Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government The Courts

Kaspersky Lab Sues Over Second Federal Ban (axios.com) 97

Cybersecurity firm Kaspersky Lab has filed a lawsuit targeting the second of two federal bans on its wares. The latest suit goes after language in a defense law explicitly blocking the purchase of Kaspersky products. An earlier suit targets a Homeland Security directive doing the same. From a report: The bigger picture: With the White House reluctant to institute additional sanctions on Russia, White House Cyber Czar Rob Joyce pointed to Kaspersky as an example of the Trump administration taking Russia seriously. While Kaspersky isn't alleged to be involved in the election hacks of 2016, it's hard not to see the actions against the firm in the context of deteriorated relations with Moscow, as part of a growing spat between the two countries.
This discussion has been archived. No new comments can be posted.

Kaspersky Lab Sues Over Second Federal Ban

Comments Filter:
  • We will need more proof then just "Trust Us" we are trying to protect you. In the mist of a lot of findings of Hacking from the Russian government, melding with the elections, often with electronic means. With being a part of the government that like to keep companies on a tight leash.

    Kaspersky may actually being doing good things without opening the door to the Russian government, and may actually be better protected with their products from Russian hacking. However we will need solid proof on this, othe

    • What I wonder is why the selective treatment of one single company. If you think Russia is spying on you, block everything coming from there. It's not like Kaspersky is the only Russian security company (far from it) or the only Russian IT company (even further) or even that there isn't a LOT of OSS coming from that general area.

      Take a look down Github. Sometimes it feels like every other library for compression or security has a Russian name next to it.

      What's so special about Kaspersky?

      • by TWX ( 665546 )

        Ok, please name the other Russian security companies whose products phone-home even if for legitimate purposes. Especially ones with as much market penetration as Kaspersky.

        Kaspersky the man might well not intend to cooperate with nefarious interests of his government, but Kaspersky the man might not be able to stop said government from covertly penetrating Kaspersky the company either through actual hacking techniques or through social-engineering of company employees.

        • Funny enough you're even right, most of the Russian internet companies mostly serve Russia. It's actually pretty interesting how there is nearly for every US company a Russian counterpart. Google - Yandex. GMX - mail.ru. Kickstarter - Planeta. Bet you never heard about them.

          Which is a shame, they're quite useful. But I don't see anyone banning the use of mail.ru or Yandex, which would actually make more sense than banning K if you ask me...

    • by Anonymous Coward

      AV programs have even deeper level access to a system than the "Administrator" account.

      All AV programs have automatic updates.

      Anyone who can sign updates for your AV program can push arbitrary code to a computer and it will be trusted with that better-than-admin access to your system.

      Kaspersky has known ties to Russian state security services. You do the math.

      Not that that matters. There are no property rights in Russia's illiberal government. If someone at Kaspersky does not play ball the owners wi

      • I agree. Even if Kaspersky's software isn't tainted in some way, the fact is that it could be co-opted. I find most AV software fairly troublesome, but using Kaspersky on any of my systems just seems like inviting an unpleasant outcome. And I certainly understand why the US government wants nothing to do with it at all.

      • Your definition of "known ties" also means Google has "known ties" to Russia, China, Iran, etc. That just means they abide by legal requests in court cases.
    • We will need...

      Posted with Andriod, hence the speeling otters.

    • by Anonymous Coward

      I can dig up more "proof" of US based companies colluding with the US government than any "proof" Kaspersky has colluded with the .ru government. For example; Google Chrome no longer trusts Symantec SSL/TLS certs. RSA getting caught red-handed sneaking in rigged PRNGs and "extended random" features into crypto products for millions of dollars. The infamous "NSA_KEY" in the Windows source code.

      No. The burden of proof is on the US, not Kaspersky. But keep using our countries tools, that sounds like a well inf

  • by midifarm ( 666278 ) on Wednesday February 14, 2018 @11:34AM (#56121969) Homepage
    Why do they assume they have a right to supply the US Government with anything? THe Us Government as a "company" can choose products for company-wide use or non use. Some companies required Blackberries at one time. Now they're no longer allowed. Apparently the critics are right, they don't like free enterprise!
    • by mark-t ( 151149 )

      They don't... I think, but with the US government being outspoken about the matter, it has leaked into other organizations and companies specifically choosing to avoid their software.

      They are, to the best of my knowledge, not trying to sue them for boycotting their software (which they should be allowed to do anyways), they are actually suing them for defamation.

