Kaspersky Labs: Warning over Russian anti-virus software

EPA Someone typingEPA

The British government has issued a fresh warning about the security risks of using Russian anti-virus software.

The National Cyber Security Centre is to write to all government departments warning against using the products for systems related to national security.

The UK cyber-security agency will say the software could be exploited by the Russian government.

Security firm Kaspersky Labs, accused in the US of being used by the Russian state for espionage, denied wrongdoing.

Kaspersky Labs is widely used by consumers and businesses across the globe, although they are not being advised to stop using the software, as well as by some parts of the UK government.

Barclays axes deal

Officials stress they are not recommending members of the public or companies stop using Kaspersky products, which are used by about 400 million people globally.

Barclays has stopped offering free Kaspersky software to customers as a "precautionary decision".

On Saturday, the UK bank emailed 290,000 online banking customers who had downloaded Kaspersky over the past decade - but advised those with the software already installed to take no action.

A Barclays spokesman said: "Even though this new guidance isn't directed at members of the public, we have taken the decision to withdraw the offer."

For it to work, anti-virus software like that sold by Kaspersky Labs requires extensive access to files on computers and networks to scan for malicious code.

It also requires the ability to communicate back to the company in order to receive updates and share data on what it finds.

However, the concern is that this could be used by the Russian state for espionage.

Officials say the National Cyber Security Centre (NCSC)'s decision is based on a risk analysis, rather than evidence that such espionage has already taken place.

In the new government guidance, Ian Levy, NCSC's technical director, said: "Given we assess the Russians do cyber-attacks against the UK for reasons of state, we believe some UK government and critical national systems are at increased risk."

The NCSC is understood to have been in dialogue with Kaspersky Labs and says it will explore ways of mitigating the risks to see if a system can be developed to independently verify the security of its products.

It comes amid heightened concern about Russian activity against the UK.

Last month, Prime Minister Theresa May warned the Russian state was acting against the UK's national interest in cyberspace.

Following her warning, Ciaran Martin, chief executive of the NCSC, said Russia had targeted British infrastructure, including power and telecoms.

Reuters Eugene KasperskyReuters
Eugene Kaspersky

"Beyond this relatively small number of systems, we see no compelling case at present to extend that advice to the wider public sector, more general enterprises, or individuals," Mr Levy said.

"Whatever you do, don't panic.

"For example, we really don't want people doing things like ripping out Kaspersky software at large as it makes little sense."

'No facts'

Kaspersky has faced a series of accusations in the US press in recent months.

It responded to one claim, that it downloaded classified US material from a home computer in the US, by presenting a detailed explanation of what took place.

It has always said there is no truth to the claims.

Earlier this week, Eugene Kaspersky, chief executive and co-founder of the company, told me: "We don't do anything wrong. We would never do that. It's simply not possible."

He denied claims the Russian state could use the company.

"It's not true that the Russian state has access to the data. There are no facts about that," he added.

Mr Kaspersky said that if he was ever asked by the Russian state to hand over data he would move his company out of the country.