Kaspersky’s U.S. Ban: A Long History of Espionage, KGB, NSA, and Edward Snowden

Why Trust Techopedia
KEY TAKEAWAYS

  • The U.S. government may extend the existing ban on Kaspersky Lab software, currently limited to federal agencies, to affect all citizens and U.S. companies.
  • This ban is rooted in suspicions about Kaspersky's links to Russian intelligence and concerns over potential security vulnerabilities in its software.
  • Kaspersky's anti-malware products have the capability to access significant amounts of user data, raising fears that this data could be shared with Russian authorities if required.
  • Previous incidents, including alleged connections between Kaspersky and the Russian Federal Security Service (FSB), revelations from Edward Snowden's leaks, and research exposing U.S. intelligence activities, contribute to the distrust surrounding the company.

After aiming its guns at TikTok, the U.S. government is once again working to ban another company. This time it’s Kaspersky, the Russian cybersecurity company, known by some for being a major player in the international security sector and by others for its close links to Russia and its agenda.

On April 9, CNN reported that the Biden administration was taking “unusual steps” by issuing an order that would ban U.S. companies and citizens from using software developed by Kaspersky Lab, due to national security concerns. The ban is expected to be implemented in April through the new Commerce Department authorities.

Techopedia sat with Irina Tsukerman, a national security and human rights lawyer, to understand Kaspersky’s history, the importance of the ban, and what’s at stake.

Kaspersky Links to Russia’s FSB: 2012-2017 Incidents

The move to ban Kaspersky operations in the U.S. is not new. In 2017, the U.S. prohibited all federal agencies from using Kaspersky products. And again in March 2022, one day after Russia invaded Ukraine, Reuters reported that the American government privately warned U.S. companies that Moscow could manipulate software designed by Russian cybersecurity company Kaspersky to cause harm.

Tsukerman broke down the role of Kaspersky under heightened tensions between the U.S. and Russia and the escalation of cyberwarfare, and espionage.

“As U.S.-Russia relations deteriorated, and Russia has come to be perceived as more of a threat, the role of cyberwarfare expanded exponentially, with the role of security agencies such as Kaspersky [allegedly] being used by the state for espionage.”

Why the U.S. Wants to Ban Kaspersky Nationally

While federal agencies in the U.S. are already banned from using Kaspersky Lab software, banning citizens and companies in the country from doing the same is a move that many call historic and unprecedented.

Sources close issue to CNN that the U.S. government has believed for years that the Russian government could force the company to hand over data or use its anti-virus software to attempt to carry out hacking or surveillance of Americans — accusations that Kaspersky Lab denies.

Tsukerman said that action would ban private companies in the U.S. from engaging with particular Kaspersky products and services and, on the other hand, would also ban the company from exporting particular products and services into the U.S.

“Worth noting that this is not yet a total ban on all of Kaspersky’s operation, and interestingly, Kaspersky has not yet been added to a sanctions blacklist, despite concerns about the misuse of its products and services.”

“Some of the risks under consideration include potential harm to critical U.S. infrastructure,” Tsukerman said.

“And in particular, the focus appears to be Kaspersky’s anti-virus software.”

While Kaspersky has not made it to the U.S. government sanction blacklist, in 2017 and 2022, the U.S. government has taken action against its operations.

For example, on March 25, 2022, the U.S. Federal Communications Commission (FCC) blacklisted Kaspersky along with China Telecom and China Mobile.

Tsukerman explained how this new action is different from others.

“The most recent move [likely] follows a U.S. Commerce Department determination of a likely threat.”

Tsukerman added that Kaspersky Lab was not just a U.S. problem but a wider one.

The allegations that Kaspersky works with the FSB have been ongoing for several years, as Bloomberg reported in 2017. These allegations resurfaced after Russia invaded Ukraine and are now picking up even greater momentum.

The U.K. National Cyber Security Centre (NCSC) has also addressed threats and risks of using Russian cybersecurity and technology products, highlighting Kaspersky Antivirus (AV).

“We explained the risks and advised those national security departments in government to ensure they weren’t using Russian products, like Kaspersky antivirus (AV),” NCSC said.

Russian Intelligence: The Origin and Early History of Kaspersky

As Forbes reports, the “father” of Kaspersky is Eugene Kaspersky — who graduated from a KGB-sponsored education institution. Eugene “became interested” in cybersecurity in the early 1990s, and in 1997, Eugene Kaspersky founded the Kaspersky Lab and led the company’s antivirus research.

