Kremlin-linked Kaspersky Labs had 'wide open front door' into US networks: House testimony
Moscow-based Kaspersky Labs would not pass the “smell test†for a government contract today, witnesses indicated in testimony before the House Committee on Science, Space, and Technology on Wednesday.
“If it’s meant to protect information of a sensitive national security type, I would think that [Kaspersky Labs] would not pass the sniff test [today for a government contract],†Sean Kanuck, director of Future Conflict and Cyber Security at the International Institute for Strategic Studies, said.
Rep. Roger Marshall (R-Kansas) said on Wednesday that he was “embarrassed†that the U.S. government appears to have had knowledge about risks associated with Kaspersky Lab products for three years before taking action to mitigate those dangers.
On Wednesday morning, Kaspersky Labs chief Eugene Kaspersky admitted to accessing classified digital surveillance tools from a U.S. government computer in 2014 and sending it to servers in Moscow. Kaspersky said the company’s analysts were tracking a powerful group of hackers and were triggered by an alert on a computer an NSA employee took home. The information, he said, was promptly deleted and not sent to any third parties.
But lawmakers questioned why Kaspersky sent the classified information back to Russia and deleted it, without ever alerting U.S. authorities, who eventually allegedly found out from Israel.
“There are so many aspects of this issue that are so disturbing that I can’t even get my hands around it,†Rep. Barry Loudermilk (R-Ga.) said Wednesday. “To me from a legal aspect ... I would have a legal responsibility at that point to notify the authorities ‘look, our software came across this information and you may need to go look at this employee.’ I also have issue with them just reading the documents that come across as well.â€
Last month, the Department of Homeland Security issued a binding operational directive to all federal agencies and departments to remove Kaspersky Lab software due to concerns over potential national security risks. The U.S. government is concerned about the company’s ties to the Russian government and spies within the country.
One of the witnesses said Wednesday that the government’s decision to issue an immediate edict was “alarming,†adding that the issue is not just Kaspersky, but also other possible intruders as well.
Kanuck said the nature of Kaspersky’s software, as a complete network monitoring solution, allows visibility into all of their client networks, providing them with a “wide open front door.†He added that telecommunication and monitoring laws in Russia, along with “willful interest in an adversarial context†and the access posed by Kaspersky Labs is a “potent combination.â€