Whistle-blower claims Kaspersky is run by Russian former secret agents
Former senior Kaspersky employee repotedly refers to the vendor's product as 'a kitchen knife that can slice bread or stab people'
A former Kaspersky senior manager has claimed that the vendor is controlled by former Russian spies and can access clients' information at will, according to a report by Buzzfeed and Russia-focused news site Meduza.
The whistle-blower, who spoke anonymously, claimed to have been present when Kaspersky experts demonstrated their capabilities by hacking into the computers of UK-based firm Gamma Group, which Kaspersky has denied.
He said that during his time at the vendor there had been a power struggle between pro-Russian intelligence Kaspersky bosses, and US investors who wanted to take the company public.
However, the source claimed Eugene Kaspersky stepped in after the kidnapping of his son in 2011; scrapping plans for an IPO and getting rid of the Western investors.
Kaspersky has always denied the allegations that it is in bed with the Russian government and has specifically rejected these most recent claims.
The article was first published in Russian by Meduza - a Latvian news publication created by Russian journalists who left Russia to avoid government censorship - with an English version published by Buzzfeed.
According to Buzzfeed, the source refers specifically to the Kaspersky Security Network (KSN) as key to the Russian intelligence services, which allows it to examine files on a user's computer.
"It's like an awesome kitchen knife that can be used for superbly slicing bread, or stabbing people," he said.
Reports of potential links between Kaspersky and the Russian intelligence agencies surfaced in 2015, with a report from Bloomberg receiving particular attention, but last year the US government showed its hand and banned all departments from using Kaspersky products.
The UK's National Cyber Security Centre also issued a warning last year.
Kaspersky has since filed a lawsuit against the damage caused by the US' decision, claiming it has driven down its retail sales by 50 per cent.
The vendor announced last year that it had closed its Washington office, but according to the source the US business is "virtually closed" now.
In a lengthy statement sent to CRN Kaspersky hit back at the claims made by Buzzfeed and Meduza, insisting that the articles "present no substantial evidence of any wrongdoing the company is continuously accused of".
"We do share concerns UK government officials have about supply chain cybersecurity risks in protecting critical national networks," Kaspersky said. "We believe that the industry needs to come up with more efficient validation criteria rather than excluding software based on its HQ location or the background of its top management.
"Most companies in cybersecurity, by the nature of their business, have former intelligence and law enforcement officers on their payroll, so the way to dismiss any suspicions about their influence on those companies would be to only use domestic software or to create above mentioned standards.
"Due to the global nature of software development governments and large enterprises need to use the best software solutions. Many of these organisations deploy software that has been developed outside their national borders, so only using domestic software might not work in all cases."
It also pointed to its recently announced transparency initiative as proof that it has nothing to hide, which will see its source codes subjected to independent reviews.