The Russian connectionDHS instructs government agencies to stop using Kaspersky Lab’s software

DHS on Wednesday, referring to reports about the links between the Russian cybersecurity company and Russian intelligence agencies, ordered all U.S. government agencies to stop using Kaspersky Lab software products.

DHS gave the agencies thirty days to identify any Kaspersky products they were using, and ninety days to remove all such products.

The DHS directive was signed by Elaine Duke, the acting DHS chief.

“The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” Duke wrote.

Kaspersky, a Russian software company run by a London-based holding company, reported $644 million in revenues last year. The company claims that 400 million users around the world – among them 270,000 corporate clients — are using its anti-virus and anti-malware software.

Kaspersky angrily reacted to the DHS directive, calling the allegations “completely unfounded” and said “it does not have unethical ties or affiliations with any government, including Russia.”

Kaspersky’s four-paragraph statement continued: “Kaspersky Lab has never helped, nor will help, any government in the world with its cyber espionage or offensive cyber efforts and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues.”

The BBC reports that the DHS directive is the latest sign of growing U.S. concern about the Russian cybersecurity company.

· In July, the General Services Administration (GSA) dropped Kaspersky from a list of approved vendors for some government purchases.

·  In a May Senate intelligence committee hearing, the leaders of the U.S. intelligence community all said they would not be comfortable with Kaspersky software on their computers.

Cyberexperts say that antivirus software offers a would-be hacker a perfect vehicle. These applications operate in “God mode”, being allowed access to every part of a user’s hard drive and transmitting digital information back and forth to a remote server controlled by the antivirus provider.

Experts say that, theoretically, the Russian government could instruct Kaspersky to compromise U.S. government computers by implanting malicious software update. “If it were controlled by a malicious cyber actor, because of the technology, he’s going to have access to every single file on your computer,” said Anthony Ferrante, senior managing director of FTI Consulting in Washington.

The BBC notes that U.S. counterintelligence agencies have been monitoring Kaspersky for several years. Around 2012, the FBI investigated an informant’s tip that the company had compromised the U.S. government’s encrypted telephone system. This summer, FBI agents interviewed several Kaspersky employees, including Eugene Kaspersky, the company founder.

Kaspersky was educated at a KGB-backed technical college and briefly worked for a Russian defense ministry scientific institute.

A former FBI official told the BBC that “He wouldn’t help us at all… From the early 2000s, it was felt Kaspersky was an FSB [the successor agency of the KGB] guy and everything he’d developed was just a huge front.”

James Lewis of the Center for Strategic and International Studies (CSIS) said that U.S. reliance on Russian cybersecurity products was a legacy of better relations in the immediate aftermath of the end of the cold war. “The Russians were supposed to be our friends,” he said. “There’s a lot of leftovers in US policy since the time we thought the world would all be happy market democracies.”