Tsukerman spoke about Eugene Kaspersky and questioned his links to Russian intelligence agencies.

“Eugene Kaspersky’s prior work for the Russian military and his education at a KGB-sponsored technical college (cryptography) has led to allegations of being employed by Russia to expose U.S. cyberweapons, though he denies this.

“It is widely believed that anyone who has ever worked for any of Russia’s military or security agencies remains under scrutiny or affiliated with those agencies even after transitioning to the private sector. “

By 2016, the company Eugene had founded as a young engineer had become the largest cybersecurity software vendor in Europe. Today, it is believed to have more than 400 million individual customers and 240,000 companies that trust its security programs.

“Moreover, Russia’s state penetration of the private sector has increased significantly over time,” Tsukerman said.

Kaspersky Lab changed course in 2012, when “high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia’s military or intelligence services,” Tsukerman claimed.

Bloomberg reported in 2015 that “some of these people actively aided criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers”.

Kaspersky Targets U.S. Intelligence Ops

In 2017, after the U.S. government banned federal agencies from using Kaspersky products, there was an allegation that hackers working for the Russian government used Kaspersky antivirus software to steal classified material from a home computer belonging to an NSA contractor.

Tsukerman spoke about the allegations, which were first reported by the Wall Street Journal on October 5, 2017, in a report titled “Russian Hackers Stole NSA Data on U.S. Cyber Defense”.

“According to the report, the incident occurred in 2015 and remained undiscovered until early 2016. The stolen material reportedly included ‘details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying, and how it defends networks inside the U.S.’

The New York Times reported that the hacks had been discovered by Israeli intelligence agents who had themselves hacked into Kaspersky’s network and recorded in real-time how queries were being made for keywords on user machines.”

Kaspersky denied those allegations strongly in a blog post.

Operation Slingshot: Kaspersky Exposes U.S. Intelligence Operation Targeting ISIS and Al-Qaeda

In 2018, the Association of Former Intelligence Officers (AFIO) reposted an article from Cyberscoop that claimed that Kaspersky had exposed an active, U.S.-led counterterrorism cyber-espionage operation.

Current and former U.S. intelligence officials, speaking to the media, said the operation was used to target ISIS and al-Qaeda members and represented a U.S. military program run out of Joint Special Operations Command (JSOC), a component of Special Operations Command (SOCOM).

Kaspersky’s exposure report, on what they called Slingshot, did not mention by name the actors behind these operations.

Tsukuerm spoke about the incident.

“The result of the revelation led to a legal fight between the U.S. government and Kaspersky after Kaspersky publicly revealed operation “Slingshot”, an active operation, which compromised thousands of devices through breached routers in various African and Middle Eastern countries, including Afghanistan, Iraq, Kenya, Sudan, Somalia, Turkey, and Yemen,” Tsukerman said.

“It’s not only the tools that are at issue with Kaspersky but the political and intelligence agenda behind its operations.”

The Kaspersky Game Plays Out Again Against the NSA

The “intelligence game” between the NSA and Kaspersky continued to play out.

On February 17, 2015, Reuters reported that Kaspersky exposed an NSA cyber espionage program that hid spyware deep within hard drives made by Western Digital, Seagate, Toshiba, and other top manufacturers. While Kaspersky restrained from publicly naming the agency behind the campaign, they said it was closely related to Stuxnet, an NSA-led cyberweapon.

“Kaspersky itself revealed clandestine NSA programs, which included how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba, and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers,” Tsukerman said.

“This revelation was only one of a series of scoops revealing Western spying operations revealed by Kaspersky.

“The focus on Western intelligence agencies and the failure to reveal Russian, Chinese, and other non-Western spy programs contributed to Kaspersky’s image as a tool of the Russian intelligence agencies.”

An Edward Snowden-Kaspersky Link?

In June 2015, after The Intercept released new Edward Snowden documents, the international press reported that the NSA and U.K.’s Government Communications Headquarters (GCHQ) had been targeting Kaspersky using hacking techniques.

Tsukerman said that these documents added an interesting development to the Snowden original leaks.

“They revealed that NSA had targeted Kaspersky along with the GCHQ and that apparently Kaspersky had been engaged in a sort of intelligence game with the U.S. and British security agencies despite claiming to be a private company”.

