The Federal Office for Information Security in Germany has urged users to uninstall any Kaspersky product from their devices and replace it with an alternative one.
Bundesamt für Sicherheit in der Informationstechnik (BSI) or the Federal Office for Information Security in Germany issued a press release on Tuesday, March 15th, in which it warned users not to use security products provided by Kaspersky Labs, a Moscow, Russia-based cyber security and anti-virus provider.
BSI, a top-level federal agency in Germany, is responsible for managing communication and computer security for the government of Germany.
The agency went on to urge users to uninstall any Kaspersky product from their devices and replace it with an alternative one. As to why it should be done; the agency cited recent threats from Russia against Germany, European Union (EU), and NATO (The North Atlantic Treaty Organization).
BSI warned that the current military conflict is associated with a considerable risk of a successful cyberattack. The agency also worries that having its headquarter in Moscow makes Kaspersky Labs vulnerable to being taken advantage of and spied on by the Russian government.
A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.BSI
The agency further explained in its press release that trust in the reliability and self-protection of a manufacturer as well as its authentic ability to act is crucial for the safe use of such systems. If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure to be protected, said BSI while citing trust and reliability issues amid the ongoing conflict and political scenario of the region.
In its response, Kaspersky has slammed BSI claiming that its warning is politically motivated rather than based on a technical assessment of its products.
Our data processing infrastructure was relocated to Switzerland in 2018: since then, malicious and suspicious files voluntarily shared by users of Kaspersky products in Germany are processed in two data centers in Zurich that provide world-class facilities, in compliance with industry standards, to ensure the highest levels of security.
Beyond our cyberthreat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky can be processed on the Kaspersky Security Network’s services located in various countries around the world, including Canada and Germany. The security and integrity of our data services and engineering practices have been confirmed by independent third-party assessments: through the SOC 2 Audit conducted by a ‘Big Four’ auditor, and through the ISO27001 certification and recent re-certification by TÜV Austria.Kaspersky
Hacking Into Kaspersky Labs
While German authorities fear the Russian government could hack Kaspersky Labs and abuse the company’s infrastructure without its knowledge, in June 2015, the cyber security giant did suffer a cyber attack in which hackers used Duqu malware to breach the company’s defenses.
According to Kaspersky, the hackers were “a generation ahead of anything seen” as they used a method that used the “zero-day” vulnerabilities or flaws present in software about which the developers also were clueless.
In October 2017, The New York Times published a report in which it was revealed that in 2015 Israeli spies managed to access Kaspersky’s backend systems and identified that Russian hackers were discreetly using the software both as a universal search engine and a spying tool.
It was also reported that Russians hacked Kaspersky’s servers to obtain suspicious data that the antivirus identified and matched the code names assigned to USA’s software exploits.
This means, without the knowledge of Kaspersky, the Russian government was using its software as a spying tool to get details about the cyber-espionage tools and tactics used by the American intelligence agencies including the NSA.
Not for the first time
This is not the first time when Kaspersky Labs is being pointed out by authorities due to geopolitical tensions. In July 2017, Kaspersky Labs was banned in the United States from developing software after the company was accused of having ties with Kremlin and its intelligence agency FSB.
In reply, Eugene Kaspersky, the CEO of Kaspersky Labs, denied all allegations and offered to share the source code of the software that his company develops. He also suggested the authorities audit his Kaspersky security products.
However, the US-based Bloomberg News later claimed it obtained internal email communication between the security giant and FSB. The report alleged Kaspersky Labs of developing security products for Russia’s intelligence agency.
Kaspersky Labs rejected Bloomberg’s report and called it “misinterpreted or manipulated.”
More Kaspersky News on Hackread.com
- Kaspersky spots CIA malware with backdoor capabilities
- WikiLeaks’ Vault 8 Leaks Show CIA Impersonated Kaspersky Lab
- Kaspersky tipped off the US about the contractor who stole NSA data
- Kaspersky Claims Russian Government Hacking Groups Hacked Satellites
- Passwords by Kaspersky Password Manager exposed to brute-force attack