Kaspersky Hits Back at "Politically Motivated" BSI Advisory

Russian AV firm Kaspersky has hit back at the German authorities after they advised organizations to replace the firm’s products due to heightened east-west tensions.

The Federal Office for Information Security (BSI) yesterday argued that critical infrastructure providers and organizations “with special security interests” were particularly exposed.

“The actions of military and/or intelligence forces in Russia and the threats made by Russia against the EU, NATO and the Federal Republic of Germany in the course of the current military conflict are associated with a considerable risk of a successful IT attack” it explained. 

“A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.”

However, in a strongly worded reply on the same day, Kaspersky claimed that, as a private company, it has no ties to the Russian government and that the BSI’s decision was a political rather than a technical one.

“Our data processing infrastructure was relocated to Switzerland in 2018: since then, malicious and suspicious files voluntarily shared by users of Kaspersky products in Germany are processed in two data centers in Zurich that provide world-class facilities, in compliance with industry standards, to ensure the highest levels of security,” the firm explained.

“Beyond our cyber-threat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky can be processed on the Kaspersky Security Network’s services located in various countries around the world, including Canada and Germany. The security and integrity of our data services and engineering practices have been confirmed by independent third-party assessments: through the SOC 2 Audit conducted by a ‘Big Four’ auditor, and through the ISO27001 certification and recent re-certification by TÜV Austria.”

In a bid to improve transparency over the years, Kaspersky has increasingly focused on transparency measures to allay fears about Kremlin’s involvement in its operations.

To that end, the firm said customers can run “a free technical and comprehensive review” of its products to check things like source code, software development documentation, AV database updates and a software bill of materials.

“We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn’t good for anyone,” it added.

What’s Hot on Infosecurity Magazine?