kaspersky
Eugene Kaspersky, the CEO of Kaspersky Lab, has denied claims that his company poses a cybersecurity threat - File photo REUTERS/Maxim Shemetov

The Pentagon's military intelligence arm had identified Russian cybersecurity firm Kaspersky Lab's software as a potential threat back in 2004, according to recent correspondence with the US Congress.

Over the past few months, the Moscow-based cybersecurity firm has struggled to fend off suspicions of Russian government influence as probes into Moscow's meddling in the 2016 presidential election continues to heat up.

In September, the US Department of Homeland Security (DHS) banned the use of Kaspersky's anti-virus software by federal agencies and departments, citing potential risks to national security, more than a decade after the Pentagon first flagged the company's software.

Reports have recently linked Kaspersky software to the alleged theft of NSA hacking tools and other documents in 2015. Kaspersky has continued to deny the allegations and said it doesn't assist the Russian government to spy on other nations.

However, the Defence Intelligence Agency (DIA) warned about Kaspersky's products in a Pentagon-wide threat assessment in 2013, according to a memo that Representative Lamar Smith, chairman of the House Committee on Science, Space and Technology, sent to other committee members last week, the Wall Street Journal reported.

The memo mentioned an email from the Pentagon's legislative affairs staff dated 15 November that confirmed the DIA "began producing threat reporting referencing Kaspersky Lab as a threat actor as early as 2004". It also noted that the Pentagon issued a department-wide threat assessment on Kaspersky's products in 2013.

During a hearing last week, top Pentagon cybersecurity official Essye Miller told the House Committee that the Pentagon had stopped using Kaspersky's products a few years ago due to intelligence information regarding the company.

"While Kaspersky does not present the sort of problem for Department of Defense that it may for other components of the Federal government, it remains an ongoing supply chain risk management problem," Miller said. "If the DoD operates untrusted hardware or software, whether performing cybersecurity functions or not, within its systems or networks, there is the risk that those systems and networks can be compromised."

Despite the warnings, other federal agencies continued to use Kaspersky's products.

Jeanette Manfra, assistant secretary for cybersecurity at the Department of Homeland Security, recently told Congress that about 15% of US government agencies detected some trace of the firm's software on their systems in a review.

However, she said the DHS does "not currently have conclusive evidence" that any networks had been breached due to its use of Kaspersky software. The agency has set a 12 December deadline for all government agencies to remove the company's software from their systems.

Kaspersky said in a statement that it is "ready to work with the US government to address any and all concerns and further collaborate to mitigate against cyber threats, regardless of their origin and purpose".

The company also maintains that "there has yet to be any credible evidence of the risks presented by the company's products".