The Biden administration today banned the sale of Kaspersky Lab products and services in the United States and declared the Russian sector a national security risk.
Commerce Secretary Gina Raimondo announced the crackdown today during a call with reporters. “Russia has shown that it has the capacity – and even more than that, the intention – to exploit Russian companies like Kaspersky to collect and weaponize Americans’ personal information,” Raimondo told Gathered Hacks.
Under the ban, Uncle Sam will block sales of Kaspersky software in the US to new customers starting July 20 – and also ban the antivirus maker from distributing software updates and malware signatures to existing customers in the United States after September 29.
Raimondo said that Kaspersky, based in Moscow, is effectively at Putin’s mercy, and that with the tools installed on all American computers, the antivirus maker could – ironically – be ordered or coerced by the Kremlin to act as a conduit to those systems on to step.
In an official statement, the US government revealed that an investigation into the developer found that:
Kaspersky, in a lengthy statement The registersaid it believed the White House “made its decision based on the current geopolitical climate and theoretical concerns, rather than on a comprehensive assessment of the integrity of Kaspersky’s products and services.”
The anti-virus slinger also denied engaging in “activities that threaten U.S. national security,” saying it plans to “pursue all legally available options to maintain its current operations and relationships.” You can read Kaspersky’s full statement at the bottom of this story.
The move follows a two-year investigation by the U.S. Department of Commerce that found the company’s products were able to suck up “valuable U.S. business information, including intellectual property,” along with sensitive personal data of U.S. citizens, and provide it to the Russian government could hand over for ‘malicious use.”
Technically, Kaspersky Lab Inc., the developer’s U.S. subsidiary, will be prohibited “from directly or indirectly offering antivirus software and cybersecurity products or services in the United States or to U.S. persons.”
And in addition, the Commerce Department’s Bureau of Industry and Security (BIS) has added AO Kaspersky Lab and OOO Kaspersky Group in Russia, and Britain’s Kaspersky Labs Ltd, to the Entity List of foreign individuals and organizations considered a national security organization . risk. That will make it difficult to impossible for Americans to do legal business with both the trio and the US-based unit.
These three foreign Kaspersky entities, we are told, were added because of their “cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives.”
Long time in the making
The Biden administration’s actions today follow previous steps to ban Kaspersky products from US government networks.
In 2017, Homeland Security issued a directive requiring federal agencies to remove and discontinue Kaspersky products from their IT systems. Shortly afterwards, reports surfaced that Russian government spies used Kaspersky antivirus software to steal classified material from an NSA contractor’s PC.
In response, Kaspersky Lab offered to open the source code to third-party review.
A year later, the National Defense Authorization Act (NDAA) for fiscal year 2018 banned the Fed’s use of Kaspersky.
And in March 2022, shortly after Russia’s illegal invasion of Ukraine began, the FCC added Kaspersky products and services to its “list of communications equipment and services that pose a threat to national security.”
Meanwhile, the Biden administration has failed to respond to Microsoft’s repeated information security failures — which lawmakers have warned pose “a serious threat to national security.”
These shortcomings were the subject of a congressional hearing last week, and a Homeland Security investigation that found Microsoft’s “avoidable mistakes” allowed Beijing’s cyber spies to steal tens of thousands of sensitive emails from Microsoft’s hosted Exchange Online inboxes of high-level US governments. civil servants. ®
Kaspersky’s statement
Kaspersky is aware of the decision by the US Department of Commerce to ban the use of Kaspersky software in the United States. The decision will not affect the company’s ability to sell and promote cyber threat offerings and/or training in the US. Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted third party, Kaspersky believes that the Commerce Department made its decision based on the current geopolitical climate and theoretical concerns, rather than based on a comprehensive assessment of the situation. integrity of Kaspersky’s products and services. Kaspersky does not engage in activities that threaten U.S. national security and, in fact, has made significant contributions through its reporting and protection against a variety of threat actors targeting U.S. interests and allies. The Company intends to pursue all legally available options to maintain its current operations and relationships.
For more than 26 years, Kaspersky has succeeded in its mission to build a more secure future by protecting more than a billion devices. Kaspersky provides leading products and services to customers around the world to protect them against all types of cyber threats, and has repeatedly demonstrated its independence from any government. In addition, Kaspersky has implemented significant transparency measures unmatched by its peers in the cybersecurity sector to demonstrate its continued commitment to integrity and reliability. The Commerce Department’s decision unfairly ignores the evidence.
The main impact of these measures will be the benefit they bring to cybercrime. International cooperation between cybersecurity experts is crucial in the fight against malware, but this will still limit these efforts. Furthermore, it takes away the freedom that consumers and organizations, large and small, should have to use the protection they want, in this case forcing them to forego the best anti-malware technology in the industry, according to independent tests. This will cause dramatic disruption for our customers, who will be forced to urgently replace the technology they prefer and have relied on for their protection for years.
Kaspersky remains committed to protecting the world from cyber threats. The company’s business remains resilient and strong, marked by 11 percent growth in sales bookings by 2023. We look forward to what the future holds and will continue to defend against actions aimed at unfairly damaging our reputation and commercial interests harm.