In the semi-opaque world of cyberspace, where attribution of attacks is more art than science and governments and the private sector often work together, a security vendor’s reputation is paramount.
With U.S. government intelligence agencies firmly maintaining that Russia was behind the 2016 hack and release of email of the Democratic Party National Committee, scruitiny of Moscow-based Kaspersky Labs is increasing.
The most recent came Tuesday with a story on Bloomberg alleging it has found email evidence the vendor works more closely with Russia’s main intelligence agency, the FSB, than it has publicly admitted. That includes developing security technology for the FSB.
At the same time the article notes Kaspersky has sold software to a wide range of corporations to be embedded in their products.
The article adds that the U.S. government hasn’t identified any evidence connecting Kaspersky Lab to Russia’s spy agencies.
Kaspersky immediately hit back, releasing a statement saying that “regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.”
“In the internal communications referenced within the recent article, the facts are once again either being misinterpreted or manipulated to fit the agenda of certain individuals desperately wanting there to be inappropriate ties between the company, its CEO and the Russian government, but no matter what communication they claim to have, the facts clearly remain there is no evidence because no such inappropriate ties exist.”
Bloomberg alleges that “Kaspersky Lab has maintained a much closer working relationship with Russia’s main intelligence agency, the FSB, than it has publicly admitted.” But Kaspersky statement says the reported emails “show no such link, as the communication was misinterpreted or manipulated to try to make the media outlet’s narrative work. Kaspersky Lab is very public about the fact that it assists law enforcement agencies around the world with fighting cyberthreats, including those in Russia, by providing cybersecurity expertise on malware and cyberattacks.”
All this comes shortly after U.S. intelligence leaders testified in Congress in May regarding the alleged Russian interference in last year’s election. The Director of National Intelligence and the heads of the CIA, NSA, FBI, Defense Intelligence Agency, and the National Geospatial-Intelligence Agency unanimously told the Senate Intelligence Committee they wouldn’t trust, or use, Kaspersky software in their work.
Meanwhile, Buzzfeed quoted three unnamed U.S. intelligence officials telling it they are worried about the close relationship between Kaspersky and the Russian government and the implications of having Kaspersky products in American government systems.
It has made at least one industry analyst suspect the U.S. intelligence agencies are using this issue as a backchannel way to bring more pressure on Moscow to stop their cyber-attacks on American institutions.
These claims also don’t come in a vacuum: For years there have been allegations that Chinese telecom equipment has backdoors its intelligence agencies can exploit. There are also news reports that CIA implants exploits in Cisco Systems’ gear before being shipped to certain customers.
Kaspersky skeptics include David Swan, Alberta-based director of cyber intelligence at the Centre for Strategic Cyberspace and Security Science. “I am a fan of Kaspsersky products,” he said in an email. “I keep a supply of their Rescue Disk for troubleshooting on client sites. That said I will not use their products in a production environment, not mine nor anyone else’s.”
Swan, a former Canadian naval reserve officer who is generally suspicious of the Russian government, doesn’t think Kaspersky’s software has been compromised by the Russian government, he said, but does believe it has access to Kaspersky’s “treasure trove of data on vulnerabilities, hackers, cyber attacks and cyber security. “The Russians are too good at the intelligence game, not to utilize a resource of that quality.”
“I won’t use the products because I would not bet my security, nor a clients security, against a company the KGB/FSB has access to. No matter how honest or how good Kapsersky Labs is, I can not trust the Russian government not to try and leverage the company.”
At the other end of the scale is Peter Firstbrook, the London, Ont.,-based head of research for endpoint protection platforms at Gartner Research, who says the Bloomberg new story is “much ado about nothing.
“You could write the exact same report and put Symantec or MacAfee and CIA NSA in the place of Kaspersky and FSB. Private security companies often do work with intelligence agencies.” He also points out that the Bloomberg story quotes from email between company CEO Eugene Kaspersky and allegedly the FSB about working on anti-distributed denial of service (DDoS) technology. With other sources the story makes it sound suspicious, but Firstbrook notes the thrust of the message is stopping DDoS attacks and catching the hackers. “That is not the same as ‘provide access to sensitive users such as government agencies, banks, and internet companies,’” the analyst said, “and conflating the two doesn’t make any sense.”
“Kaspersky is also a major employer of security professionals,” Firstbrook added, “and the government is often the training ground for these professionals so there is always going to be people in Kaspersky that came from government, just like there are federal government trained people in Israel and U.S. cyber security companies.”