Kaspersky Suspends Collaboration With Europol and NoMoreRansom
Kaspersky Lab has suspended its collaboration with Europol and the NoMoreRansom initiative after the European Parliament passed a resolution that describes the company’s software as being “malicious.”
Kaspersky is not trusted by some governments due to its alleged ties to Russian intelligence, which has sparked concerns that the company may be spying for Moscow.
The call for a ban on Kaspersky’s products in the European Union is part of a report on cyber defense written by Estonian MEP Urmas Paet of the Committee on Foreign Affairs.
The next-to-last proposal in the report “Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab.”
The resolution was approved with 476 votes in favor and 151 against. In response, Kaspersky Lab’s founder and CEO, Eugene Kaspersky, said his company would be freezing collaboration with Europol and the NoMoreRansom project, and highlighted that the EU’s decision “welcomes cybercrime in Europe.”
Kaspersky is one of the private sector companies that founded NoMoreRansom, and it has helped Europol in several major cybercrime investigations, including a $1 billion cyber-heist.
“[It is] frustrating that there was no investigation, no evidence of any wrongdoing from our side, just references to false allegations from anonymous sources. This is the essence of media-ocracy: fake news → political decisions,” Eugene Kaspersky said on Twitter. “The risks of using our software are purely hypothetical. Just as hypothetical as with any other cybersecurity software of any country. But the risk of becoming a victim of a genuine cyberattack is real – and extremely high. Ergo: EP’s political decision plays *for* cybercrime.”
Interestingly, an answer given in April by the European Commissioner for Digital Economy and Society, Mariya Gabriel, in response to a question from Polish politician Anna Fotyga regarding the risks associated with the use of Kaspersky software states that “the Commission has no indication for any danger associated with this anti-virus engine.”
On the other hand, Paet says he stands by his report. “These decisions must be taken seriously, they have not been taken out of the blue but instead have been drawn from various partners and intelligence sources. Considering the overall situation of EU-Russia relations, and Russia’s aggressive behaviour, we should not be taking risks that could cause serious damage to the EU,” he told EURACTIV after the vote.
The report is not legally binding, but it could influence some EU member states, especially since the U.K., the Netherlands and Lithuania have already moved to ban the use of Kaspersky software on sensitive systems. Kaspersky took legal action in the United States in an effort to overturn a decision to prohibit the use of its products by government agencies, but a judge rejected the lawsuit.
Many in the cybersecurity industry are skeptical of the accusations against Kaspersky, especially since no evidence of wrongdoing has been provided and many decisions related to the company appear to be based on media reports.
The security firm has been trying to clear its reputation, first by launching a transparency initiative that included giving partners access to source code, and more recently by announcing a move of core processes from Russia to Switzerland.
UPDATE. Kaspersky Lab has provided SecurityWeek the following statement:
“Today, the European Parliament voted on a report in which Polish representative, MEP Fotyga included an amendment referencing Kaspersky Lab which is based on untrue statements. Although this report has no legislative power it demonstrates a distinct lack of respect for the company which has been a firm friend of Europe in the fight against cybercrime. It is for that reason that Kaspersky Lab has taken the difficult decision to temporarily halt our numerous collaborative European cybercrime-fighting initiatives, including that with Europol, until we receive further official clarifications from the European Parliament.
“On account of this news, we will regretfully have to pause one of our successful joint initiatives – NoMoreRansom project – recognised by the European Parliament Research Services as a successful case of public-private cooperation in their recent report – helped many organisations and users to decrypt files on their devices, saving them from financial losses. We hope to be able to resume this and other European collaborative efforts soon.
“Kaspersky Lab and its CEO Eugene Kaspersky believe that the decision of the European Parliament encourages cybercrime in Europe. We believe that it does not contribute towards building an open and secure Digital Single Market but rather make it more fragmented and less competitive.
“Our 400 million users around the globe, trust us to protect their data. We will continue to successfully work with institutions and organisations to deliver a tangible po
sitive impact by fighting cybercrime and defending European and global citizens from cyberthreats. Indeed, in April the European Commission officially stated that ‘the Commission has no indication for any danger associated with this anti-virus engine’.
“As a sign of our commitment to transparency and openness, we have just announced our decision to open a world-first new Transparency Centre in Switzerland where we will move part of our R&D operations that deal with data collection and processing and will be open to third parties reviewing our software.
“Kaspersky Lab remains willing to meet with MEPs to address any questions about the business, its leadership, expertise, technologies and methodology that they may have.”
Related: Trust Your Security Vendor, ‘They Have Access to Everything You Do,’ Says F-Secure Research Chief
Related: Twitter Bans Ads From Kaspersky Lab