Kaspersky Lab US staff grilled by Feds in nighttime swoop
Also, update your Kaspersky Anti-Virus File Server – before you get hacked
Several employees of Russian security vendor Kaspersky Lab got an unpleasant surprise on Tuesday night when FBI agents popped round to their residences for a chat.
Staff in the US were visited and agents reportedly told them that they weren't under criminal investigation, but that the Feds would just like some information about how the company operates and shares information with its home office in Russia.
"As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts," a company spokeswoman told The Register.
"Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations. Kaspersky Lab is available to assist all concerned government organizations with any ongoing investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded."
It doesn't appear that the Feds were visiting as part of the investigation into possible links between Russia and the Trump campaign. But the security firm doesn't have many friends in the US government at the moment.
In May, five US spy bosses and the then-acting FBI chief told Congress that they didn't trust Kaspersky's code and wouldn't have it on their PCs. The company's founder Eugene Kaspersky hit back the same day by offering to visit Congress to defend the Lab against claims that it colludes with the Russian government.
"I think that due to political reasons, these gentlemen don't have an option, and are deprived from the opportunity to use the best endpoint security on the market without any real reason or evidence of wrongdoing from our side," he said.
For the past few years, there have been a number of allegations and hit pieces written about Kaspersky Lab and its eccentric founder. They claim that the firm has close ties with the Russian intelligence services. Hard evidence has, however, been presumably non-existent and European law enforcement is happy to work with Kaspersky.
On one level, the company hasn't helped itself, thanks to a series of dodgy statements about the likelihood of state spying hitting users and aborted support for internet passports to help identify users. But that doesn't explain the constant drip drip of supposition and speculation.
Certainly Russia isn't popular over here in the Land of the FreeTM, and Kaspersky's competitors such as Symantec, McAfee, and Microsoft wouldn't weep salt tears if the government acts against it – particularly in light of the Russian firm's comments about Microsoft's supposedly monopolistic antivirus software.
But the FBI visits are going to pile on the pressure for the Feds to put up or shut up when it comes to allegations of collusion. After years of claims and counter-claims, the authorities should make their minds up and either move on their suspicions or publicly clear Kaspersky. ®
PS: Kaspersky today patched various remote and locally exploitable security holes (CVE-2017-9813, CVE-2017-9810, CVE-2017-9811, CVE-2017-9812) in its Anti-Virus File Server. Make sure you've grabbed the latest updates – namely, Maintenance Pack 2 Critical Fix 4 (version 220.127.116.112).
Sponsored: Becoming a Pragmatic Security Leader