SCOLD WAR: Kaspersky drags Uncle Sam into court to battle AV ban

Russian biz sues US govt for torpedoing anti-malware tool installations

By Shaun Nichols in San Francisco

Posted in Security, 18th December 2017 22:14 GMT

Embattled Russian security software maker Kaspersky Lab has taken the American government to a US federal court to overturn Uncle Sam's ban on its antivirus tools.

The Moscow-based developer claimed the US Department of Homeland Security acted illegally when, back in September, the department publicly told federal agencies they could no longer use any Kaspersky products on their machines.

Kaspersky argued that the order, known as binding operational directive 17-01, is unconstitutional, and relied on "subjective, non-technical public sources" that amounted to little more than rumors.

"Furthermore, DHS [the Department of Homeland Security] has failed to provide the company adequate due process to rebut the unsubstantiated allegations underlying the directive, and has not provided any evidence of wrongdoing by the company," Kaspersky Lab said in announcing its appeal against the order on Monday.

"As a result, DHS’s actions have caused undue damage to both the company’s reputation in the IT security industry and its sales in the US. It has unfairly called into question Kaspersky Lab’s fundamental principles of protecting its customers and combatting cyber threats, regardless of their origin or purpose. In filing this appeal, Kaspersky Lab hopes to protect its due process rights under the US Constitution and federal law and repair the harm caused to its commercial operations, its US-based employees, and its US-based business partners."

The directive ordered IT administrators at US government agencies to wipe all copies of Kaspersky Labs products from their machines by the end of this year. This came after fears were raised that Kaspersky was secretly passing information from its customers' computers, including top-secret American government files, to Russian intelligence agencies.

In December, a former NSA worker admitted to taking home classified documents and security exploits only to have them detected and uploaded to Kaspersky's cloud for analysis by his copy of Kaspersky antivirus on his home PC. According to anonymous US government sources, Russian FSB spies accessed those documents via Kaspersky's software.

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware


Kaspersky has long denied any dodgy collaborations with Kremlin snoops, though it is understood the company can be compelled, by law, to hand over data to President Putin's surveillance agencies. The thought of Russian intelligence, or any old miscreants, extracting sensitive information from US federal PCs via Kaspersky's tools, frankly, freaks out American officials.

The biz hopes to wield the US Administrative Procedure Act like a hammer in a Washington DC federal court, and deliver a knockout blow to the directive on the basis that it is allegedly unconstitutional. Kaspersky also claimed it tried to negotiate and cooperate with Homeland Security to ensure it can keep its software on government computers, but did not hear anything from Uncle Sam on the matter.

"Because Kaspersky Lab has not been provided a fair opportunity in regards to the allegations and no technical evidence has been produced to validate DHS's actions, it is in the company’s interests to defend itself in this matter," Kaspersky founder and CEO Eugene Kaspersky said of the appeal.

In a statement, issued alongside the directive, a Homeland Security spokesperson said: "Kaspersky antivirus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.

"The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.

"The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

We're Putin our foot down! DHS, FBI blame Russia for ongoing infrastructure hacks

Alert adds detail to 'Dragonfly' cyber-attack disclosed last year

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Brit teen accused of running malware factory and helpdesk for crims

Lad cuffed after worldwide manhunt leads cops to parents' home in Stockport, UK

Citrix opens its third cloud region, this time in Australia

Co-incidence much that it’ll run in Azure, and Microsoft just scored better security creds down under?

Security bods liberate EITest malware slaves

Miscreants' command and control network traffic sent down sinkhole

Hey, govt hacker bod. Made some really nasty malware? Don't be upset if it returns to bite you

RSA 2018 Cough, cough, EternalBlue, cough, cough Wannacry, splutter, Stuxnet

Australia to probe Web giants' impact on news, ads, competition

Google, Facebook, named as worthy of inquiry

Microsoft Australia changes App Store T&Cs to pay GST

When Australians buy apps on the Store, punters' sales taxes will come on shore

Infosec brainiacs release public dataset to classify new malware using AI

Data is the secret sauce to advancing AI research