Sen. Jeane Shaheen, D-N.H., suggested there is U.S. intelligence supporting allegations that the Moscow-based cybersecurity firm Kaspersky Lab is a danger to its American customers, including U.S. government agencies, but said she could not reveal the information because it is classified.
"[A]t a public hearing of the Senate Intelligence Committee in May, six top intelligence officials, including the heads of the F.B.I., C.I.A. and National Security Agency, were asked if they would be comfortable with Kaspersky Lab software on their agencies’ computers. Each answered with an unequivocal no," Shaheen wrote in an Op-Ed for The New York Times Monday. "I cannot disclose the classified assessments that prompted the intelligence chiefs’ response. But it is unacceptable to ignore questions about Kaspersky Lab because the answers are shielded in classified materials. Fortunately, there is ample publicly available information to help Americans understand the reasons Congress has serious doubts about the company."
Shaheen goes on to cite news reports about the firm and its founder's alleged close ties to Russian intelligence, including a recent Bloomberg report about an incident in 2009 in which it appears the founder, Eugene Kaspersky, directed his employees to work on a special project apparently at the behest of Russia's FSB. WIRED noted that the firm reportedly employs ex-intelligence officers, and in the Russian business climate, is unlikely to have succeeded as it has without high-level government connections.
Two weeks ago Robert Joyce, former head of the NSA's elite hacking unit and current White House cybersecurity coordinator, told CBS News he doesn't use Kaspersky products and would tell his family to avoid them as well.
"I would not," Joyce said. "I worry that as a nation state Russia really hasn't done the right things for this country and they have a lot of control and latitude over the information that goes to companies in Russia. So I worry about that."
Eugene Kaspersky has denied the allegations and even offered to show the U.S. government the source code for his anti-virus products to prove his firm's innocence.
“If the United States needs, we can disclose the source code,” he told The Associated Press, adding that he was ready to testify before Congress if necessary. “Anything I can do to prove that we don’t behave maliciously I will do it.”
Speaking to Code and Dagger, a former senior U.S. intelligence official joked that he was "shocked! shocked!" at the allegations that Kaspersky was working with the Russian government. But the official noted that American cybersecurity companies cooperate from time to time with the U.S. government as well.
"The question is, under what circumstances?" he said.