Kaspersky hits back after users warned of Russian hacking threats

(Image credit: Kaspersky)

The founder of antivirus platform Kaspersky has hit back against claims the company's software is being used to spy on users.

The German Federal Office for Information Security (BSI) issued a warning saying Kaspersky antivirus software could be abused to launch cyberattacks, or for eavesdropping and espionage, amid the Russian invasion of Ukraine. 

While BSI did not explicitly demand the banning of the company and the product, it did suggest companies replace their cybersecurity solutions with those built by non-Russian vendors.

Eugene fires back

In a blog post entitled "Collateral Damage — on Cybersecurity", company founder Eugene Kaspersky said that the BSI accusations were baseless.

"Without going into details I can say that these claims are speculations not supported by any objective evidence nor offering technical details," he wrote. "The reason is simple. No evidence of Kaspersky use or abuse for malicious purpose has ever been discovered and proven in the company’s twenty-five years’ history notwithstanding countless attempts to do so."

"Without such evidence, I can only conclude that BSI’s decision is made on political grounds alone."

"In the last three weeks, the war in Ukraine has shattered the world we knew. Families, relations, partnerships, and ties were affected dramatically in Ukraine, Russia, Europe and the entire world," Kaspersky added. "The avalanche of these tragic events catches us all."

"My message to BSI, which now seems to be avoiding contacts with our German team, is simple: we consider this decision to be unfair and outright wrong. Nonetheless, we remain open to addressing any concerns you may have in an objective, technical, and honest manner."

Considering non-Russian vendors

“A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers,” the BSI statement read, further reminding that antivirus tools must have root access, and constant connection with the manufacturer’s servers, in order to operate.

“Companies and authorities with special security interests and operators of critical infrastructures are particularly at risk,” BSI concludes.

Italy’s Computer Security Incident Response Team (CSIRT) has also moved in a similar direction, suggesting to Italian firms to assess potential risks from using Russian-made cybersecurity solutions. 

Kaspersky has slammed the warnings, labeling them as political, rather than technical.

“We will continue to assure our partners and customers in the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators’ concerns,” Kaspersky spokesperson Francesco Tius told TechCrunch

“Kaspersky is a private global cybersecurity company and, as a private company, does not have ties to the Russian or any other government.”

Despite the reassurances, some companies have already cut ties with Kaspersky. Eintracht Frankfurt FC, a football club from the city of the same name, has terminated the sponsorship agreement that’s been in effect since 2018.

"We have always made it clear that we base the continuation of the partnership with Kaspersky on facts and attitude and not on nationalities. With the warning from the BSI, the facts and thus the trust in the Protectability of Kaspersky's products and services has changed significantly,” the club’s spokesperson said.

“We have informed the management of Kaspersky that we are terminating the sponsorship agreement with immediate effect. We can look back on a very trusting and successful partnership with Kaspersky and have always had a fair one over the past almost four years and good cooperation with the people involved. We very much regret the development."

Via: TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

With contributions from