A Tuesday report by Bloomberg Businessweek shows possible ties between Kaspersky Labs and the Russian government, though the security firm is very publicly denying it.

The news outlet obtained emails from October 2009 that allegedly reveal Kaspersky working with FSB, Russia’s main intelligence agency.

These emails contain dialogue between CEO Eugene Kaspersky and senior staff, where Kaspersky explains a secret project from 2012. The software referred in the email is designed to protect clients, including the Russian government, from DDoS attacks.

The emails also stated that Kaspersky would cooperate with internet hosting companies to locate bad actors and block attacks while assisting with active countermeasures. Bloomberg said active countermeasures are used by security professionals to ‘hack the hackers.’

But where it becomes tricky is that the emails show Kaspersky provided FSB with real-time intelligence on the hackers’ location and sent the data to experts to accompany FSB and Russian police on raids: “They weren’t just hacking the hackers; they were banging down the doors.”

The emails said the FSB project was designed to turn the anti-DDoS technology into a mass-market product.

The U.S. has yet to make public any ties between Kaspersky and the Russian government, but the company is currently being investigated by the FBI. Further, President Trump is considering a ban on federal agencies using Kaspersky products and would make a decision within the next few days, ABC News reported.

Kaspersky, much like it has with other claims of Russian connections, has vehemently denied all of these claims.

“Regardless of how the facts are misconstrued to fit in with a hypothetical false theory, Kaspersky Lab, and its executives do not have inappropriate ties with any government,” officials said in a statement. “The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.”

Kaspersky said the emails referenced in Bloomberg’s report were “misinterpreted or manipulated to try to make the media outlet’s narrative work.” The company hasn’t hid the fact it works closely with many government agencies -- including Russia. Kaspersky also works with Europol, specifically on its ‘No More Ransom’ campaign.

Further, Kaspersky officials said it never received a request from the Russian government or affiliates to create any secret project. The security firm was already working on an anti-DDoS tool in the early 2000s.

“To clarify, the FSB is not currently, and never was, a Kaspersky Lab DDoS Protection client. While developing the anti-DDoS product, Eugene Kaspersky made it clear in his internal communications that he did not want any possible leaks, as attackers could learn how to bypass the technology measures if public, and he didn’t want competitors to copy it before it could be launched.”

Officials also took issue with Bloomberg’s assertion that Kaspersky can “quietly embed the software in everything from firewalls to sensitive telecommunications equipment.” In defense, the security firm said that it has 120 technology partners, or only 4 percent of the company’s revenue. But it’s the vendor’s responsibility to communicate the external products used within the software.

Kaspersky officials also said it did not confirm to Bloomberg the emails were authentic, and it wasn’t provided access to the emails.
 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn