washington.
It got a reaction from Senate Democrats, who are rightfully freaked out about Russian government meddling, and also got action from the Trump camp, which is ... worth a closer look. For the past few months, DC's scrutiny of Kaspersky and any alleged ties to the Kremlin (which Kaspersky denies) has only increased as suspicion about the Trump regime has exploded. This paranoia makes sense, even if the lack of concrete public evidence (so far as we know) makes it illogical.
Around July 4, the Senate Armed Services Committee recommended banning the Department of Defense (the Pentagon) from using Kaspersky's products in 2018. As in, they're using them now, but they'll be dropped in the future.
Just before that, on June 25th a "counter-intelligence inquiry" saw the FBI going to the homes of around a dozen Kaspersky employees in the US. Agents questioned employees about their company's operations, but we didn't hear anything further.