      And willful defamation is actually against the law.

      And it's worth noting that while the government might be immune to civil prosecution, the

      • by swb ( 14022 )

        I've worked with some companies associated with the power generation industry and already heard one story about 100% of hard drives being swapped out to eliminate Kaspersky in one organization.

        • Meanwhile, their network is still wide open. I know because I have been to many and have worked on machine installs. That is the big joke. Ban Kaspersky, but everything is still unsecure. Hell, Kaspersky was probably making things more secure considering what it is now.

          Our security has dropped to Chinese levels in many industries. I used to laugh when I was younger how I could access Chinese machines and mess with them, now Iâ(TM)m saddened at how many machines I can access in across the US.

          • by swb ( 14022 )

            I didn't say it was an improvement per se, but the word supposedly has been coming from DHS to rip out Kaspersky.

      • Until Trump gets congress to monkey with the law, truth (and even belief of what the truth is) is a defense against libel and slander.

        So good luck with that.

        • by mark-t ( 151149 )
          Truth is defense against slander, as is having cause to simply believe that something is objectively truthful. If you cannot divulge what that reason is, however, then by definition it is not objective
        • The problem with leaning on "belief" is that you would have to prove what your belief actually is, you can't just assert anything and insist on it. The other side will have experts that dig into the details of it and try to prove, based on your other words or actions, that you probably believed something else. And they'll do that by talking not about you, but about what a mythical Reasonable Person would believe.

          If this was two companies, that might matter. But it doesn't matter if this company had some mea

    • I'm shocked that this government action gets any negative airtime on Slashdot.. After all, folks come out of the woodwork here to support the right of the states to enforce Net Neutrality rules on ISP's doing business with them. How's this all that different? It's a head scratcher for sure..

      Personally, I've always maintained the "government", be it state, local or federal, has the right to buy or not buy what they deem fit for purpose and impose any rules they like on the sellers who stand in line to coll

      • by balbeir ( 557475 )
        Why would you be shocked ? We all know that slashdot has it's fair share of Russian trolls.
    • The US government as a company belongs to you. Well, not totally, but at least you're kinda like a shareholder. And as such, you're entitled to them using the funds you provide them with well. Them simply declaring that they will only buy from this provider or never buy from that provider requires oversight, or it becomes a cesspool of bribery and corruption.

      There has to be oversight because, well, would you, as a shareholder, want your CEO to buy his supplies from a company that just happens to be owned by

    • In their defense, they do have a right to a hearing.

      One hearing. At which their lawsuit gets tossed. :)

    • Actually, the US Government has a fiduciary responsibility to taxpayers to buy the most cost effective product available for a given problem. Cost effecting meaning a balance of usability for the purpose intended and hard cost.

      **Busts out laughing at the absurdity of believing they will ever do this. **
  • by Anonymous Coward

    To win this, Kaspersky Labs is going to submit to discovery, which means the government will get to pour through their books, emails, and everything else.

    It's likely Kaspersky will fold once that starts if they have any underhanded ties to the Russian government.

    • by green1 ( 322787 )

      What about discovery on the other side? Shouldn't the government have to show their proof that Kaspersky software is compromised? So far the government has accused Kaspersky of a lot of things, but has never once shown even a shred of proof. Isn't it just as likely that the government should fold during the discovery?

      • Not really.

        All the government need argue is that they *could* be compromised by their corporate owners at any time and that this represents an undue risk to computer system security. Given that's a logical possibility argument, the burden of proof rests on Kaspersky to prove their product cannot be so modified.

        Given the code base is controlled by Russian interests, I think Kaspersky has a hard uphill climb on this one.

        • by green1 ( 322787 )

          The government hasn't said that it "Could" be compromised, they've stated repeatedly that it IS compromised. That's a very different thing.

          Kaspersky isn't suing them because they aren't buying the software, there'd be no grounds for that. They're suing because the government is making claims about the software that Kaspersky says are false. The burden of proof in such cases always rests on the party making the claim, and that's the US government.

          • I beg to differ.. News reporting clearly indicates that more than just the US Government is reporting that this product has been used in the past for nefarious purposes... This action by the US Government then is perfectly understandable.

            https://www.thetimes.co.uk/article/antivirus-firm-kaspersky-lab-ruled-by-russian-spies-2ghtw38ql

            • by green1 ( 322787 )

              Your article (which is paywalled so impossible to read) doesn't do anything to change the facts. The first few lines (which aren't paywalled) imply that the British government's security service did not feel that Kaspersky was enough of a risk to advise Brittons against using it, and states that an anonymous source said that Kaspersky wasn't trustworthy.

