Kaspersky offers to turn over source code to US government

In light of a bill which would prohibit the Pentagon from using Kaspersky software, Eugene Kaspersky, CEO of Kaspersky Labs, said he would let the US government examine the source code to show that Kaspersky Lab is not in bed with the Russian government.

“If the United States needs, we can disclose the source code,” Kaspersky told the Associated Press. He’s willing to testify before Congress as well. “Anything I can do to prove that we don’t behave maliciously I will do it.”

It’s unclear if the US government will take Kaspersky up on the offer to audit the code or if an audit would sway the opinion of US intelligence officials. A month ago, chiefs of the NSA, CIA and FBI testified that they would not be comfortable using Kaspersky products.

Last week, the Senate Armed Services Committee amended a spending bill which would ban the use of Kaspersky software at the US Defense Department. The bill suggested that Kaspersky software platforms “might be vulnerable to Russian government influence.”

Senator Jeanne Shaheen said Kaspersky products “cannot be trusted to protect critical infrastructure.” ABC News, which saw a copy of the amendment, reported that it states:

No “element of the Department of Defense may use, whether directly or through work with or on behalf of another … [element] of the United States Government, any software platform developed, in whole or in part, by Kaspersky Lab or any entity of which Kaspersky Lab has a majority ownership.”

It goes on to state that the network connection between the DoD and any department or agency using Kaspersky products will be “immediately severed.”

An unnamed congressional source added that Shaheen crafted the language “to [tell] the rest of the federal government that if you’re going to connect to DOD, you can’t use this stuff either.”

Kaspersky has research facilities in the US. The day before the defense spending policy bill was passed by the Senate Armed Services Committee, the FBI reportedly “paid visits to at least a dozen employees of Kaspersky, asking questions about the company’s operations as part of a counter-intelligence inquiry.”

As a result of that questioning, Kaspersky told the Associated Press, “Unfortunately, now the links to the FBI are completely ruined. It means that if some serious crime happens that needs Russian law enforcement to cooperate with FBI, unfortunately it’s not possible.”

Russia has asked US security firms to hand over their source code for audits, to check for hidden backdoors; Symantec, IBM, Cisco, Hewlett Packard Enterprise Co and McAfee have agreed to the audits in the past. However, Symantec recently refused to play ball anymore with the Russians. The company said, “One of the labs inspecting its products was not independent enough from the Russian government.”

While Kaspersky wouldn’t not specify which countries, he said some governments have “tried to nudge him toward hacking – what he calls ‘the dark side’.” He stopped the talks when the officials, who weren’t Russian, tried to get Kaspersky to launch cyberattacks instead of defending against them.

It remains to be seen if the US will even agree to Kaspersky’s offer to audit source code or if the code alone would allay suspicions which have been around to years about Kaspersky Lab being tied to the Russian government.