Dhe German cyber security authority, the Federal Office for Information Security (BSI), issued a warning on Tuesday about anti-virus programs from the Russian manufacturer Kaspersky. This warning is obviously primarily politically motivated. This is suggested not only by the disappointed reaction of the affected Russian IT security company, but also by the Bonn office itself.
A spokesman for the authority, which is part of the Federal Ministry of the Interior, said when asked by the FAZ that there were no new findings about the software. Nevertheless, one has to consider the extensive system rights that antivirus software has in IT infrastructures – and that makes it necessary to reassess the risk situation. “In the case of a manufacturer who cannot escape the influence of the Russian state, there is a great danger in the current security situation when using antivirus software,” said the spokesman.
The BSI carried out its reassessment in coordination with the responsible ministries and federal authorities, it said. In addition, the spokesman emphasized that the office had been asked several times about possible dangers of the software. “Every user of Kaspersky software has to do their own risk assessment – we can’t do that for them,” he said.
Kaspersky complains of political condemnation
The BSI warning published on Tuesday recommends “replacing applications from Kaspersky’s portfolio of anti-virus software with alternative products”. However, companies and other organizations should plan and implement the exchange carefully. The Russian invasion of Ukraine and the activities of the Russian secret services, in connection with the Russian threats against the West, meant the “considerable risk of a successful IT attack” on Germany. A Russian IT provider like Kaspersky can either carry out such attacks itself or be forced to do so against their will.
In response to the BSI’s warning, the company said it was of the opinion “that this decision was not based on the technical evaluation of Kaspersky products, but rather was made for political reasons”. Kaspersky assured partners and customers “of the quality and integrity of our products” and announced that it would work with the Bonn authority “to clarify the decision and to dispel the concerns of the BSI or other regulatory authorities”.
In the past, Kaspersky has repeatedly been confronted with allegations of espionage, albeit without presenting any evidence. In America, the Trump administration has banned federal agencies from using the Russian company’s antivirus software. Kaspersky reacted to this with a “transparency initiative”, which, among other things, granted access to its source code, and a relocation of data to data centers in Switzerland.
Eintracht Frankfurt terminates sponsorship contract
It was initially unclear what the new BSI warning meant for the company. In Germany, Kaspersky says it makes 70 percent of its sales with private customers and 30 percent with companies and government agencies.
At least one business partner drew a direct consequence on Tuesday in response to the BSI: The Bundesliga soccer club Eintracht Frankfurt is ending its sponsorship contract, which has been running since 2018, with immediate effect. The Hessians cited the warning from the BSI as the reason. As a result, a partnership based on trust in the products and services is no longer possible for Eintracht in this highly sensitive area. Board spokesman Axel Hellmann said that the development was greatly regretted.