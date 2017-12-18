Kaspersky Sues US Government Over Antivirus Ban
Kaspersky announced that it launched a lawsuit against the Trump administration arguing that the U.S. government’s ban of its software lacked due process and evidence of harm.
Kaspersky's Ban On U.S. Federal Networks
This September, the Department of Homeland Security (DHS), issued a directive to civil agencies to stop using Kaspersky software within 90 days after concerns that the antivirus may help the Russian government in infiltrating U.S. networks and stealing sensitive information.
The government previously accused Kaspersky of stealing classified information from a national security whistleblower called Reality Winner. Kaspersky admitted that it got the documents in a routine scan of Winner’s personal computer, but it said it immediately deleted those files once it learned what they were. It also offered to allow independent parties to review its antivirus’ source code, but the government didn’t think that was sufficient.
Last week, the new National Defense Authorization Act of 2018 included a clause that would ban any Kaspersky or Kaspersky-associated software from being used in the U.S. federal government. Guilty or not, this seems to have left Kaspersky no choice but to sue the U.S. government in order to save its reputation (and revenue).
Kaspersky’s Open Letter
Along with the lawsuit, Kaspersky also wrote an open letter to the U.S. government. The company argued that it has not been given the opportunity to defend itself properly before its technology was banned from use on federal networks. This has harmed its reputation and revenue, and Kaspersky believes that such actions violated the U.S. Constitution, more specifically the right to due process.
The company said that the U.S. government relied mainly upon uncorroborated media reports, not evidence, to support its conclusion that the Kaspersky antivirus is a security risk for U.S. federal networks.
Kaspersky also noted that although the revenue it obtained from licensing its software to U.S. federal agencies was only a small percentage of its revenue, the ban on its software had a disproportionate negative effect both in the U.S. as well as globally.
Kaspersky is now suing the U.S. government to try and repair that damage to its sales as well as its reputation (presuming the U.S. court will find Kaspersky innocent).
I can only assume the lawsuit will be with regard to the accusations (or insinuations) that Kapersky was engaging in espionage/colluding with the Russian government. Maybe alleging slander or libel, resulting in damages to Kapersky's reputation and therefore profits. Because you're right, suing the government just for not using your software doesn't make any sense.
The government could very well be the instigator here, embedding things in their files to see where they end up.
The user in this case, Reality Winner, took documents from her work facility, which she wasn't supposed to do. This doesn't exactly strike me as the behavior of the most stellar computer user or employee. It isn't as though Kaspersky breached any sort of high security measures to acquire the documents. The initial breach seems to have been via sneaker net.
Finally, cloud based software solutions have to be expected to be hosted and operate, in the cloud, which means it can be anywhere in the world. Since Kaspersky Lab is headquartered in Moscow, it doesn't strike me as a far fetched idea that perhaps their cloud based servers are somewhere in say, Russia.
If you want cloud based antivirus software, but don't want it based in Russia, don't use Kaspersky. If however you choose to use Kaspersky, you don't exactly have a lot of room to complain when a document that triggers automatic sample submission ends up in Russia. I think ultimately it boils down to the poor decisions made by the NSA agent.
The AV program is there to look for malware, and its heuristic algoritms were successful in identifying this previously unknown malware as such.
As per standard practice any new malware found is transmitted to Kaspersky for further evaluation and also to be more easily recognized when found later on.
Once Kaspersky realised that this was "secret" software developed by the user and intentionally placed on the computer they deleted their own copies.
Yes, the gov can use what software they want, but they can't publicly defame a brand without proof.
I can only assume that this goes both ways: Assuming Kaspersky does have ties to the Russian gov one must also take for granted that US based companies have similar ties to the US government and thus should be banned for use outside the US. ... and that won't be a problem for those companies, right?
On the other hand, why would you not assume if you otherwise do not know, that a company based abroad would not send your files abroad? Nothing about cloud services presumes or requires that a server be located in a particular geographic area unless this is a stipulation of agreement in the cloud services contract. Does it really matter where in fact Kaspersky sent the files? Whether Russians are looking at the files in say, America, or Russia, or if the files first went to cloud servers in the USA, would hardly make the fact that the files were in Russian hands any less problematic. Why would a Moscow based company store and analyze sample submissions in the United States?
Here are Kaspersky's own words on the subject:
During installation of KAV there is a giant checkbox that allows you to either turn on or turn off Kaspersky Security Network.
If you did not turn it off you have no right to act all offended that "hurr durr Kaspersky takes my files".
Also, GJ, KAV, sue them well. Antivirus found out NSA malware which is exactly what its supposed to do and US gov made a shitstorm out of it based on "anonymous sources" (as always) and their lackey media agencies all referring to same "anonymous source".
Its one thing to internally change policies in gov sector and issue a swap of software, its completely other thing to make public announcemen and start a media shitstorm that hurts company public image.
I've never recommended Kaspersky to anyone, even when I worked at Best Buy and they wanted me to push software like that.
Malwarebytes for the win!
Or you can do what I do... Infection? Format c:\
The NSA person screwed up. The Kaspersky software reacted exactly as it was meant to do, it was the decision making processes at home base that are in question, again imho.
How far is Kaspersky Lab required to go in the protection of each client? Are they required to inform all of their users when documents that are supposed to be on Computer A end up triggering automatic sample submission on Computer B? Personally, that's more information about documents than I feel any antivirus company should be in possession of. If antivirus companies started emailing me every time my data files moved from one computer to another, not only would that cause a massive spike in network traffic, that would be a significant nuisance, which would end up being relegated to the ignore list, to the point the notices would lose their effectiveness.
Kaspersky has no preordained knowledge of what files belong on which computers when they are scanning it, other than the standard fare on all PCs running the same OS. Saying it is in Kaspersky's duty to start acting like a nanny would go a long way toward damaging their brand image.
When NSA documents were found in their possession, Kaspersky deleted them. How much further they are required to go is something that can be argued about, but unless the US government was specifically contracting for more than the standard services being offered, I would say Kaspersky upheld their end of the deal.
Many here have commented with the assumption the Reality Winner made "errors" or used "poor judgement". Her stealing and releasing of NSA documents was deliberate. I find it an interesting and unlikely coincidence that she was a deliberate mole and also happened to use Kasperkey software on her home computer. I wonder if that was recommended to her by someone? Perhaps by one of the organizations she leaked the documents too or others. The fact that the software may be adversarial to and good at detecting American spyware would recommended it from those perspectives.
Others have said that the the documents that Kaspersky loaded and then identified as NSA secure documents must have been "malware" or NSA spyware. I don't see that supported anywhere in the public record.
Again, if Kaspersky has previously sold their services without explicitly disclosing that they've been moving client data outside a country they would obviously not have been on such ban list. This revelation would obviously have changed that.