The war in Ukraine and Russia’s threats to NATO have prompted Germany to warn its citizens against using Kaspersky’s antivirus software.
On Tuesday, Germany’s Federal Office for Information Security (BSI) issued an alert that urges people in the country to swap Kaspersky antivirus for another security product. Kaspersky is headquartered in Russia and has long faced allegations that it has ties to the Kremlin.
The BSI’s main worry is that Putin’s regime will compel Kaspersky to conduct surveillance and other malicious activities against its customers to help in the war effort.
In an FAQ, the BSI writes: “The warlike actions of Russia as well as the threats made against the EU, NATO, and the Federal Republic of Germany harbor a considerable risk of a successful IT attack, which could have far-reaching consequences. It cannot currently be ruled out that the company will be forced against its will to attack systems or pass on confidential data.”
Kaspersky is pushing back against the warning, calling the accusations unfounded. “We believe this decision is not based on a technical assessment of Kaspersky products—that we continuously advocated for with the BSI and across Europe—but instead is being made on political grounds,” the company said in a statement.
Indeed, the warning from Germany’s BSI offers no technical evidence that shows Kaspersky products are a threat. Nevertheless, the government agency said it couldn’t “rule out” the risk of a Russian-sponsored cyberattack arriving through the company’s products, particularly for corporations and critical infrastructure operators in Germany.
The problem is that antivirus software possesses “extensive system authorizations,” the BSI says, which could make the products a tempting tool for the Kremlin to abuse, even though the threat is theoretical at this point.
Perhaps not helping the matter is how Kaspersky’s CEO hasn’t cast much blame on the Kremlin for invading Ukraine. “So if you want to be on the safe side, you should use other antivirus software for the time being,” the BSI says in the FAQ.
Kaspersky counters that it’s a “private company [that] does not have any ties to the Russian or any other government.”
The company adds: “Our data processing infrastructure was relocated to Switzerland in 2018: Since then, malicious and suspicious files voluntarily shared by users of Kaspersky products in Germany are processed in two data centers in Zurich that provide world-class facilities, in compliance with industry standards, to ensure the highest levels of security.”
In addition, Kaspersky’s transparency tools include allowing enterprise customers and government agencies to review the company’s source code for its leading products.
It’s not the first time a government has warned against using Kaspersky products, though. In 2017, the US banned Kaspersky antivirus from federal systems, claiming that Russian law paves a way for the Kremlin “to request or compel assistance from Kaspersky” to hand over customer data moving through Russian internet networks.
That came after Kaspersky admitted its antivirus software had accidentally downloaded secret hacking tools from the US National Security Agency due to the files being flagged as malware on a NSA contractor’s personal computer.