Tech media such as ZDNet then reported that based on these newly leaked documents, the NSA and GCHQ had “been reportedly reverse engineering Kaspersky Lab and other anti-virus security companies since 2008.

“NSA and GCHQ apparently reversed engineered some of the Kaspersky software,” Tsukerman said.

“The concept that anti-virus software can be used as a spyware tool was substantiated by these incidents and resurfaced in much later and much more sophisticated operations and stand-offs among spyware producers and intelligence agencies.”

When Edward Snowden fled to Hong Kong and later Russia, many argued he was more than a whistleblower and had, in fact, been recruited by foreign intelligence agencies before escaping the U.S. While there is no concrete evidence to these accusations, some in the intelligence community still had their say.

Jack Devine, a 32-year veteran of the CIA, told Politico in 2014 that Snowden was “the kind of guy” he used to recruit in Russia.

“The Russians weren’t slouches either in searching for sources of classified information. They were looking for their Snowdens too. You don’t have to go back too far to see their success in recruiting American spies with unique access.”

How Anti-Malware Kaspersky Technology Works

Like any other antivirus or anti-malware, Kaspersky security solutions intercept every access to a file and scan it for known malware and viruses. Tsukerman explained how this tech can pose a national security threat.

“The component starts upon the operating system’s startup, continuously remains in the computer’s RAM, and scans all files that are opened, saved, or launched on your computer and all connected drives,” Tskurman said.

“However, because the scan has access to the most sensitive data on computer systems, it can easily gather private data just as much as it is used to detect known threats.”

The U.S. Government has claimed numerous times that this type of technology poses a threat because if the FSB requests that data, a Russian company like Kaspersky would have to comply and share customer data.

Additionally, experts say that through regular software updates, malicious payloads, malware, spyware, and backdoors can be automatically installed.

Tsukerman explained that Kaspersky has also exposed NSA global operations and reverse-engineered NSA tools, as already mentioned in this report.

“The (Kaspersky) anti-virus is not the only known threat. Kaspersky’s leaks of U.S. intelligence operations and reverse engineering of various tools have proven to be just as concerning.”

Will the U.S. Continue To Ban Foreign Digital Operations?

The actions against Kaspersky —- while taking a different road than the TikTok ban (now passing through Congress) — seem to signal historic new actions by the U.S. to control national digital space.

Techopedia asked Tsukerman if this U.S. government trend will continue and if more organizations will be banned in the near future.

“So far, only I-Soon, a Chinese commercial spyware company that was recently revealed to be assisting the Chinese intelligence operations, has faced a similar level of scrutiny and a similar level of substantiation of activities leaked to a hostile foreign government agenda.”

“However, the U.S. has already cracked down on several Israeli and Israel-linked commercial spyware companies, such as NSOGroup, Cundiru, and the Intellexa Consortium, after reports about the alleged targeting of U.S. officials and a strong campaign lobbying for the ban of these companies by a number of organizations,” Tsukerman said.

“The conclusion from the big picture is that the U.S. government will readily intervene even in the private cybersecurity sector depending on what is at stake and how this information is presented.”

“There is no question that the U.S. government is likely to intervene in the near future,” Tsukerman added.

“In the current escalating climate, the examination of suspect companies in outright hostile states such as Russia, China, and Iran may accelerate a bit, but as the record shows, friendly companies that may be competitive with the U.S. commercial spyware sector are still more likely to be targeted outright banned than companies linked to hostile foreign intelligence in the current framework.”

The Bottom Line

The U.S. government’s moves against Kaspersky products stem from long-standing concerns about the company’s ties to Russian intelligence agencies and the potential national security risks posed by its software.

The founder’s KGB background and alleged FSB connections raise suspicion about the company’s neutrality, while Kaspersky’s anti-malware software has access to a vast amount of user data, which could be shared with Russian authorities if compelled.

Additionally, the Moscow-based company has a history of controversy. Kaspersky’s exposure of U.S. intelligence operations and its own alleged involvement in cyber espionage further erode trust.

This is not an isolated event — it reflects a broader policy shift in the U.S., with the government taking a more aggressive stance towards foreign digital operations, especially those perceived as a threat.

Kaspersky is not the first major company to face U.S. bans and will likely not be the last, particularly as tensions with Russia and other countries continue to rise.

Related Terms

Related Article