Russian Cyber Security Firm Kaspersky Moves Away From Moscow

Uploaded on 2018-11-23 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Russian cyber security firm Kaspersky Lab is moving key parts of its business out of Moscow in a bid to address the risks arising from its exposure to the Russian intelligence services.

Last year, the US Department for Homeland Security (DHS) and the UK's National Cyber Security Centre (NCSC) issued warnings regarding the use of Kaspersky software on critical government systems, citing legal powers in Russia, allowing the state to exert control over private companies.

The warnings left Kaspersky Lab needing to reassure customers that their data was handled properly in what it has called a global transparency initiative.

Crucial parts of its customer data processing and software production are being relocated to an automated data centre in a secured facility in the privacy haven of Zurich, where they will be open for inspection and audit by trusted third parties.

None of Kaspersky Lab's R&D staff will be based in Switzerland however. The company's vice president of public policy, Anton Shingarev, explained to Sky News that only certain automated parts of its infrastructure were being moved there, being hosted by the NYSE-listed Interxtion.

Despite NCSC's statement that it was working with Kaspersky Lab to develop a plan to prevent any UK data being captured by the Russian state, the company has instead offered, Mr Shingarev said, "a framework which is suicidal for us in case of abuse".

"If anything happens, it's going to be found sooner or later. And we intentionally, by ourselves, with our hands, [are creating] such a system."

This does not meet the standard of 100% proof that any transfers would be prevented, the VP acknowledged, but he claimed it did meet the NCSC's standards for a risk-based approach towards the company's software.

Robert Pritchard, who formerly worked for the UK government and has since founded the Cyber Security Expert consultancy, noted that Kaspersky Lab's products weren't being criticised in general and were well-thought of in the community.

"I think it was a shame that the NCSC's announcement was misinterpreted," he told Sky News, adding that on non-sensitive networks the company's products were not an issue.

That said, he added: "I have worked with clients who have very good reason to fear they're being targeted by Russian foreign intelligence, and I would encourage them to not use Kaspersky."

At a launch event celebrating the beginning of European customers' data being processed in Zurich, Mr Shingarev denounced what he saw as growing "tech nationalism" around the world with products being banned because of their country of origin, but said Kaspersky Lab would have to find a way to overcome it regardless.

The company's infrastructure, which has been moved, was implicated in media reports alleging the firm's anti-virus product was used by the Kremlin to steal secret US hacking tools from the computer of a National Security Agency employee who had illegally taken them home.

By moving them to Zurich and keeping an audit record of all of Kaspersky Lab's Moscow-based staff's interactions with them, the company aims to preclude allegations that the Russian state could secretly interfere with its business.

Saying that the data cannot be accessed in secret is not same as saying it cannot be got at all, and it is not clear how reassured the company's government customers will be by the proposed transparency facility.

Mr Shingarev told Sky News: "How can [the code review] guarantee that there is no GRU, GCHQ, CIA - name them - spies in our company? It's almost impossible to have a 100% guarantee.

“Of course we've got all these checks, of course we've got audits, of course we've got all these matters, but there is no simple fast solution to remove the risk," he added.

Sky News:

You Might Also Read:

Russian Spies Used Kaspersky Anti-V To Hack NSA

« Shush... Russian Banks Under Phishing Attack
Australia And NZ Announce Joint Pacific Cyber Cooperation »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Wooxo

Wooxo

Wooxo provides business security and continuity solutions to protect business data for organisation of all sizes.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

SecuLore

SecuLore

An innovator in public-safety-focused cybersecurity, SecuLore is dedicated to protecting critical infrastructure from cyber attacks.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.

Syntura

Syntura

Syntura is your trusted partner for advisory, infrastructure and managed services.

Promptfoo

Promptfoo

Promptfoo helps developers and enterprises build secure, reliable AI applications.