European Parliament Votes to Ban Kaspersky Products
14.6.18 securityweek BigBrothers
Kaspersky Suspends Collaboration With Europol and NoMoreRansom
Kaspersky Lab has suspended its collaboration with Europol and the NoMoreRansom initiative after the European Parliament passed a resolution that describes the company’s software as being “malicious.”
Kaspersky is not trusted by some governments due to its alleged ties to Russian intelligence, which has sparked concerns that the company may be spying for Moscow.
The call for a ban on Kaspersky’s products in the European Union is part of a report on cyber defense written by Estonian MEP Urmas Paet of the Committee on Foreign Affairs.
The next-to-last proposal in the report “Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab.”
The resolution was approved with 476 votes in favor and 151 against. In response, Kaspersky Lab’s founder and CEO, Eugene Kaspersky, said his company would be freezing collaboration with Europol and the NoMoreRansom project, and highlighted that the EU’s decision “welcomes cybercrime in Europe.”
Kaspersky is one of the private sector companies that founded NoMoreRansom, and it has helped Europol in several major cybercrime investigations, including a $1 billion cyber-heist.
“[It is] frustrating that there was no investigation, no evidence of any wrongdoing from our side, just references to false allegations from anonymous sources. This is the essence of media-ocracy: fake news → political decisions,” Eugene Kaspersky said on Twitter. “The risks of using our software are purely hypothetical. Just as hypothetical as with any other cybersecurity software of any country. But the risk of becoming a victim of a genuine cyberattack is real – and extremely high. Ergo: EP's political decision plays *for* cybercrime.”
Interestingly, an answer given in April by the European Commissioner for Digital Economy and Society, Mariya Gabriel, in response to a question from Polish politician Anna Fotyga regarding the risks associated with the use of Kaspersky software states that “the Commission has no indication for any danger associated with this anti-virus engine.”
On the other hand, Paet says he stands by his report. “These decisions must be taken seriously, they have not been taken out of the blue but instead have been drawn from various partners and intelligence sources. Considering the overall situation of EU-Russia relations, and Russia’s aggressive behaviour, we should not be taking risks that could cause serious damage to the EU,” he told EURACTIV after the vote.
The report is not legally binding, but it could influence some EU member states, especially since the U.K., the Netherlands and Lithuania have already moved to ban the use of Kaspersky software on sensitive systems. Kaspersky took legal action in the United States in an effort to overturn a decision to prohibit the use of its products by government agencies, but a judge rejected the lawsuit.
Many in the cybersecurity industry are skeptical of the accusations against Kaspersky, especially since no evidence of wrongdoing has been provided and many decisions related to the company appear to be based on media reports.
The security firm has been trying to clear its reputation, first by launching a transparency initiative that included giving partners access to source code, and more recently by announcing a move of core processes from Russia to Switzerland.