President Trump signed into law a bill that bans the Kaspersky Antivirus as well as any other software made by Kaspersky Labs from use in U.S. federal departments, agencies, or organizations. The law applies to any company that is controlled by Kaspersky in any way or in which it has majority ownership.
U.S. Government Bans Kaspersky
Earlier this year, a Wall Street Journal report backed by unnamed U.S. government sources said that hackers working for the Russian government stole documents from an NSA agent. The NSA agent in question took home classified data without permission, and because she was running the Kaspersky antivirus, the report alleged that this is how Kaspersky was able to identify the NSA documents.
Kaspersky has admitted that it identified the NSA files, but as soon as it did, the company deleted the documents its antivirus was able to capture for malware analysis. The antivirus firm also offered to allow independent parties to review its software code.
This response doesn’t seem to have convinced too many in Washington, because after the report, Congress has been scrambling to pass a bill that would ban the antivirus from federal agencies’ networks. The ban of Kaspersky’s software from the federal agencies’ networks was eventually written into the National Defense Authorization Act. The bill will go into effect from the start of 2018.
How It All Started
The whole situation seems to have started when an NSA agent, called Reality Winner, who seems to have been a source for some of The Intercept’s national security stories, took home some classified NSA documents. Kaspersky said that it encountered the documents by mistake, as the files were automatically uploaded to its cloud when the antivirus was scanning Winner’s computer.
This is one issue with cloud-based antivirus software - you have to have a high degree of trust in this type of security software when you’re allowing it to analyze every file you have in your computer and then to upload them to the vendor’s servers. Even Microsoft’s Windows Defender has a cloud component that is enabled by default these days.
The other side of the issue is that if Kaspersky wanted to look clean and not look like it stole the files or that it aided the Russian government to do that, it should have probably alerted the U.S. government about this incident itself.
It’s hard to imagine that wouldn’t have made the U.S. government believe its side of the story more, if the company was the one telling the government about the classified data being leaked by a potential rogue agent. In fact, with Kaspersky protecting multiple U.S. federal networks already, one could argue that was already part of its job.
However, Kaspersky didn’t do that, which makes everyone question the company’s motives and become more inclined to believe the accusations that it was somehow aiding the Russian government in stealing those files.
Dealing With The Aftermath
Regardless of whether or not Kaspersky had any role in Russian hackers obtaining the classified information, it looks like the U.S. government has already made-up its mind about the company, which should impact both Kaspersky’s bottom line as well as its reputation as a trustworthy security solution vendor. The company is now likely going to need to work extra hard to gain its customers' trust again.