- British spies are reportedly worried that Russia is using security software distributed by Kaspersky to spy on two million Barclays customers.
- The UK bank has given Kaspersky’s software away for free to its online banking customers since 2008.
- Barclays will drop the Kaspersky deal for “commercial reasons” but said it had never been advised by GCHQ against using the firm’s products.
- Kaspersky’s founder, Eugene Kaspersky, has dismissed the report as a rumour.
- The accusations come after the US Department of Homeland Security banned all Kaspersky products from government departments.
The UK’s intelligence service is reportedly worried that Russia may be using Kaspersky security software to spy on as many as 2 million Barclays customers, according to a Whitehall official speaking anonymously to The Financial Times.
Barclays has offered security software from Kaspersky software as a free perk to its online banking customers since 2008. At the time, Barclays had at least 2 million online banking customers.
According to the anonymous official, the UK’s intelligence agency GCHQ fears that Russia could be using the software to spy on customers, who would potentially include government workers and members of the military.
Kaspersky is a Russian firm and its billionaire founder, Eugene Kaspersky, was educated at a technical facility sponsored by Russia’s security agency at the time, the FSB.
Eugene Kaspersky denied the report on Twitter.
“This story is based on rumours from unnamed sources, rather than specific facts that we can address,” he told a CNN reporter.
According to The Financial Times, Barclays is seeking to end its commercial arrangement with Kaspersky — but a spokesman said this was for commercial reasons. The bank said it had never received advice from GCHQ’s commercial arm, the NSCS, to stop using Kaspersky products.
The NSCS also said it had never banned the use of Kaspersky products.
A spokesman told the newspaper: “The NCSC has never advised Barclays against the use of Kaspersky products. Any suggestion to the contrary is categorically untrue. The NCSC is not a regulator and does not mandate or ban any products. Our certification schemes do not currently cover anti-virus or anti-malware services.”
Adam Maskatiya, general manager in the UK and Ireland for Kaspersky, added: “Kaspersky Lab continues to work with Barclays to provide its customers with internet security. Barclays, through its global reach, has done much to improve public awareness of cybersecurity threats and we look forward to continuing our relationship to help keep its customers protected online.”
There’s still no official UK government line on Kaspersky
As yet, there’s no official British line on Kaspersky and its rumoured links to the Russian government.
But the comments from the anonymous Whitehall source follow months of controversy for the firm in the US.
The Department of Homeland Security banned Kaspersky products from US government departments in September. At the time, it said: “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalise on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security.”
In October, the company acknowledged its software located secret files on a private US computer and sent them to Moscow for analysis. The files turned out to comprise surveillance tools developed by America’s intelligence agency the NSA.
Kaspersky today again denied inappropriate ties to any government.
A spokesman said: “Kaspersky Lab assists law enforcement agencies around the world with cyberthreats, including those in Russia, by providing cybersecurity expertise on malware and cyberattacks. When assisting in official government cybercrime investigations, the company only provides technical expertise throughout the investigation to help the organisation catch cybercriminals.
“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organisations from cyberthreats, but it does not have unethical ties or disreputable affiliations with any government, including Russia.”