Kaspersky Was First Flagged as a Potential Threat by Pentagon as Early as 2004
Kaspersky may have recently become a regular in the news coming out of the United States, it appears that the government had its doubts about the antivirus firm as early as 2004. According to the information presented by the Defense Department to the Congress, the company was flagged by the US military intelligence over a decade ago.
Kaspersky was first flagged as a security threat in 2004
The Department of Homeland Security put a ban on Kaspersky products in September, which some reports suggested was done after Israeli intelligence officials provided evidence to the US government that the Russians were using the products to spy on US intelligence targets. However, it appears that the Defense Intelligence Agency (DIA) was the first to flag Kaspersky as a potential threat and did so in 2004 according to a memo provided to the Science, Space and Technology Committee.
The memo also confirmed that in 2012 the Pentagon issued a threat assessment on Kaspersky. It is unclear when the Department itself stopped using Kaspersky (Miller only said it was done a few years ago), but other agencies failed to follow the same precautions. In a report, the Wall Street Journal writes:
A Russian cybersecurity firm whose products current and former U.S. officials suspect Moscow has used as a tool for spying was flagged by U.S. military intelligence as a potential security threat as early as 2004, according to new information the Defense Department provided to Congress.
A top Pentagon cybersecurity official, Essye Miller told the committee at a hearing this week that the Defense Department hadn’t used Kaspersky products because of intelligence information regarding the firm. Still, other federal agencies didn’t follow the same precautions and used Kaspersky products.
We had reported last week that Jeanette Manfra, a top Department of Homeland Security official, had said at the hearing that nearly 15% of the federal agencies were using Kaspersky products on their systems. All the government agencies are required to remove the firm's products by December 12.
While Kaspersky has continued to fight all such allegations, the US government says that "the risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems" is too high. The reports and the company's subsequent admission that it uploaded confidential documents from an NSA employee and didn't inform the government just reinforced the rhetoric that the AV firm is a potential high target of spying - from Russian, Israeli or even the US spies.