Kaspersky offers to turn over source code to U.S. government

Kaspersky said the U.S. government can audit its source code, a move meant to prove Kaspersky Lab is not in bed with the Russian government

In light of a bill that would prohibit the Pentagon from using Kaspersky software, Eugene Kaspersky, CEO of Kaspersky Labs, said he would let the U.S. government examine the source code to show that Kaspersky Lab is not in bed with the Russian government.

“If the United States needs, we can disclose the source code,” Kaspersky told the Associated Press. He’s willing to testify before Congress as well. “Anything I can do to prove that we don’t behave maliciously I will do it.”

It’s unclear if the U.S. government will take Kaspersky up on the offer to audit the code or if an audit would sway the opinion of U.S. intelligence officials. A month ago, chiefs of the NSA, CIA and FBI testified that they would not be comfortable using Kaspersky products.

Last week, the Senate Armed Services Committee amended a spending bill that would ban the use of Kaspersky software at the U.S. Defense Department. The bill suggested that Kaspersky software platforms “might be vulnerable to Russian government influence.”

Sen. Jeanne Shaheen (D-N.H.) said Kaspersky products “cannot be trusted to protect critical infrastructure.” ABC News, which saw a copy of the amendment, reported that it states:

No “element of the Department of Defense may use, whether directly or through work with or on behalf of another … [element] of the United States Government, any software platform developed, in whole or in part, by Kaspersky Lab or any entity of which Kaspersky Lab has a majority ownership.”

It goes on to state that the network connection between the DoD and any department or agency using Kaspersky products will be “immediately severed.”

An unnamed congressional source added that Shaheen crafted the language “to [tell] the rest of the federal government that if you’re going to connect to DoD, you can’t use this stuff either.”

Kaspersky has research facilities in the U.S. The day before the defense spending policy bill was passed by the Senate Armed Services Committee, the FBI reportedly “paid visits to at least a dozen employees of Kaspersky, asking questions about the company’s operations as part of a counter-intelligence inquiry.”

As a result of that questioning, Kaspersky told the Associated Press, “Unfortunately, now the links to the FBI are completely ruined. It means that if some serious crime happens that needs Russian law enforcement to cooperate with FBI, unfortunately it’s not possible.”

Russia has asked U.S. security firms to hand over their source code for audits to check for hidden backdoors. Symantec, IBM, Cisco, Hewlett Packard Enterprise and McAfee have agreed to the audits in the past. However, Symantec recently refused to play ball anymore with the Russians. Symantec said, “One of the labs inspecting its products was not independent enough from the Russian government.”

While Kaspersky wouldn’t not specify which countries, he said some governments have “tried to nudge him toward hacking—what he calls ‘the dark side.’” He stopped the talks when the officials, who weren’t Russian, tried to get Kaspersky to launch cyber attacks instead of defending against them.

It remains to be seen if the U.S. will even agree to Kaspersky’s offer to audit source code or if the code alone would allay suspicions that have been around for years about Kaspersky Lab being tied to the Russian government.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.