GCHQ “Kaspersky anti virus may leak state secrets to Russia”
Britain’s National Cyber Security Centre (NCSC), part of the GCHQ spy centre, has issued a warning about anti-viral software manufactured by the Russian company Kaspersky Lab.
Commenting on Sky News, CSRI Chair Peter Warren said that this is not a surprising claim since the Russians are building their own version of the internet and KL, the company founded in 1991 by software developer Eugene Kaspersky, had been involved in this development.
Warren explains in the interview that anti viral software works by sending back data from the machines it protects to servers in its own country of origin for processing. “ People don’t want that processing to happen on their own machines, because it slows them down” he notes.
The CSRI chair advised that the only way for nation states to protect themselves from this possible threat to national security is to develop their own trusted anti viral software. And Warren commented that a new Cold War is emerging in cyberspace. The USA and Russia are making claims and counter claims about allegations that Russia’s Vladimir Putin orchestrated a social media campaign to discredit presidential candidate Hillary Clinton and resulted in Donald Trump being elected President of the United States of America.
However, the warning about Kaspersky did not come from the USA ( although the software was banned https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01 all federal agencies in September 2017 by the Department of Homeland Security)
In the UK, the NCSC’s Ian Levy, writing in his blog https://www.ncsc.gov.uk/blog-post/managing-supply-chain-risk-cloud-enabled-products, said he was prompted to issue the warning by Prime Minister Theresa May, who claimed in her annual Mansion House speech to business leaders that Russia poses a threat to British interests in cyber space.
Is the software from a ‘naughty country’?
Levy’s blog says: “We’ve said for years that in today’s technological environment, virtually every significant network incorporates foreign technology…. But it’s much more complicated than saying ‘company A is from naughty country X so we should use company B from nice country Y instead’. The official government advice is not to panic: “ We don’t want people to go around ripping out Kaspersky” says Levy, urging a more nuanced approach.
But already Barclays bank has decided to discontinue its practice of offering free Kaspersky software to new customers.
Meanwhile the company at the centre of the controversy denies any wrongdoing, CSRI requested an interview with its founder Eugene Kaspersky and the company spokesperson Stephanie Fergus responded: “We are disappointed Barclays has decided to discontinue offering Kaspersky Lab anti-virus to new customers.
“It’s very important to note that the NCSC is not encouraging consumers or businesses against using Kaspersky Lab software:…’we see no compelling case at present to extend that advice to wider public sector, more general enterprises, or individuals… We really don’t want people doing things like ripping out Kaspersky software at large, as it makes little sense’.” Says Fergus referring to a blog on the NCSC website: https://www.ncsc.gov.uk/blog-post/managing-supply-chain-risk-cloud-enabled-products
Kaspersky Labs also told the Guardian that it is “caught in the middle of a geopolitical fight” and is being “treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts.”