The drama surrounding Russian cybersecurity giant Kaspersky Labs, whom U.S. authorities have accused of working closely with Russian intelligence, has entered a new stage — and found a new player. This time, the alleged Kremlin conspirators have found themselves in the crosshairs of the European Union.
On Wednesday, the European Parliament approved new measures aimed at bolstering cybersecurity practices throughout the region to protect its members from external cyberattacks. The document calls out Kaspersky by name as “malicious” and demands an E.U.-wide ban of the company’s software.
Eugene Kaspersky, the company’s founder and CEO, quickly responded on social media after the motion’s release.
“We have protected the EU for 20 years working with law enforcement leading to multiple arrests of cyber criminals,” Kaspersky said on Twitter. “Based upon today’s unprecedented, zero-evidence decision from the EU Parliament, we are forced to freeze our cooperation with LE organizations including Europol & #NoMoreRansom.”
From an emailed Kaspersky statement:
Today, the European Parliament voted on a report in which Polish representative, MEP Fotyga included an amendment referencing Kaspersky Lab which is based on untrue statements. Although this report has no legislative power, it demonstrates a distinct lack of respect for the company which has been a firm friend of Europe in the fight against cybercrime. It is for that reason that Kaspersky Lab has taken the difficult decision to temporarily halt our numerous collaborative European cybercrime-fighting initiatives, including that with Europol, until we receive further official clarifications from the European Parliament.
Kaspersky will pause its NoMoreRansom project — a joint venture between Kaspersky Labs, McAfee, and Europol’s Cybercrime Center that helps ransomware victims retrieve encrypted data without paying ransoms.
This most recent accusation comes amid an ongoing beef between the company and the U.S. government. Following allegations that Kaspersky aided Russian foreign-intelligence services in stealing sensitive U.S. government secrets, the Department of Homeland Security released an order banning the use of all Kaspersky software by U.S. government employees. The report claimed it was concerned “about the ties between certain Kaspersky officials and Russian intelligence and other government agencies.”
“The risk that that Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
Despite the mounting criticism, Kaspersky has denied allegations of any collusion with Russian intelligence agencies. In December, the company went as far as to file a lawsuit against the DOH claiming they were denied due process.
Kaspersky’s troubles extend past governments as well. In April, Twitter announced that they would no longer host Kaspersky Labs advertisements due to its alleged ties to Russian intelligence agencies.
Are the charges against Kaspersky fair? Security experts are divided. While questions surround Kaspersky’s ties to intelligence agencies are nothing new, some have accused these most recent rounds of lacking sufficient evidence.
In an October Wired article, Errata Security consultant Rob Graham criticized the accusations levied against Kaspersky and said they lacked clarity. “Our government hasn’t even been clear about what they’re accusing Kaspersky of,” Graham wrote. “We’re just getting propaganda on this issue and no hard data.”
Others are less reserved in their judgements of Kaspersky. In a Twitter post, security researcher Dan Guido publicly expressed his concern over Kaspersky’s annual SAS conference which he referred to as a “purposefully engineered opportunity for Russian intelligence to get close to hackers they care about.”
Still, the E.U. decision marks a significant blow to Kaspersky’s credibility. It also means one more name removed from Kaspersky’s dwindling list of friends.