|
U.S. government crackdown threatens
Kaspersky’s American dream
Send a link to a friend
 [July 14, 2017]
By Jim Finkle, Joseph Menn and Dustin Volz
(Reuters) - Eugene Kaspersky, the CEO of
the Russian cybersecurity software firm that bears his name, had a big
American dream.
He wanted his company to go beyond selling anti-virus software to
consumers and small businesses and become a major vendor to the U.S.
government - one of the world's biggest buyers of cybersecurity tools.
Kaspersky set up a U.S. subsidiary, KGSS, in Arlington, Virginia that
would be focused on winning that business. He sponsored flashy
conferences with high-profile speakers -including Michael Flynn, who was
briefly President Donald Trump's national security adviser - sought to
join U.S. trade groups and even underwrote programming on National
Public Radio.
All of this was done to burnish Kaspersky's image and help it become an
accepted vendor for the U.S. government despite its Russian roots,
according to people familiar with the strategy.
But Eugene Kaspersky was never able to overcome lingering suspicions
among U.S. intelligence officials that he and his company were, or could
become, pawns of Russia's spy agencies. Kaspersky "has never helped, nor
will help, any government in the world with its cyberespionage efforts,"
the company said.
Kaspersky's American ambitions were further eroded by the sharp
deterioration in U.S.-Russia relations following Russia's invasion of
Crimea in 2014, and later when U.S. intelligence agencies concluded that
Russia had hacked the 2016 U.S. presidential election.
Testifying before the U.S. Congress in May, U.S. intelligence chiefs for
the first time publicly expressed doubt that Kaspersky products could be
trusted.
FBI agents last month interviewed Kaspersky employees, asking whether
they reported to Russia-based executives and how much data from American
customers could be seen by Russian employees, according to three current
and former employees. The FBI declined to comment on Thursday.
On Tuesday, the U.S. General Services Administration, the government
agency that manages the federal bureaucracy, removed Kaspersky from a
list of approved vendors, saying GSA's mission was to ensure the
security of U.S. government systems.
There is also a bill before Congress that would explicitly bar the
Defense Department from using any Kaspersky products.
Kaspersky says his company is being targeted for political reasons.
"These reckless actions negatively impact global cybersecurity by
limiting competition, slowing down technology innovations and ruining
the industry and law enforcement agency cooperation required to catch
the bad guys,” he said in a statement to Reuters.
The Arlington offices of KGSS were empty when a Reuters reporter visited
them on Thursday. A Kaspersky spokeswoman said most of the staff, which
number less than 10, often work from home.
The U.S. clampdown comes even though officials have offered no public
evidence to suggest the company has done anything untoward or that the
Russian government is using its software to launch cyber attacks.
Two former employees and a person briefed on the FBI case told Reuters
that Kaspersky software has at times inappropriately inspected and
removed files from users' machines in its hunt for alleged cyber
criminals, even when those files were not corrupted by viruses.
“Kaspersky Lab believes it is completely unacceptable that the company
is being unjustly accused without any hard evidence to back up these
false allegations,” the Kaspersky spokeswoman said in response in an
email.
UNUSUAL STEP
It is extremely rare for a company to be singled out for federal buying
restrictions in the absence of clear evidence of wrongdoing.
"This sets a really dangerous precedent" where other nations could make
similar, unsubstantiated claims against U.S. vendors, said Robert M.
Lee, a former cyberwarfare operative for U.S. intelligence and now CEO
of cybersecurity startup Dragos.
The Russian government has denounced the Kaspersky crackdown and said it
does not rule out retaliatory measures. Officials at U.S. tech companies
with significant operations in Russia say they fear they could become
targets.
[to top of second column] |
Eugene Kaspersky, chairman and CEO of Kaspersky Lab, answers a
question during an interview in New York, U.S. on March 10, 2015.
REUTERS/Shannon Stapleton/File Photo
Federal contracting databases reviewed by Reuters show only a few
hundred thousand dollars in purchases from Kaspersky, and an
employee confirmed the company's federal government revenue was
"miniscule."
But Kaspersky also sells to federal contractors and third-party
software companies that incorporate its technology in their
products, so its technology may be more widely used in government
than it appears from the contracting databases, U.S. officials say.
Founded in 1997, Kaspersky grew rapidly through the 2000s to become
one of the world's leading anti-virus software companies.
(Kaspersky's global reach: http://tmsnrt.rs/2uWTQoV)
But the company was dogged from the start by suspicions about its
ties to Russia's Federal Security Service (FSB), the main successor
to the KGB. Eugene Kaspersky attended a KGB school and the company
has acknowledged doing work for the FSB.
As the company grew, Kaspersky was determined to overcome those
fears.
"We have to be more American than Americans," Kaspersky told Reuters
in 2013, when a U.S. goodwill offensive began.
"PUBLIC SHAMING"
A cornerstone of the effort was a series of KGSS-hosted conferences
in Washington where prominent U.S. officials including Flynn, a
former Defense Intelligence Agency director, former CIA and NSA
Director Michael Hayden and House of Representatives Homeland
Security Committee Chairman Michael McCaul discussed cybersecurity
issues.
The company privately courted U.S. intelligence and law enforcement
officials by sending experts to brief them on nation-state hacking
campaigns uncovered by the firm, according to people present at
those meetings.
"They came to us and said, 'We want to change our image, we know
people don't trust us'," said one former senior Obama administration
official who took part in some of those meetings.
But the suspicions never subsided. When the company sought to join
one Washington-based technology trade organization, it was "politely
told it couldn’t happen," according to an industry source with
direct knowledge of the matter.
The source said industry group officials had an inside joke:
"Kaspersky (membership) is like having the Kremlin join."
Not coincidentally, Kaspersky's government sales effort never gained
traction. In an email to Reuters, the company noted "complexities
associated with doing business with North America’s government
sector."
Privately held Kaspersky said its U.S. revenue, most of which comes
from selling anti-virus software to consumers and small businesses,
slipped from $164 million in 2014 to about $156 million in 2016.
Some U.S. national security experts say Kaspersky is being treated
unfairly. Lee said he has long been bothered by the "public shaming"
of Kaspersky by people who make allegations without presenting
evidence.
The U.S. government has the right to choose not to use Kaspersky
products for any reason, he said, but "the way they are doing it" is
wrong.
"I don’t believe in geographic restrictions that say, 'Because
Kaspersky is a Russian-based company, therefore it is bad,'" said
former White House cybersecurity policy coordinator Michael Daniel.
"You would want your decision to be based on actual corporate bad
behavior."
(Reporting by Jim Finkle in Toronto, Dustin Volz in Washington and
Joseph Menn in San Francisco.; Editing by Jonathan Weber and Ross
Colvin.)
[© 2017 Thomson Reuters. All rights
reserved.]
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
