Russian firm under FBI scrutiny offers to help any federal investigation

Kaspersky Lab says any "deeper examination" will help dispel any allegations.

ByABC News
May 11, 2017, 6:07 AM

— -- A world-renowned software company -- the Moscow-based Kaspersky Lab -- says it wants to dispel security concerns about its products by helping any government probe of the company.

"Kaspersky Lab is available to assist all concerned government organizations with any ongoing investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded," the company says in a statement posted on its website.

The statement follows an ABC News report earlier this week that disclosed a long-running FBI probe of the company, and detailed growing concerns among U.S. officials that Russian spies might try to exploit Kaspersky Lab to snoop on Americans or sabotage key U.S. systems.

For years, the FBI has been investigating whether Kaspersky Lab maintains any troubling relationships with the Russian government, and the U.S. agency has been trying to uncover any possible efforts to collect intelligence on Americans, sources with knowledge of the probe told ABC News.

In recent months, FBI agents have taken further action to move their probe forward, including a review of records related to Kaspersky Lab, sources said.

In February, the Department of Homeland Security issued a secret report on the company. And just last month, in a secret memorandum sent to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions, the Senate Intelligence Committee raised possible red flags about Kaspersky Lab and urged the intelligence community to address potential risks posed by the firm’s powerful market position.

"This [is an] important national security issue," declared the bipartisan memorandum, described to ABC News by congressional sources.

Kaspersky Lab products are widely used in homes, businesses and government agencies throughout the United States, having secured contracts with the Federal Bureau of Prisons and segments of the Defense Department.

Current and former U.S. officials expressed concern over Kaspersky Lab executives with previous ties to Russian intelligence and military agencies. The company’s founder and chief executive officer, Eugene Kaspersky, was trained at a coding academy sponsored by the KGB.

Subsequently, current and former U.S. officials worry that Kaspersky Lab’s software could allow state-sponsored hackers to steal and manipulate users’ files, read private emails or attack critical infrastructure in the United States.

"There’s absolutely knowledge amongst senior government officials that this company is potentially a threat to U.S. national security interests," according to Michael Carpenter, who until January served as the Defense Department's deputy assistant secretary for Russia, Ukraine and Eurasia.

But in its statement, Kaspersky Lab insisted: "As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts."

"The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations," the statement posted Tuesday afternoon said.

In fact, the FBI and other agencies in the U.S. intelligence community have yet to publicly present any evidence connecting company executives with Russian security services. And sources who spoke with ABC News did not offer any evidence suggesting Kaspersky Lab has helped breach a U.S. system or taken hostile action on behalf of the Russian government.

"For 20 years, Kaspersky Lab has been focused on protecting people and organizations from cyberthreats, and its headquarters' location doesn't change that mission," Kaspersky Lab said in its statement. "[J]ust as a U.S.-based cybersecurity company doesn’t allow access or send any sensitive data from its products to the U.S. government, Kaspersky Lab products also do not allow any access or provide any private data to any country's government."

But, in discussing their concerns about Kaspersky Lab, current and former U.S. officials also point to Russia's System of Operative-Investigative Measures (SORM), which "legally permits authorities to monitor and record all data that traverses Russia’s networks," according to the State Department.

Russian authorities must obtain a court-approved warrant to collect a customer’s information from a company. But the company doesn't always get to see the warrant, and authorities may lawfully gather information on anyone else later tied to the targeted customer "so long as the new targets are part of the same operation," according to a State Department fact sheet about SORM obtained by ABC News.

"In practice, these are very broad powers," and "Russia's approach is more flexible and intrusive than similar Western systems," the State Department wrote.

In an interview with ABC News, Eugene Kaspersky said, "My response if I’m asked to spy on anyone coming from any state, any government -— not only Russian —- will be definite 'no.'"

PHOTO: A Department of Homeland Security vehicle is parked near an electric company's equipment.
A Department of Homeland Security vehicle is parked near an electric company's equipment.

According to the company, customers "have full control" over what data is shared, and they can opt out if they don’t want even anonymized data sent through servers in foreign locations like Russia, where it might be subject to collection under SORM.

Also, enterprise and government users can install a local "Kaspersky security network center on their premises to make sure the data never leaves their facility or country," a spokeswoman for the company said.

In its statement, the company noted that the U.S. National Institute of Standards and Technology has certified its encryption technologies for businesses as "fully compliant" with federal standards, which demonstrates that company products "are trusted to secure sensitive data."

ABC News asked Eugene Kaspersky whether the Kremlin could force his company to target the United States. He responded, "I think it's hardly possible."

Experts emphasize there is one key thing to remember about Kaspersky Lab: "They do some good things, and they have good products," said Carpenter, the former Defense Department official.

Founded in 1997, the company boasts an estimated 400 million users in nearly 200 countries. And it reportedly rakes in hundreds of millions of dollars a year, not only through its anti-virus software but also through the analysis it conducts about emerging threats.

"We do not care who's behind the cybercampaigns we expose,” Eugene Kaspersky said in 2015, responding to a Bloomberg News report about his alleged ties to Russian officials. "There is cyber-evil, and we fight it."

In 2013, Kaspersky Lab outed what it called Red October, an alleged Russian hacking campaign to spy on diplomatic agencies in Eastern Europe. Kaspersky Lab researchers were also behind the discovery of Stuxnet, the U.S. National Security Agency's special cyberbomb targeting Iranian nuclear facilities in 2009 and 2010.

In years past, Eugene Kaspersky repeatedly met with the FBI and other law enforcement agencies across the world to share information about emerging threats and discuss "the best solutions for fighting cybercrime," according to Kaspersky Lab.

However, "unfortunately we are losing our contacts with FBI ... because of the geo-political situation," Eugene Kaspersky told ABC News. “We were sharing this information, but now it's getting more and more hard to do that.”

ABC News' Pierre Thomas contributed to this report

Related Topics