A Russian cybersecurity firm whose products current and former U.S. officials suspect Moscow has used as a tool for spying was flagged by U.S. military intelligence as a potential security threat as early as 2004, according to new information the Defense Department provided to Congress, The Wall Street Journal reports.
In 2013, the Defense Intelligence Agency, the U.S. military spy service, also issued a Pentagon-wide threat assessment about products made by the company, Kaspersky Lab, according to an email this week from the Pentagon to the House Committee on Science, Space and Technology. The contents of the assessment weren’t disclosed.
The DIA “began producing threat reporting referencing Kaspersky Lab as a threat actor as early as 2004,” according to the email, reviewed by The Wall Street Journal, raising questions about why other federal agencies continued to use the firm’s products.
The Journal reported in October that hackers suspected of working for the Russian government targeted a National Security Agency contractor through the contractor’s use of Kaspersky Lab antivirus software and stole details of how the U.S. penetrates foreign computer networks.
Kaspersky has long said it doesn’t assist the Russian government with spying on other countries.
The revelation about Kaspersky comes as concern over Russian infiltration of American computer networks and social-media platforms is growing after the U.S. intelligence assessment that the Russian government worked to help President Donald Trump’s 2016 campaign. Russia has denied meddling in the election.
Kaspersky published a report on Thursday saying that the computer it believes may have belonged to the NSA contractor in question was infected with other malware that could have been responsible for ex-filtrating information.
The company said in a separate statement, in response to the revelation that U.S. military intelligence flagged the firm as a threat actor, that it remains “ready to work with the U.S. government to address any and all concerns and further collaborate to mitigate against cyber threats, regardless of their origin or purpose.” It added: “we maintain that there has yet to be any credible evidence of the risks presented by the company’s products.”
The DIA’s threat analysis center, established in 2009, circulated analysis regarding Kaspersky Lab to various acquisition programs within the Pentagon, according to the email. It also made its views about the potential threat posed by Kaspersky Lab known to other agencies as early as 2012, the email said.
The email the Pentagon official sent this week was a follow-up to questions posed by the committee chairman, Rep. Lamar Smith (R., Texas), about why the Pentagon had decided not to use Kaspersky products while other U.S. federal agencies felt safe to do so.
A top Pentagon cybersecurity official, Essye Miller, told the committee at a hearing this week that the Defense Department hadn’t used Kaspersky products because of intelligence information regarding the firm.