Russia: Germany warns of “considerable risk of computer attack” through Kaspersky programs | Technology

The Federal Cyber ​​Security Authority of Germany (BSI, for its acronym in German) on Tuesday urged companies and users to avoid the use of popular antivirus and computer security programs from the Kaspersky company, created in Russia in 1997. According to the German agency, this firm, which claims to have more than 400 million users and 240,000 corporate clients in the world, poses “a considerable risk of a successful computer attack.” Kaspersky denies this, stating: “We are a private global cybersecurity company and as such we have no ties to the Russian government or any other.”

The BSI has warned on Tuesday that the Russian technology company “may carry out offensive operations, may be forced to attack systems against its will, be spied on as part of a cyber operation without its knowledge, or be misused as a tool for attacks against their own customers.”

The alert from the Federal Cyber ​​Security Authority is aimed especially at companies and operators of critical infrastructure, which are “particularly vulnerable”. Munich Airport, one of the largest in Europe (50 million passengers, 100 airlines and 250 destinations from 75 countries before the pandemic) entrusted its computer and data security to the Kaspersky Threat Intelligence program last October.

The popular security company was already vetoed in 2017 by the then US president, Donald Trump, who prohibited the use of this company’s programs in the Government, considering that it is “vulnerable to the influence of the Kremlin”. The precautions extended to the European institutions.

The German alert is in tune with those launched by all Western cybersecurity agencies for companies and institutions to strengthen their defenses on the Internet in the face of the war in Ukraine. In early March, French authorities issued a similar warning about the potential of the Russian company’s programs. However, the BSI goes further by extending its recommendation on the use of Kaspersky to private users.

On March 1, before the invasion of Ukraine by Russia, the creator and CEO of the company, Eugene Kaspersky, issued a statement in which he stated that “war is not good for anyone” and advocated “the peaceful dialogue as the only possible instrument to resolve conflicts”. Kaspersky has also rejected accusations of serving the Russian government or being used by it.

It is not the first time that Germany accuses Russia of being behind computer incidents suffered by its institutions. The most significant was in 2015, when an attack paralyzed the Bundestag’s computer network for several days. The German justice has also opened an investigation for alleged computer espionage of deputies, actions from which Russia has disassociated itself.

The technology company born in Russia, according to data from the Opswat company (which excludes the Windows Defender antivirus in its reports, pre-installed on all computers that operate with this programming), is among the 10 companies with the largest market share in the security field, between 4% and 7%, depending on the month. Smartprofile raises its presence to 12%. Its free antivirus (Kaspersky Security Cloud Free) is one of the most used and considered one of the most effective by the Organization of Consumers and Users. Their payment programs are also among the best sellers online.

Kaspersky’s response

The program company has assured that the decision of the German federal agency “is taken for political reasons and not because it is based on a technical evaluation”. “We will communicate with the BSI to clarify all the necessary points regarding their decision and to address any additional concerns that they and other regulators may have,” says the company.

Kaspersky has defended its “permanent commitment to integrity and trust” and insisted on its null relationship with any government. In this sense, he has reiterated the words of his founder rejecting war.

The company has also highlighted that its data processing infrastructure was moved to Switzerland in 2018: “The malicious and suspicious files voluntarily shared by users of Kaspersky products in Europe are processed in data centers located in Switzerland, with first-class facilities. level and meeting all industry standards to ensure the highest levels of security. Beyond our cyberthreat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky are processed in Kaspersky Security Network services, located in different countries around the world, including Canada and Germany. The security and integrity of our data services and engineering practices are supported by independent third-party certifications: through the SOC 2 audit by one of the four largest auditors in the world and through ISO 27001 certification from TÜV Austria and its recent recertification.

Kaspersky invites customers and regulators, such as cybersecurity agencies, to “perform a free, comprehensive technical review of its solutions,” including program developments, source code, database versions and updates, and audit reports. .

You can write to us [email protected]will follow THE COUNTRY TECHNOLOGY on Facebook and Twitter and sign up here to receive our weekly newsletter