US intel chiefs express doubts about Kaspersky security software

A picture taken on October 17, 2016 shows Yury Namestnikov, the head of Kaspersky's Russian research and analysis department, speaking during an interview with AFP at the company's headquarters in Moscow. / AFP PHOTO / Kirill KUDRYAVTSEV / TO GO WITH AFP STORY BY Thibault MARCHAND
A picture taken on October 17, 2016 shows Yury Namestnikov, the head of Kaspersky’s Russian research and analysis department, speaking during an interview with AFP at the company’s headquarters in Moscow. / AFP PHOTO /

WASHINGTON, United States (AFP) – Top United States intelligence chiefs on Thursday publicly expressed doubts about the global cybersecurity firm Kaspersky Labs because of its roots in Russia.

Six leading intelligence officials told a Senate hearing on external threats to the UUS of their concerns over the firm’s broad presence, without specifying any particular threat.

Asked if he was aware of a security threat tied to Kaspersky software, Federal Bureau of Investigation acting director Andrew McCabe replied: “We are very concerned about it and we are focused on it very closely.”

Defense Intelligence Agency director Lieutenant General Vincent Stewart said his agency is avoiding the company’s products.

“There is, as well as I know, no Kaspersky software on our networks,” he said, adding that the agency’s private sector contractors are also steering clear.

Also indicating their concerns in brief were the heads of the Central Intelligence Agency, the National Security Agency, the National Geospatial Intelligence Agency and the Director of National Intelligence.

“I am personally aware and involved as director of the National Security Agency in the Kaspersky Lab issue,” NSA head Mike Rogers said.

Kaspersky was founded in Moscow in 1997 by Eugene Kaspersky, a computer engineer who served in the Russian military.

The company quickly expanded to a global presence, with 3,600 employees, 400 million users of its software, and revenue of some $620 million in 2015, according to its website.

Its antivirus programs regularly rank in the top five of such software for personal and business computers.

But US officials have expressed doubts over its recruitment of some staff with alleged links to Russian defense and intelligence bodies.

Some worry that it might offer Russian intelligence a secret backdoor into users’s computers. US officials are particularly worried that foreign hackers could penetrate US infrastructure via suspect software and malware.

Kaspersky denied having ties to any government.

“The company has never helped, nor will help, any government in the world with its cyber espionage efforts,” it said in a statement Thursday.

“Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations.”

Commenting on Reddit Thursday, Eugene Kaspersky also said his company had no links to the Russian government, offering to testify in the Senate.

“I respectfully disagree with their opinion, and I’m very sorry these gentlemen can’t use the best software on the market because of political reasons,” he said, referring to the intelligence chiefs.

Front-door access

The allegations against Kaspersky come amid heightened US concerns over Russian hacking after what intelligence chiefs say was a significant effort directed by Russian President Vladimir Putin to interfere with last year’s election.

President Donald Trump’s former national security advisor Michael Flynn is under investigation for his links to Russia, which include being paid $11,250 to speak at a Kaspersky function.

But Sean Kanuck, a former CIA officer who was the first US national intelligence officer for cyber issues, said the worries about Kaspersky have mainly come from US lawmakers who don’t understand that it gets paid by companies and US government agencies to have “front-door” access to their systems.

“That means that any Congressional questions about ‘back doors’ in Kaspersky products reflect a certain naivete, because many of Kaspersky’s clients are intentionally paying for full-content monitoring on their networks.”