LANSING – At least two local governments in Greater Lansing use software from a company the federal government says could be used as a backdoor for Russian hackers.
Software from Kaspersky Lab — a long-popular antivirus firm based in Moscow and used by millions of governments, businesses and individuals internationally — is used to protect computer systems in the city of Lansing and Eaton County, officials from those places said.
As congressional and other federal investigations into Russian interference in the 2016 U.S. election continue, however, U.S. officials have taken steps to prohibit Kaspersky software from federal systems over fears the software poses a security risk.
Neither Lansing nor Eaton County use Kaspersky on elections-related systems, officials in both municipalities said, and the software could be dropped in both places soon.
Lansing “does make limited use of Kaspersky software on legacy systems that are being phased out of production by the end of this year,” Randy Hannan, chief of staff to Mayor Virg Bernero, said in an email to the State Journal. Citing security concerns, Hannan would not say which systems used Kaspersky — though explicitly said it is not on elections systems — and he said Kaspersky will not be used once the legacy systems are phased out.
Eaton County uses Kaspersky software countywide on all systems except the elections network, Controller/Administrator John Fuentes said in an email. However, the county is currently performing a routine review of its software choices and “will look to see if other products will work better for the county,” Fuentes said. “The recent federal government warnings will be taken into consideration as part of our overall evaluation.”
The county has used the software for five years without issue, Fuentes said.
Ingham and Clinton counties and several other Lansing-area governments told the State Journal they do not use Kaspersky software. Neither does state government, Caleb Buhs, a spokesman for the Michigan Department of Technology, Management & Budget, said in an email.
For decades, Kaspersky has been accused of, and denied, being involved with the Russian government. But the company has taken new heat since U.S. intelligence agencies determined Russia interfered with the 2016 presidential contest, including apparent attempts to access local governments’ voting systems.
Last month, the U.S. General Services Administration removed Kaspersky from the federal government’s list of approved vendors and some lawmakers are pushing to prohibit the Defense Department from using the software.
Though there’s no evidence Moscow changed vote totals in America, a National Security Agency report leaked to media this summer said Russian agents had hacked a U.S. elections software supplier and sent “phishing” emails to at least 100 elections officials around the country who used that supplier.