German authorities recommend dropping software from Russian cybersecurity firm Kaspersky

The German agency responsible for cybersecurity (Federal Office for Information Security, BSI) announced on Tuesday, March 15, that it has recommended that antivirus software designed by Russian company Kaspersky be discontinued in the context of the invasion of Ukraine. In particular, the BSI recommends for sensitive companies and administrations to replace Kaspersky, a company based in Moscow. “by alternative products”

The digital bodyguard of the German state justifies its decision by the “significant risk” computer attacks carried out by Russia. The BSI even thinks it is possible that Moscow may be using Kaspersky to carry out these attacks.

“A Russian computer manufacturer could carry out offensive operations itself, be forced to attack target systems against its will, be the victim of a cyber operation without its knowledge, be spied on or used as a tool to carry out attacks on its own customers.” says the BSI.

In particular, the agency points out the fact that in order for antivirus software to function, it must have access to all parts of a computer, including the most sensitive. In addition, the BSI notes that such software must communicate very regularly with its company’s servers to retrieve updates necessary for its operation: so many opportunities for that company to launch possible computer attacks.

A “political” decision

In a statement, Kaspersky said: “not this decision[était] not based on a technical evaluation [de ses] Products but let her rest[ait] no doubt about political considerations”

Read also Eugène Kaspersky: “We are not helping any country with espionage”

The company also recalled that it had relocated some of its operations to Switzerland and that it was able to examine the source code of its core software. It also assured that independent audits of its computer systems have been conducted in recent years. She also states that the study of “malicious codes” found on the computers of European users is performed on European territory. “Kaspersky’s teams are actively investigating all possible risks associated with the current situation,” Finally, it insures the company, without jeopardizing the continuity of its activities.

The French equivalent of the BSI, the National Agency for the Security of Information Systems (Anssi), recently spoke out about the potential risks of using the Russian company’s software and took a much more cautious stance. “In the current context, the use of certain digital tools, especially those from the company Kaspersky, can be questioned because of their link to Russia. At this stage, no objective element justifies a change in the assessment of the quality level of the products and services provided. the agency wrote in early March. However, it suggested that those responsible for computer networks are thinking about a “diversification of cybersecurity solutions”in particular because of possible sanctions that could affect the company.

Read also Kaspersky is accused of espionage and explains how he obtained NSA tools

This is not the first time that Kaspersky’s possible proximity to the Kremlin has been publicly pointed out. In 2017, US authorities took steps to ban him from all federal networks, and numerous press leaks reported that Russian intelligence agencies were using Kaspersky to spy on the United States. Charges that had always been denied by the company. The BSI had taken a much more benevolent stance toward Kaspersky at the time. The latter had moved part of his activities to Switzerland, to Zurich, in order to counter this criticism of the instrumentalization of his activities, whether or not against his will, by the Russian state.