History repeats itself again. In the 1940s and 1950s the U.S. Government was so concerned about Soviet (Now Russia) spies that a series of politically and fear driven embarrassing Red Scare activities ensued. In the 40’s the U.S. Government issued a Loyalty Order to test government employee’s loyalty. Other activities that came from U.S. Government paranoia and politics included blacklists of people in Hollywood preventing them from working in the entertainment industry and hundreds of lives ruined from the labeling of being a communist sympathizer.
So, what have we learned from the combination of high profile paranoia and politics? Innocent people and companies get hurt when politics is added to broad-brush characterization of people connected to these concerns. When political motivation is added to legitimate paranoia reputations are sacrificed to advance political careers. Group-think ensues and large groups are lumped into one evil group for expedience.
The Latest Red Scare
Russian hacking and interference in U.S. Government or business operations is driving the latest Red Scare. U.S. political involvement via hacking and Wiki-Leaks and the impact on elections is the focus of this scare.
What About China?
Clearly, China does its share of hacking and has been found to be liable in multiple data breaches. But Russian hacking and political involvement of the latest election seems to be all that matters for the moment.
Are Security Products Made in Russia Safe?
Politicians in Washington are pushing the “anything Russian is evil” narrative. Guilt by association is running rampant. U.S. Government agencies are looking for any risks to U.S. companies or to the U.S. Government and that includes security products made in Russia. One scrutinized company is Kaspersky Labs.
Are Kaspersky Labs Products Riskier Because Engineers are in Russia?
Kaspersky Labs, a respected 20-year old security company, is now political fodder for anyone wanting to look tough on Russia and with political ambitions. Government officials have said they have “concerns” that Russian government spies might try to exploit its antivirus software to snoop or attack the nation’s infrastructure. This is a concern without any allegation or proof.
The company is reported to be under FBI scrutiny. The concern seems to be about possible relationships between Kaspersky employees and the Russian Government. However, to date, there are no employee issues that tie into Kaspersky Labs or Kaspersky products, only a single individual who has been arrested for conduct prior to working at Kaspersky.
If you believe politicians like Senator Marco Rubio, Kaspersky is guilty by association. Senator Rubio has recently made a point of asking government security agency chiefs if they would install Kaspersky on their own computers. Their answer was no. However, to be fair, the U.S. Government has routinely had a policy of not buying Russian anything for many years. I’m not sure that anything has changed except that the political climate has gotten more anti-Russia since the most recent elections and that Kaspersky Labs is an easy (non-U.S. based) target.
What is Kaspersky Lab’s Track Record?
In our opinion, Kaspersky has a long track record of 20+ years making great security products. Kaspersky has routinely been a leader in preventing security threats in the U.S. and worldwide. Some examples are: in:
- Kaspersky products most often rank at the top if any anti-malware test. They received a perfect 100% on the latest April 2017 AVTEST.
- Kaspersky has tried to take a leadership role in educating the U.S. market in security threats and trends over the last many years.
- Kaspersky is routinely the first to find new security zero-day threats (no defense exists), communicating this information to the security community so that they can build security signatures or algorithms to stop future attacks
Are we Going to Let Washington Politicians Dictate What We Buy?
Hopefully we will not let this Red Scare get to the same level as the 40s & 50s Red Scares. Let’s hold companies to a high standard, but also look at what they have done, and what they are doing. Kaspersky has zero allegations of wrong doing, just “concerns” from their proximity to the Russian Government and of course politicians trying to capitalize on easy (non-U.S. based) prey.
Eugene Kaspersky himself recently offered to testify in front of the U.S. Government and answer any questions they have in an effort to rebut Government innuendos.
If taken to an extreme, this Red Scare will have just as devastating effect as the last ones.
- Companies and people hurt based upon insinuendos and “suspicions” without proof
- Reduced focus on other threats to the U.S. and other priorities
- A spread of paranoia to other countries and linked companies. What would happen if we treat China like Russia? Would we suspect companies that manufacture there of security crimes? What about companies that OEM these company’s technology? Should we be fact based or association based?
Kaspersky Lab’s Fights Back
The following is an excerpt of Kaspersky Labs response to the latest comments by Marco Rubio and other U.S. Government representatives.
“As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.
For 20 years, Kaspersky Lab has been focused on protecting people and organizations from cyberthreats, and its headquarters’ location doesn’t change that mission–just as a U.S.-based cybersecurity company doesn’t allow access or send any sensitive data from its products to the U.S. government, Kaspersky Lab products also do not allow any access or provide any private data to any country’s government.
During the last 10 years, Kaspersky Lab has discovered and publicly reported on multiple Russian-speaking cyber espionage campaigns, which is more than any other U.S.-based company. Due to the company’s unique and global customer mix, Kaspersky Lab will continue demonstrating its leadership by finding and reporting global cyberthreat campaigns, regardless of the origin or intention.