cutimage - Fotolia

Kaspersky-Russian ties still unclear, despite FBI push

The specter of Kaspersky-Russian ties has reportedly led to an FBI campaign urging private organizations to drop Kaspersky Lab products; experts urge the FBI to share more evidence.

Concerns over how the FBI has handled the investigation into potential Kaspersky-Russian ties have led to some experts saying the FBI should be more transparent with evidence before it continues its push to get private companies to abandon Kaspersky Lab products.

Fear over potential Kaspersky-Russian ties has already led to Kaspersky Lab being removed from the list of approved U.S. government vendors. According to a new report, U.S. officials are not happy with how the FBI has conducted the subsequent investigation into Kaspersky Lab, saying the FBI has been too overt in attempts to get private companies to stop using the products.

A Kaspersky Lab spokesperson denied Kaspersky-Russian ties and said it would be "extremely disappointing" if the alleged briefings between the FBI and private companies actually occurred.

"The company doesn't have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against Kaspersky Lab," the spokesperson told SearchSecurity. "The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it's being treated unfairly, even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts."

According to reports by CyberScoop, former U.S. officials claim the FBI has deliberately leaked information and been hyperbolic in classified congressional briefings as a way to build support for its accusations of Kaspersky-Russian ties.

Kaspersky Lab said it has tried to be accommodating to the FBI's investigation.

"CEO Eugene Kaspersky has repeatedly offered to meet with government officials, testify before the U.S. Congress and provide the company's source code for an official audit to help address any questions the U.S. government has about the company, but Kaspersky Lab has only received a general reply from one agency at this time," the spokesperson said. "The company simply wants the opportunity to answer any questions and assist all concerned government organizations with any investigations, as Kaspersky Lab ardently believes a deeper examination of the company will confirm that these allegations are completely unfounded."

The FBI did not respond to requests for comment at the time of this post.

Jake Williams, founder of consulting firm Rendition InfoSec LLC in Augusta, Ga., said opening the code base probably wouldn't allay concerns of Kaspersky-Russian ties.

"If there's any lesson here for foreign companies, it's that the public burden of proof for the FBI to come after you is very low," Williams told SearchSecurity. "It's hard to see how this won't eventually hurt U.S. companies in other countries."

Experts debate the FBI case regarding Kaspersky-Russia ties

Williams added that if the FBI has evidence to support its claims of Kaspersky-Russian ties, it should be more transparent.

The whole public case seems to be that Kaspersky execs have ties to Russian intelligence earlier in their careers. That 'connection to intelligence' applies to a huge number of U.S. firms.
Jake Williamsfounder, Rendition InfoSec LLC

"So far, I don't think we've seen much of the case at all, so I'm not sure what we can say [about the FBI's case]. What's been released so far is less than convincing," Williams told SearchSecurity. "The whole public case seems to be that Kaspersky execs have ties to Russian intelligence earlier in their careers. That 'connection to intelligence' applies to a huge number of U.S. firms."

Tom Kellermann, CEO of Strategic Cyber Ventures in Washington, D.C., said he believes the FBI has the best interest of the public in mind and may not be able to release more information.

"If the FBI were to disclose all evidence, they would violate classification laws, which would hurt the U.S. government's capacity to leverage counterintelligence campaigns against the Russians," Kellermann told SearchSecurity.

Hank Thomas, partner and COO at Strategic Cyber Ventures, said dissecting federal investigations could "risk blowing tremendously complicated and expensive intelligence and counterintelligence operations."

"Kaspersky should firewall off his firm further from anything Russia, become far more transparent and bring in trusted leadership to run the company if he ever hopes to turn things around. But I doubt even that will help at this point," Thomas told SearchSecurity. "Even his industry colleagues, many competitors that have tried to defend him for years have given up. One in particular has shared with me that they have clear indications that Kaspersky products are totally compromised by the Russian security services."

Willy Leichter, vice president of marketing at Virsec, based in San Jose, Calif., said given the high stakes in the Kaspersky-Russia investigation, "the FBI should be more cautious and transparent if there is hard evidence."

"Many U.S. security companies have ties with government agencies that have, at times, raised eyebrows, such as RSA's alleged backdoors to the NSA [National Security Agency] for widely used encryption algorithms," Leichter told SearchSecurity. "Unfortunately, complex cybertechnology issues lead to easy political grandstanding, as few people understand the underlying technology. If substantiated, the allegations against Kaspersky are obviously serious. But without clear evidence, this could easily harm the broader security industry that relies on global cooperation to be effective."

Williams said the FBI shouldn't keep information closed off to the public.

"I have little doubt that the FBI is presenting additional information to some U.S. companies about why Kaspersky products are dangerous. But if Kaspersky is facilitating spying with the Russian government, then they -- and the Russian government -- already know what is being briefed," Williams said. "Only the public lacks the data to make an informed decision. But the argument that the FBI sharing data in closed circles will protect sources and methods seems hollow."

Next Steps

Learn the difference between symmetric and asymmetric encryption algorithms.

Find out how Microsoft changed Windows 10 antivirus policies under pressure from Kaspersky.

Get info on the FBI's investigating potential Trump campaign ties to Russia and the DNC breach.

Dig Deeper on Security operations and management