After US Allegations Against Kaspersky Lab, UK Responds

In2an3_PpG

Level 18
Thread author
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
After US Allegations Against Kaspersky Lab, UK Responds

Consider Country of Origin For Some AV Use Cases, British Government Advises

The British government has taken a cue from the U.S. government's concern about Kaspersky Lab's anti-virus software. The U.K.'s National Cyber Security Center, which advises organizations on cybersecurity matters and is part of intelligence agency GCHQ, now recommends that British government agencies that handle certain types of classified information not use anti-virus software developed by any Russia-based organization.

See Also: How to Scale Your Vendor Risk Management Program

But in a step that goes beyond the NCSC's advice, banking giant Barclays says it will no longer give its customers free copies of Kaspersky's anti-virus software.

The NCSC, however, has stressed that most organizations should carefully consider their own potential risks before opting to ditch Kaspersky's software. Its advice differs from the United States, where the government first advised against procuring Kaspersky and then completely banned it from government networks in early September (see Kaspersky Software Ordered Removed From US Government Computers).

The NCSC's warning will have little immediate effect on Kaspersky Lab. Ian Levy, NCSC's technical director, notes in a blog post that there's almost "no installed base of Kaspersky AV in [U.K.] central government."

But the new guidance could further dim Kaspersky Lab's opportunities for future U.K. sales, both in the government and for large contracts, such as with banks. And the NCSC's recommendation represents yet more bad news for Kaspersky Lab, which has strongly refuted allegations that the Russian government may have co-opted its software to serve as a search engine for other governments' secrets.

Tarnished Darling
Kaspersky Lab's anti-virus product is widely regarded as one of the most capable offerings on the market. Led by the gregarious Eugene Kaspersky, a software engineer turned entrepreneur, the company has a research team that has uncovered some of the world's most sophisticated hacking groups, including Equation, which is widely believed to be the U.S. National Security Agency's offensive hacking team.

But the software company's reputation has been tarnished after anonymous U.S. officials suggested that using its software might put users at risk. In October, Israeli intelligence agents reportedly told the U.S. government that they had hacked into Kaspersky Lab's infrastructure and found that Russian hackers were already there, monitoring the company's communications with endpoints.

Because anti-virus software has deep access to an operating system and the ability to copy files, such applications remain attractive targets for hackers (see Yes Virginia, Even Security Software Has Flaws).

The Kaspersky Lab saga became more complex after the company said that its consumer anti-virus software had flagged and collected four classified documents and NSA-developed malware from the home computer of an NSA analyst in 2014. The analyst, Nghia Hoang Pho, pleaded guilty to mishandling classified material (see Spy Whose Files Were Plucked by Kaspersky Pleads Guilty).

Kaspersky has said that it detected malware on the home PC that it thought might be connected with the Equation Group. As with other anti-virus software, Kaspersky Lab's software collected the suspicious files and sent them back to headquarters for analysis.

When researchers realized what had been collected and informed Eugene Kaspersky, he says that he ordered the material to be deleted, the company said last month following an in-depth investigation into the incident. But the U.S. government alleges that the material ended up in the hands of the Russian government after the analyst's computer was further targeted (see Report: NSA Secrets Stolen From Computer Using Kaspersky Software).

Recommendation: Not For Secrets
The British government has now reacted to these allegations.

"There's been a lot of speculation about foreign involvement in the U.K. supply chain recently," Ian Levy, technical director of the U.K. National Cyber Security Center, says in a blog post.
In a letter to the permanent secretaries of U.K. government bodies, Ciaran Martin, head of the NCSC, writes that Russian anti-virus products should not be used for certain official-tier organizations or anyone handling information classified as "secret" or higher. But most systems, he says, are not at risk.

"Russia has the intent to target U.K. central government and the U.K.'s critical national infrastructure," Martin writes. "However, the overwhelming majority of U.K. individuals and organizations are not being actively targeted by the Russian state, and are far more likely to be targeted by cybercriminals."

Because of the "highly intrusive" nature of anti-virus software and the fact that most products send data and information back to a vendor, "that's why the country of origin matters," Martin writes.

"It isn't everything, and nor is it a simple matter of flags - there are Western companies who have non-Western contributors to their supply chain, including from hostile states," he writes. "But in the national security space there are some obvious risks around foreign ownership."

Don't Panic
In a separate blog post, Levy - the NCSC's technical director - says that the agency's advice is "a bit complex and nuanced" but stresses that no one should panic. "For example, we really don't want people doing things like ripping out Kaspersky software at large, as it makes little sense," he writes.

Future efforts may also ease any lingering concerns. Martin says that the NCSC is in discussions with Kaspersky Lab that are focused on developing a framework that could be used to verify that U.K. data isn't transferred to the Russian state.

"We will be transparent about the outcome of those discussions with Kaspersky Lab, and we will adjust our guidance if necessary in the light of any conclusions," Martin writes.

In a statement, Kaspersky Lab says it "looks forward to continuing our dialogue with the NCSC to develop a framework that can independently verify and provide assurance of the integrity of Kaspersky Lab's products and services."

Barclays Bails
Some British users of Kaspersky Lab products, however, have already cut ties with the company. British bank Barclays, for example, has withdrawn an offer to its customers to receive a free copy of Kaspersky Lab's anti-virus software, Reuters reports.

Many banks have deals with anti-virus companies to offer free security software, which reduces the risk of bank-related fraud that starts with malicious software infections.

In response to the Barclays move, Kaspersky Lab says it is "disappointed Barclays has decided to discontinue offering Kaspersky Lab anti-virus to new customers. It's very important to note that the NCSC is not encouraging consumers or businesses against using Kaspersky Lab software."
 
D

Deleted member 65228

Not being funny but I think I'd rather have Kaspersky having deep control of a system than a lesser known third-party with less experience. The more customers you have = the more money you have = the more penetration testing and bug fixes = bug bounty system = more submissions from experienced people = product becomes safer

It has been known since I was born that security software can be exploited. Not sure how it was relevant to the topic of the article considering it is the same for all AVs and most others are easier targets than one like from Kaspersky

Anyway I see where they are coming from but an average Joe doesn't need to care about it. The media is doing is again... I don't see why people need to be bombarded with articles like this online! it just causes confusion and makes people wonder if they should switch or not... government agency guidelines don't apply to normal people haha.

Thanks for the share @In2an3_PpG :)
 
F

ForgottenSeer 58943

This...

But the software company's reputation has been tarnished after anonymous U.S. officials suggested that using its software might put users at risk.

Nice straw man.. How about this official grow a pair, come forward, and present evidence? Otherwise, this is no better than heresay while walking down the street.

In October, Israeli intelligence agents reportedly told the U.S. government that they had hacked into Kaspersky Lab's infrastructure

So why are the Israeli's hacking into privately owned corporations? Why do so much of the issues that come up seem to originate in Israel? Also, since it is pretty established that Israel spies on the USA, could this be an agenda to get a 'particularly troublesome' software off US Systems to make them easier to subvert? People continuously underestimate the capabilities (and criminality) of the Israeli Intelligence Apparatus.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top