What to know about the Russian cyberfirm pulled from US contractor list

What is Kaspersky Lab, and why are U.S. officials concerned about it?

July 13, 2017, 11:48 AM

— -- It's one of the world’s biggest and most powerful companies that you may have never heard of until recently, when U.S. lawmakers and national security officials began publicly raising concerns about the Moscow-based firm.

Products from the company, Kaspersky Lab, are embedded in countless U.S. homes, businesses and government systems.

Just this week -- in what one senior U.S. intelligence official called a "big move" -- the Trump administration stripped Kaspersky Lab from the U.S. government's list of vendors approved to work with federal agencies. The action will likely only affect future contracts, ABC News was told.

And two weeks ago, FBI agents went to the homes of U.S.-based Kaspersky Lab employees, looking to talk with them about the company's alleged ties with the Russian government, according to sources.

But what exactly is Kaspersky Lab? And why are U.S. officials concerned about it?

What they do

Kaspersky Lab is a cybersecurity company with two big missions: It develops software to protect your computer from hackers, and it investigates the secret tools being used by the world’s best cyberthieves and cyberspies.

The company was founded 20 years ago by Eugene Kaspersky and it now has offices in 32 countries, with at least two of those offices in the United States.

Its antivirus software is one of the most well-regarded cybersecurity products in the world. (You may have heard of industry giants like McAfee or Norton antivirus. Kaspersky Lab is almost always right there with them on lists of "most popular" and "most effective" cybersolutions.)

Famous findings

Kaspersky Lab has helped reveal some of the biggest cyberweapons ever used by foreign spies and criminal hackers.

When a malicious "worm" known as "WannaCry" began taking personal and government computers hostage in more than 100 countries two months ago, Kaspersky Lab researchers were the ones who publicly pointed the finger at the regime in North Korea.

"Kaspersky Lab was on the front lines protecting against this massive cyberthreat," Eugene Kaspersky recently said.

In 2013, Kaspersky Lab outed what it called Red October, an alleged Russian hacking campaign to spy on diplomatic agencies in Eastern Europe.

Kaspersky Lab researchers were also behind the 2010 discovery of Stuxnet, the U.S. National Security Agency's special cyberbomb targeting Iranian nuclear facilities that later became the subject of an award-winning documentary titled "Zero Days."

And in April, the firm released the results of a yearlong investigation it conducted into what it called "one of the largest, most successful cyberheists ever," involving the theft of $81 million from a bank in Bangladesh.

Are you using Kaspersky Lab products?

Kaspersky Lab estimates that it serves about 400 million customers around the world. Its relatively inexpensive products are available online and in-store at U.S. retailers like Target and Best Buy.

Indeed, many laptops sold at places like Best Buy are pre-loaded by manufacturers with Kaspersky Lab software.

In a recent interview with ABC News, Eugene Kaspersky said he’s "very happy" with his company's "consumer" and "small business" footprint inside the United States "but, unfortunately, we still have a lot of challenges" in other U.S. segments.

An investigation by ABC News earlier this year found many local, state and federal government agencies relying on Kaspersky Lab software to protect their systems.

The full extent to which federal systems use Kaspersky Lab software is hard to determine because the antivirus software is often folded into package deals with outside vendors and subcontractors.

But ABC News confirmed that the Consumer Product Safety Commission, the U.S. agency that announces recalls of dangerous products, the U.S. Bureau of Prisons and some segments of the Defense Department were employing Kaspersky Lab products.

Why are US officials concerned?

Eugene Kaspersky has outright rejected U.S. officials' concerns about his company, dismissing them as "unfounded conspiracy theories."

The U.S. government has yet to publicly present any evidence to support or further explain its concerns. But in speaking about the matter publicly, U.S. officials repeatedly make a few key points.

Most notably, U.S. officials cite “alarming ties” between the Kremlin and Kaspersky Lab, as Sen. Jeanne Shaheen, D-N.H., recently put it. There is now "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted," Shaheen said in a recent statement.

"Although there is no public evidence of collusion between Kaspersky Lab and the Russian government, it’s not a large leap," Rep. Clay Higgins, R-La., recently said at a congressional hearing.

PHOTO: Eugene Kaspersky, Russian antivirus programs developer and chief executive of Russia's Kaspersky Lab, poses for a photo on a balcony at his company's headquarters in Moscow, July 1, 2017.
Eugene Kaspersky, Russian antivirus programs developer and chief executive of Russia's Kaspersky Lab, poses for a photo on a balcony at his company's headquarters in Moscow, July 1, 2017.
Pavel Golovkin/AP

U.S. officials also point to top executives within the company who have previous ties to Russian intelligence and military services.

Eugene Kaspersky himself was trained at a KGB-sponsored technical school. His company's chief legal officer, Igor Chekunov, previously worked for Russia's border patrol, which reported to the KGB.

And COO Andrey Tikhonov previously served as a lieutenant colonel in the Russian military, spending much of his service focused on information technology programs.

Cybersecurity firms from the United States and elsewhere similarly hire former government security officials as top executives.

In his interview with ABC New, Eugene Kaspersky said of Chekunov and Tikhonov: "I am 100 percent sure they don't have any wrong relations with the Russian government."

Kaspersky, 51, reiterated that company executives "don't have a close relationship with the Russian government" in a way that could be viewed as "bad meaning."

Nevertheless, current and former U.S. officials worry that -- with the deep access to computer systems provided by all antivirus software -- Kaspersky Lab's products could allow state-sponsored hackers to steal users' files, read private emails or attack critical infrastructure in the United States.

’False allegations’

As concerns about Kaspersky Lab have bubbled into the open in recent months, and as the FBI has pressed ahead with a long-running counterintelligence probe of the company, Kaspersky Lab has repeatedly insisted it poses no threat to customers and would never allow itself to become a tool of the Kremlin.

Here, in full, is a statement issued this week by the company:

"Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts. The company has a 20 year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy development of technologies, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations.

"Kaspersky Lab, a private company, seems to be caught in the middle of a geopolitical fight where each side is attempting to use the company as a pawn in their political game. Eugene Kaspersky, CEO and founder of Kaspersky Lab, has repeatedly offered to meet with government officials, testify before the U.S. Congress and provide the company's source code for an official audit to help address any questions the U.S. government has about the company.

"Kaspersky Lab continues to be available to assist all concerned government organizations with any investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded."

Related Topics