These accusations have been made in press and infosec gossip for years. In the past month there’s been more scuttlebutt in the press, an NSA probe surfaced, and the Senate got involved by pushing for a product ban. This week things reached a peak with fresh accusations from Bloomberg and a surprising attack from the Trump administration. Which is odd, considering how eager the current regime is to please and grease the wheels of its Russian counterparts.
Either way, Kaspersky is really in a tight spot this time. The hammer dropped Tuesday when Bloomberg published Kaspersky Lab Has Been Working With Russian Intelligence. It comes from the same reporters who started 2015’s “banyagate,” in which Kaspersky Lab Has Close Ties to Russian Spies alleged CEO Eugene Kaspersky colluded with Russian intel in secret sauna meetings.
In each instance Kaspersky — the company, and its CEO of the same name — issued statements refuting the articles point by point and denying the accusations.
This week’s piece claims to be operating on information from 2009 internal company emails obtained from anonymous sources. In them, the company allegedly discusses working on a DDoS product for a Russian government entity.
Without technical descriptions, what Bloomberg wrote about the deployment and maintenance of the DDoS product is quite hazy. On the one hand, it comes across as maybe nefarious; on the other, it’s maybe just enterprise-level threat services. The article did state that Kaspersky participates in “hacking back” on the Russian government’s behalf and that the company’s employees also go on raids with the FSB — both of which are incredibly serious charges which aren’t fully substantiated.
In its statement, Kaspersky said that it does not hack back, but it does assist Russian law enforcement, saying:
“Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.”
Here I’ll say a couple of things “everyone knows” but few want to admit (or will like to hear). Cybersecurity firms have gone from being infosec startups to becoming intelligence brokers, no matter how anyone tries to package it. This is a permanent feature in the infosec landscape.
What upsets people even more, is that pretty much everyone has worked for, or with, a government or law enforcement at some point. Infosec isn’t black and white: Good luck finding someone in infosec that hasn’t worked for the government — any government — or knows exactly who they’ve worked for at any given time, for that matter.
Which brings us back to Kaspersky.
So far there’s been no public evidence to substantiate accusations that Kaspersky is under Kremlin influence. Yet Bloomberg’s article moved the needle in Washington.
It got a reaction from Senate Democrats, who are rightfully freaked out about Russian government meddling, and also got action from the Trump camp, which is … worth a closer look. For the past few months, DC’s scrutiny of Kaspersky and any alleged ties to the Kremlin (which Kaspersky denies) has only increased as suspicion about the Trump regime has exploded. This paranoia makes sense, even if the lack of concrete public evidence (so far as we know) makes it illogical.
Around July 4, the Senate Armed Services Committee recommended banning the Department of Defense (the Pentagon) from using Kaspersky’s products in 2018. As in, they’re using them now, but they’ll be dropped in the future.
Just before that, on June 25th a “counter-intelligence inquiry” saw the FBI going to the homes of around a dozen Kaspersky employees in the US. Agents questioned employees about their company’s operations, but we didn’t hear anything further.
To avoid being banned from the Pentagon’s defense contracts, in response Eugene Kaspersky offered the US government access to his company’s source code. This is ostensibly to show that there are no Russian government backdoors in his products (like antivirus software), which is one of the suspicions. Infosec chatter noted that this wouldn’t make much of a difference either way, considering that antivirus products basically act like rootkits anyway; an antivirus program has access to the advanced privileges in your computer and “calls home” for its updates.
Keep in mind that a lot of us are wondering about evidence as to whether or not Kaspersky and company are tools for the Russian government.
Which brings us to Trump. The Trump administration, being a fiefdom operating under its own mysterious reasons, jumped on the anti-Kaspersky bandwagon this week. Appearing to take its cue from Bloomberg’s article, Trump’s regime moved quickly to stop a few government agencies from using Kaspersky products. Tuesday ABC News reported that Trump was considering a government-wide ban.
Shortly after that the General Services Administration (GSA) took Kaspersky off the list of approved vendors for two government contracts. This makes it prohibitive for agencies to purchase or use the company’s products.
“After review and careful consideration, the General Services Administration made the decision to remove Kaspersky Lab-manufactured products from GSA IT Schedule 70 and GSA Schedule 67 – Photographic Equipment and Related Supplies and Services,” a GSA spokesman said.
That’s the weird part. For an administration that says its eager to please the Russian government, it’s a contradiction to have the GSA harm the business of a Russian company. Unlike the speculation about Kaspersky, the GSA is absolutely a proven tool of the Trump administration. It is not on the side of those who want to see Robert Mueller succeed with the Trump-Russia investigation.
The GSA’s new chief was handpicked by Trump and is currently in deep trouble for letting Trump violate the Constitution in regard to his Washington DC Hotel. When senators ask for answers from the GSA about its lenient dealings with Trump, they get obfuscation and silence.
Meanwhile, Kaspersky is under fire from its own community. Infosec is becoming more divided about Kaspersky by the day. Some infosec thought leaders are saying “it’s about time” people stopped trusting and using Kaspersky products. This is another huge contradiction on its own: The industry relies — and in some cases depends — on Kaspersky’s admittedly top-notch, publicly available research on a wide variety of global threat groups (yes, including Russian ones).
That research has gotten everyone out of tight spots. When the Shadow Brokers dumped exploits into the wild and advantageous threat actors started weaponizing them, Kaspersky’s research was where the most reputable cybersecurity companies referred people to for systems patches and protection. There’s no doubt that the Shadow Brokers (widely believed to be a Russian state entity) would’ve had much more of a field day if Kaspersky hadn’t actively worked to undermine the effects of the dump.
I’m not here to bury Kaspersky or to praise it. With few exceptions, I can assure you that pretty much every company that comes near infosec is shady. We don’t know hard facts behind the accusations against Kaspersky, which is frustrating, but we do know that their research contributions have been invaluable.
Typically, research like that sits behind a company’s six-figure enterprise-level paywalls. I just hope that research, and its spirit, doesn’t go away. The future doesn’t look great for the company right now in the US. The Senate Armed Services Committee’s defense-spending policy bill barring Kaspersky’s antivirus software seems to have legs, and that would definitely be a punitive measure against the company. It will need to get approval from the Senate and House before being signed by Trump, but that’s now surprisingly possible.
Maybe Kaspersky’s dogged researchers found the pee tapes? We can only hope.
Images: Getty Images/iStockphoto (Pentagon); Yegor AleyevTASS via Getty Images (Eugene Kaspersky)