Security

CSO

Biden bans Kaspersky: No more sales, updates in US

Blockade begins July 20 on national security grounds as antivirus slinger vows to fight back


The Biden administration today banned the sale of Kaspersky Lab products and services in the United States, declaring the Russian biz a national security risk.

Commerce Secretary Gina Raimondo announced the crackdown today during a call with reporters. "Russia has shown it has the capacity – and even more than that, the intent – to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans," Raimondo told assembled hacks.

Under the prohibition, Uncle Sam will block the sale of Kaspersky software in the US to new customers beginning July 20 – and also ban the antivirus maker from distributing software updates and malware signatures to existing Stateside customers after September 29.

Raimondo said Kaspersky, based in Moscow, is basically at the mercy of Putin, and with its tools installed all over American computers, the antivirus maker could – ironically enough – be ordered or forced to act as a conduit into those systems by the Kremlin.

In an official statement, the US government revealed that an investigation into the developer found that:

… the company's continued operations in the United States presented a national security risk — due to the Russian Government's offensive cyber capabilities and capacity to influence or direct Kaspersky's operations – that could not be addressed through mitigation measures short of a total prohibition.

Kaspersky, in a lengthy statement to The Register, said it believed the White House "made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky's products and services."

The antivirus slinger also denied engaging "in activities which threaten US national security," and said it plans to "pursue all legally available options to preserve its current operations and relationships." You can read Kaspersky's entire statement at the bottom of this story.

The move follows a two-year US Department of Commerce probe that found the biz's products could vacuum up "valuable US business information, including intellectual property," along with US citizens' sensitive personal data, and hand it over to the Russian government for "malicious use."

Technically speaking, Kaspersky Lab Inc., the developer's US subsidiary, will be forbidden "from directly or indirectly providing antivirus software and cyber security products or services in the United States or to US persons."

And in addition to that, the Commerce Department's Bureau of Industry and Security (BIS) added AO Kaspersky Lab and OOO Kaspersky Group in Russia, and the UK's Kaspersky Labs Ltd, to its Entity List of foreign individuals and organizations deemed to be a national security risk. That will make it difficult to impossible for Americans to do any legal business with the trio as well as the US-based unit.

Those three foreign Kaspersky entities, we're told, were added for their "cooperation with Russian military and intelligence authorities in support of the Russian Government's cyber intelligence objectives."

Long time in the making

Today's actions by the Biden administration follow earlier moves to kick Kaspersky products out of US government networks.

In 2017, Homeland Security issued a directive requiring federal agencies to remove and discontinue use of Kaspersky products on their IT systems. Shortly after, reports surfaced that Russian government snoops used Kaspersky antivirus software to steal classified material from a PC belonging to an NSA contractor.

In response, Kaspersky Lab offered to open up its source code for third-party review.

A year later, the National Defense Authorization Act (NDAA) for Fiscal Year 2018 prohibited the use of Kaspersky by the Feds.

And in March 2022, shortly after the start of Russia's illegal invasion of Ukraine, the FCC added Kaspersky products and services to its "list of communications equipment and services that pose a threat to national security." 

Meanwhile, the Biden administration hasn't responded to Microsoft's repeated infosec failings – which lawmakers have warned pose "a serious national security threat."

These shortcomings were the topic of a congressional hearing last week, and a Homeland Security investigation that found Microsoft's "avoidable errors" allowed Beijing's cyber spies to steal tens of thousands of sensitive emails from the Microsoft-hosted Exchange Online inboxes of high-ranking US government officials. ®

Kaspersky's statement

Kaspersky is aware of the decision by the US Department of Commerce to prohibit the usage of Kaspersky software in the United States. The decision does not affect the company's ability to sell and promote cyber threat intelligence offerings and/or trainings in the US. Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted third party, Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky's products and services. Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies. The company intends to pursue all legally available options to preserve its current operations and relationships. 

For over 26 years, Kaspersky has succeeded in its mission of building a safer future by protecting over a billion devices. Kaspersky provides industry-leading products and services to customers around the world to protect them from all types of cyber threats, and has repeatedly demonstrated its independence from any government. Additionally, Kaspersky has implemented significant transparency measures that are unmatched by any of its cyber security industry peers to demonstrate its enduring commitment to integrity and trustworthiness. The Department of Commerce's decision unfairly ignores the evidence. 

The primary impact of these measures will be the benefit they provide to cyber crime. International cooperation between cyber security experts is crucial in the fight against malware, and yet this will restrict those efforts. Furthermore, it takes away the freedom that consumers and organizations, large and small, should have to use the protection they want, in this case forcing them away from the best anti-malware technology in the industry, according to independent tests. This will cause a dramatic disruption for our customers, who will be forced to urgently replace technology they prefer and have relied upon for their protection for years. 

Kaspersky remains committed to protecting the world from cyber threats. The company's business remains resilient and strong, marked by an 11 percent growth in sales bookings in 2023. We look forward to what the future holds, and will continue to defend ourselves against actions that seek to unfairly harm our reputation and commercial interests. 

Send us news
111 Comments

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

But can you really take crims at their word?

BlackBerry offloads Cylance's endpoint security products to Arctic Wolf

Fresh attempt to mix the perfect cocktail of IoT and Infosec

US reportedly mulls TP-Link router ban over national security risk

It could end up like Huawei -Trump's gonna get ya, get ya, get ya

Microsoft won't let customers opt out of passkey push

Enrollment invitations will continue until security improves

Blocking Chinese spies from intercepting calls? There ought to be a law

Sen. Wyden blasts FCC's 'failure' amid Salt Typhoon hacks

Australia moves to drop some cryptography by 2030 – before quantum carves it up

The likes of SHA-256, RSA, ECDSA and ECDH won't be welcome in just five years

How Androxgh0st rose from Mozi's ashes to become 'most prevalent malware'

Botnet's operators 'driven by similar interests as that of the Chinese state'

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right?

Suspected LockBit dev, facing US extradition, 'did it for the money'

Dual Russian-Israeli national arrested in August

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns

Boffins trick AI model into giving up its secrets

All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days

Phishers cast wide net with spoofed Google Calendar invites

Not that you needed another reason to enable the 'known senders' setting