Germany’s cybersecurity authority, Bundesamt für Sicherheit in der Informationstechnik (BSI), have issued a warning on March 15 about the use of online security products of Kaspersky Labs, a Russia-based cybersecurity company. Kaspersky provides various security tools such as anti-virus software, VPN, and more.
BSI is a top federal agency in Germany responsible for managing cyber security in the country and communication. BSI urged users to uninstall any Kaspersky software or app from their devices.
As for the reason behind the warning, the agency cited recent cybersecurity threats from Russia to NATO, European Union, and Germany. It was issued considering the recent conflict in Ukraine.
BSI said that the Russian-based software company can be forced to “launch a cyberattack” or can be used to spy on people.
“A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers,” according to the BSI warning.
The warning also said that companies of critical infrastructure are particularly at risk, especially IT companies.
While German authorities warned about the Russian government’s control of Kaspersky Labs and abuse its software, in 2015, the company did suffer from a cyberattack.
The security giant was breached using Duqu malware that used “zero-day” vulnerabilities in the software that engineers at Kaspersky were unaware of. Kaspersky said that hackers were a “generation ahead of anything seen.”
Similarly, in 2017, it was reported by The New York Times that in 2015 Israeli spies were able to access Kaspersky’s systems, and they identified that Russian hackers were using the software as spyware.
It shows that the Russian government was already using the software as a spying tool without the company’s knowledge. In 2017, President Donald Trump banned the use of Kaspersky software in the US government and national security systems.
The company denied these allegations, and CEO Eugene Kaspersky offered to share the software’s source code and offered authorities to audit its products.
After BSI’s warning, Axel Hellman, spokesperson of Eintracht Frankfurt football club, told Bloomberg:
“We have notified Kaspersky management that we are terminating [our] sponsorship agreement effective immediately…We very much regret the development.”
Kaspersky told BBC that the German government agency made the warning solely based on political grounds, and it has no ties to the Russian government.
The company said they will seek clarification from German authorities regarding their decision, which was “not based on a technical assessment of Kaspersky products.”
Kaspersky said that they are a private, global company and don’t have any ties with the Russian government. Since 2018, they have relocated their data-processing systems and infrastructure to Switzerland.
Kaspersky’s CEO also made similar remarks on Twitter. However, it faced a lot of criticism.
We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn’t good for anyone.
— Eugene Kaspersky (@e_kaspersky) March 1, 2022
Rik Ferguson, of TrendMicro, tweeted, “Better to have stayed silent than to have called an invasion a ‘situation’ that requires a ‘compromise'”
Recently, Amazon, Discovery, and MediaWarner suspended their services in Russia. The Roskomnadzor blocked Instagram in the country, cutting the access of millions of users from the social media platform.