US government admits briefing companies to drop Kaspersky

Trump's cyber security coordinator says both individuals and companies shouldn't use Kaspersky

Rob Joyce, the US government's cyber security coordinator, has admitted that the FBI has been holding briefings with private-sector companies in the US, urging them to ditch Kaspersky security products on the grounds of national security.

In an interview on CBS News in the US, Joyce said "I don't use Kaspersky Lab products", and warned consumers not to use Kaspersky's highly rated anti-virus software as well.

"I worry that as a nation state Russia really hasn't done the right things for this country and they have a lot of control and latitude over the information that goes to companies in Russia. So I worry about that."

Joyce was also asked, "as cyber czar do you think more should be done to get the word out to the public not to use it?" to which he replied: "I think they should look at the decisions the government is making, and then make their own decisions."

CBS implied that the FBI believes that Kaspersky's anti-virus software "could actually provide Russian intelligence with valuable information" - although no evidence has been provided to indicate that the software has ever been used to exfiltrate privileged information from anyone's PC or, indeed, that Kaspersky's security software has been used inappropriately.

Indeed, widely used software from Microsoft Windows 10 to AccuWeather's iOS app send data back to base all the time, while connected devices are also increasingly imposing dubious data sharing terms and conditions on buyers.

Neither Joyce, nor the FBI have offered much convincing evidence to back-up their claims. Rather, the warnings appear to be based on Kaspersky's "ties to the Russian government".

US-based technology companies also frequently have close links with US security organisations, with the CIA even running its own venture capital firm, called In-Q-Tel.

The FBI privately told CBS that it regularly meets with private organisations to share security concerns - but doesn't tell them how to run their businesses. According to reports, the FBI briefings have been met with mixed results, with energy and infrastructure companies more receptive than technology companies, where the FBI's claims have been met with scepticism.

The CBS report suggested that the US Department for Homeland Security had studied the attacks on Ukraine's power sector in recent years - credibly attributed to neighbouring Russia - and that the FBI warnings were based on findings into those attacks.

Kaspersky, not surprisingly, has roundly rejected the FBI warnings, which have increased since Donald Trump was elected president amid claims that hackers linked to the Russian government helped by releasing emails from the hacked home email server of his rival Hilary Clinton.

The company suggests that it is being used as a pawn in a geo-political game, especially as one of the few Russian-based technology companies to achieve global success.

"The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it's being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts," the company told Computing in a statement earlier this week.