              So far the US government has never put forward even a single piece of evidence to the contrary, and the part of your article that I could read did not eithe

              • So you agree that the US government isn't the only one saying Kaspersky is risky to use, independently others have made the same claims, yet Kaspersky hasn't taken legal action on those other claims. The US government hasn't moved to prevent Kaspersky from doing commercial business within the USA or even advised citizens to not use their products as other countries have. So, What's this lawsuit about at this point?

                • by green1 ( 322787 )

                  I agree that a single anonymous source that was quoted by a journalist stated Kaspersky was a threat. That doesn't make them so.

                  As for taking those others to court? why bother? If your legal team wastes their time with every single person that says something bad about you you'll go broke litigating them all. It's better to stick to the ones that you can prove actually harm your business. And this one with the US government makes that easy.

                  If the US government really believes Kaspersky to be a threat, fine,

                  • BUT Kaspersky is NOT suing for liable, so this whole line of reasoning you are engaged in is moot, legally speaking.

      • National security trumps all of this. The US Government doesn't have to show its hand, it just has to say "we believe Kaspersky can be used by a foreign actor to compromise government systems", and pretty much that is that.

        • by green1 ( 322787 )

          Only in an authoritarian dictatorship... oh wait...

          • How is a national government banning AV software from its computers due to fears that it may be compromised authoritarian?

            • by green1 ( 322787 )

              "national security trumps all of this" is the part that only applies in authoritarian dictatorships.

              In free societies "national security" doesn't trump facts and reason.

              • In free societies, governments are still free to tell citizens of potential security risks and to choose what AV software they'll install. This has nothing to do with freedom, and everything to do with prudence.

                • by green1 ( 322787 )

                  They are free to tell citizens of security risks, but so far they refuse to do so.

                  Seems far more likely that the only "security risk" is Kaspersky's refusal to implement NSA back doors.

                  In free societies governments don't hide their motives, if they find something like this, they do the prudent thing and show their evidence. The fact they refuse to do so implies that it would make them look worse than it would make Kaspersky look. Why do you think that is?

  • by Opportunist ( 166417 ) on Wednesday February 14, 2018 @11:51AM (#56122077)

    If you don't let us get a backdoor into your products, you won't work in this country again.

    • by houghi ( 78078 )

      It indeed says a lot about others.

      With Kaspersky I know that at least the US does not have a backdoor. Because worst case scenario, all others have backdoors from everybody. So the Ruskies will read your things, no matter what.

  • lol why the hell is our government even allowing windows 10 on any and all government computers windows is 100% data mining everything that's done on a win 10 PC and that's OK though? in fact any software is suspect.
  • by Wayne Anderson ( 5083395 ) on Wednesday February 14, 2018 @12:50PM (#56122511)

    Completely aside from the political stuff of whether Kapersky is giving things to the FSB and is therefore an elevated risk - I wonder aloud about the constitutionality of a law targeting specific companies.

    • It's not a law or even a regulation... It's an Executive Branch policy based on security recommendations that they won't allow any government agency buy this product any more.

  • by Ivan Stepaniuk ( 1569563 ) on Wednesday February 14, 2018 @01:12PM (#56122727)

    It is not acceptable for a sovereign government that any company, especially a foreign one, has the ability to render the whole country's computer infrastructure to a halt with the flick of a switch on their automatic update servers.

    The system is already broken. Using closed source software puts any country sovereignty at stake. Your software providers' "red buttons" are bigger and faster than Trump's.

  • Why worry about what optional and replaceable or removable software might be doing when the hardware has a massive back door built in right from the factory. The existence of the Intel Management Engine ( and AMD's equivalent ) make worrying about Kaspersky ( or the far worse Win 10 ) the equivalent of bandaging a small scrape on an accident victim's hand while ignoring their sucking chest wound.
  • Should we really be using the title "czar" for someone who's supposed to be addressing potential hacking by _Russia_? I realize that term is commonly used as an informal title for these kind of positions (though I never really understood how that got started). But it seems to be particularly absurd here.

Fear is the greatest salesman. -- Robert Klein

Working...