-- Senior members of the U.S. intelligence community are for the first time publicly expressing concern that one of the world's largest cyber-security firms -- Moscow-based Kaspersky Lab -- could pose a threat to the U.S. homeland.
Until those remarks at a Senate Intelligence Committee hearing today, such concerns have been communicated only behind closed doors and in private memos, as ABC News first disclosed in a report Tuesday.
Current and former U.S. officials worry that Russian intelligence could seek to exploit Kaspersky Lab's widely-used software to steal and manipulate users' files, read private emails or attack critical infrastructure in the United States. And they point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies.
"This [is an] important national security issue," declared the bipartisan memorandum, described to ABC News by congressional sources.
The company has repeatedly insisted it poses no threat to U.S. customers and would never allow itself to be used as a government tool.
Products from Kaspersky Lab are widely used in homes and businesses throughout the United States and around the world.
But ABC News found that -– largely through outside vendors -– Kaspersky Lab software has also been procured by such federal agencies as the U.S. Bureau of Prisons, the Consumer Protection Safety Commission and even some segments of the Defense Department.
"We are tracking Kaspersky and their software," the Director of the Defense Intelligence Agency, Lt. Gen. Vincent Stewart, told the Senate panel today. "As well as I know, and I checked this recently, no Kaspersky software on our networks."
But when asked whether any federal contractors might be using Kaspersky Lab software on U.S. systems, Stewart said, "The contractor piece might be a little bit harder to define, but at this point we see no connection to Kaspersky and contractors supporting our [information technology]."
The five other U.S. intelligence officials on the panel unanimously agreed.
Manchin urged each of the U.S. officials testifying to verify that Kaspersky Lab software is not on their agencies' systems.
In a statement issued Tuesday, Kaspersky Lab insisted: "As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts."
"The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations," the statement said.
"Kaspersky Lab is available to assist all concerned government organizations with any ongoing investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded.”
In fact, the FBI and other agencies in the U.S. intelligence community have yet to publicly present any evidence connecting company executives with Russian security services. And sources who spoke with ABC News did not offer any evidence suggesting Kaspersky Lab has helped breach a U.S. system or taken hostile action on behalf of the Russian government.
"For 20 years, Kaspersky Lab has been focused on protecting people and organizations from cyberthreats, and its headquarters' location doesn't change that mission," Kaspersky Lab said in its statement. "[J]ust as a U.S.-based cybersecurity company doesn’t allow access or send any sensitive data from its products to the U.S. government, Kaspersky Lab products also do not allow any access or provide any private data to any country's government."
In an interview with ABC News, Eugene Kaspersky said, "My response if I’m asked to spy on anyone coming from any state, any government -— not only Russian —- will be definite 'no.'"
Experts emphasize there is one key thing to remember about Kaspersky Lab: "They do some good things, and they have good products," said Carpenter, the former Defense Department official.
Founded in 1997, the company boasts an estimated 400 million users in nearly 200 countries. And it reportedly rakes in hundreds of millions of dollars a year, not only through its anti-virus software but also through the analysis it conducts about emerging threats.
"We do not care who's behind the cybercampaigns we expose,” Eugene Kaspersky said in 2015, responding to a Bloomberg News report about his alleged ties to Russian officials. "There is cyber-evil, and we fight it."
In 2013, Kaspersky Lab outed what it called Red October, an alleged Russian hacking campaign to spy on diplomatic agencies in Eastern Europe. Kaspersky Lab researchers were also behind the discovery of Stuxnet, the U.S. National Security Agency's special cyberbomb targeting Iranian nuclear facilities in 2009 and 2010.
Answering online questions through the website Reddit as today’s Senate Intelligence Committee hearing was getting underway, Eugene Kaspersky said he is “tired” of answering "silly questions about my ties with the Kremlin.
"All these stories, they don’t make me happy," he wrote. "But to some extent they give us something close to free advertising."