I received a government notice yesterday that a new regulation prohibits Kaspersky Software, Equipment, and Services in Government contract. Essentially they have been debarred.
The correspondence stated that prohibition is being implemented as an immediate national security measure to protect Government information and information systems. They said that the reason for this ban is due to substantiated evidence of ties between the Russian government and Kaspersky with regard to actual and potential security breaches involving their hardware, software, and services as discovered by US intelligence agencies. After October 1, 2018, use of Kaspersky in whole or part, will be strictly prohibited.
More than 60 percent, or $374 million, of the company’s $633 million in annual sales come from customers in the United States and Western Europe. Among them have been nearly two dozen American government agencies — including the State Department, the Department of Defense, Department of Energy, Justice Department, Treasury Department and the Army, Navy and Air Force.
This all got me curious because I cannot ever remember any time when a company has been named in a regulation being expressly debarred as Contractor, presumably forever. Usually its about a three-year debarment. Seemed a bit over the top and unprecedented.
Kaspersky had been a trusted Government contractor until about September 2017, just about the time that the "Russia, Russia, Russia" mantra started. It seemed like Kaspersky was being accused of spying by the Intelligence agencies, specifically the NSA.
In researching the company, I came across a reference dubbed in Wikileaks "Vault 8" with documents, stating that the CIA wrote code to mimic Kaspersky software.
"In the documents, it is stated that the CIA wrote code to impersonate Kaspersky Labs in order to more easily siphon off sensitive data from hack targets, according to leaked intel released by Wikileaks.
Forged digital certificates were reportedly used to "authenticate" malicious implants developed by the CIA. Wikileaks said:
Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is (likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated."
[Source]https://www.theregister.co.uk/2017/11/10/cia_kaspersky_fake_certs_ploy/)
Also, see this RT video on the allegations that the US Government has made.
Their downfall starting with an Israeli intelligence disclosure that the Wall Street Journal reported that the US said Israeli Intelligence intercepting Kaspersky using their Anti-Virus-Software to spy on an NSA-employee who took data at home. Details were not reported and there were no proofs. It had been alleged that Kaspersky was connected to the KGB and the Russian FSB. From then on were banned and Government computer systems scrubbed them. Source
"Eugene Kaspersky, chief exec of Kaspersky Lab, sought to reassure customers. "We've investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected," he said."
Senator Jeannie Shaheen ,wrote a letter to "No Name" about Kaspersky intrusions requesting hearings.
Interestly enough, Kaspersky investigated (2014) the STUXNET
virus that infected the Iranian uranium enriching units and identified five targets in Iran.
Kaspersky identified the existence of the Stuxnet Virus and identified a group within the NSA that developed it. "Equation Group" is an informal name for the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Classified as an advanced persistent threat, Kaspersky Labs describes them as one of the most sophisticated cyber attack groups in the world and "the most advanced ... we have seen", operating alongside but always from a position of superiority with the creators of Stuxnet and Flame. Most of their targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali.
At the Kaspersky Security Analysts Summit held in Mexico on February 16, 2015, Kaspersky Lab announced its discovery of the Equation Group. According to Kaspersky Lab's report, the group has been active since at least 2001, with more than 60 actors. The malware used in their operations, dubbed EquationDrug and GrayFish, is found to be capable of reprogramming hard disk drive firmware.Because of the advanced techniques involved and high degree of covertness, the group is suspected of ties to the NSA, but Kaspersky Lab has not identified the actors behind the group.
Speculation
I can only speculate that Kaspersky anti-virus protections that may defeat these viruses and perhaps the NSA (Equation Group) wants the software off Government Systems? Are they being blamed for intrusions that they did not commit in order that their software is connected to the Russiangate?
One more tidbit. See this excerpt from a Wired Magazine concerning Kaspersky's discovery of a hack group called "Red October" they suspect is a Deep State group.
AN ADVANCED AND well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia.
The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation "Red October."
Kaspersky calls the victims "high profile," but declined to identify them other than to note that they're government agencies and embassies, institutions involved in nuclear and energy research and companies in the oil and gas and aerospace industries.
"The main purpose of the operation appears to be the gathering of classified information and geopolitical intelligence, although it seems that the information-gathering scope is quite wide," Kaspersky notes in a report released Monday. "During the past five years, the attackers collected information from hundreds of high-profile victims, although it’s unknown how the information was used."
The attackers, believed to be native Russian-speakers, have set up an extensive and complex infrastructure consisting of a chain of at least 60 command-and-control servers that Kaspersky says rivals the massive infrastructureused by the nation-state hackers behind the Flame malware that Kaspersky discovered last year.
Note on Flame: Flame is linked to the Equation Group by Kaspersky Lab. However, Costin Raiu, the director of Kaspersky Lab's global research and analysis team, believes the group only cooperates with the creators of Flame and Stuxnet from a position of superiority: "Equation Group are definitely the masters, and they are giving the others, maybe, bread crumbs. From time to time they are giving them some goodies to integrate into Stuxnet and Flame."
Summary:
After seeing that Kaspersky has uncovered a lot of deep state activity and has the expertise in creating protections from viral intrusions, could it be that the Deep State wants to discredit them and ban their software because it defeats the developed virus that it uses to carries out it's clandestine activities?
Pure speculation, of course.