Biden bans US sales of Kaspersky software over ties to Russia


The Biden administration on Thursday announced plans to bar the sale in the United States of antivirus software made by Russia's Kaspersky Lab, citing the firm's large American customers, which include critical infrastructure providers and state and local governments.

Commerce Secretary Gina Raimondo said in a briefing call with reporters on Thursday that Moscow's influence over the company poses a significant risk. One source said the software's privileged access to computer systems could allow it to steal sensitive information from U.S. computers or install malware and prevent critical updates, increasing the threat.

“Russia has demonstrated it has the capability and intent to exploit Russian companies like Kaspersky to collect and weaponize Americans' personal information, and that is why we feel compelled to take the actions we are taking today,” Raimondo said on the call.

Kaspersky Lab and the Russian embassy did not respond to requests for comment. Earlier, Kaspersky said it was a privately managed company with no ties to the Russian government.

Raimondo said the new rule, using broad powers created by the Trump administration, would be a further step to add three of the company's units to a trade sanctions list, which would deal a blow to the company's reputation and could impact its foreign sales.

The plan to add the cybersecurity company to the Entity List, which effectively bars the company's US suppliers from selling to it, and the timing and details of the software sales ban were first reported by Reuters.

The moves reflect the Biden administration's efforts to head off any threat of Russian cyberattacks emanating from Kaspersky software and maintain pressure on Moscow as its war efforts in Ukraine gather pace and the United States runs short of new sanctions to impose on Russia.

It also shows the administration is using a powerful new authority that allows it to ban or limit transactions between U.S. firms and internet, telecommunications and technology companies from “foreign adversary” countries such as Russia and China.

“We would never give an adversary the keys to our networks or devices, so it's crazy to think we would continue to allow Russian software to be sold to Americans with the deepest possible device access,” said Democratic Senator Mark Warner, chairman of the Senate Intelligence Committee.

The new restrictions on inbound sales of Kaspersky software, which will also prohibit downloads of software updates, reselling and licensing of the product, will take effect on September 29, 100 days after publication, to give businesses time to find alternatives. New US business for Kaspersky will be blocked 30 days after the restrictions are announced.

Sales of white-label products — which integrate Kaspersky into software sold under a different brand name — will also be prohibited, the source said. He added that the Commerce Department will notify companies before taking enforcement action against them.

The Commerce Department will also add two Russian and one UK-based units of Kaspersky to the Entity List for allegedly collaborating with Russian military intelligence to support Moscow's cyber intelligence goals.

Kaspersky's Russian business is already subject to broad export restrictions imposed by the US over Moscow's invasion of Ukraine. But now its UK-based unit will be effectively barred from receiving goods from US suppliers.

Kaspersky has long been a target of regulators. In 2017, the Department of Homeland Security banned its flagship antivirus product from federal networks, alleging ties to Russian intelligence and saying Russian law allows intelligence agencies to seek assistance from Kaspersky to intercept communications using Russian networks.

Media reports at the time alleged that Kaspersky Lab was involved in obtaining hacking tools from a National Security Agency employee that eventually ended up in the hands of the Russian government. Kaspersky responded by saying that it had obtained the code but no third party had seen it.

The company's US business came under increasing pressure after Moscow took action against Kiev. According to a Reuters report, the day after Russia invaded Ukraine in February 2022, the US government privately warned some US companies that Moscow could manipulate software designed by Kaspersky to cause harm.

The battle prompted the Commerce Department to step up a national security investigation into the software, first reported by Reuters, resulting in the action on Thursday.

Under the new rules, vendors and resellers who violate the ban will face fines from the Commerce Department, the source said. If someone knowingly violates the ban, the Justice Department can file a criminal case. Software users will not face legal penalties, but they will be strongly encouraged to stop using it.

Kaspersky, a British holding company with operations in Massachusetts, said in a corporate profile that it generated $752 million in revenue from more than 220,000 corporate clients in nearly 200 countries in 2022. Its website lists Italian automaker Piaggio, Volkswagen's retail division in Spain and the Qatar Olympic Committee among its clients.

Leave a Comment

“The Untold Story: Yung Miami’s Response to Jimmy Butler’s Advances During an NBA Playoff Game” “Unveiling the Secrets: 15 Astonishing Facts About the PGA Championship”