Kaspersky in the crosshairs

Kaspersky in the crosshairs
From Engadget - July 14, 2017

These accusations have been made in press and infosec gossip for years. In the past month there's been more scuttlebutt in the press, an NSA probe surfaced, and the Senate got involved by pushing for a product ban. This week things reached a peak with fresh accusations from Bloomberg and a surprising attack from the Trump administration. Which is odd, considering how eager the current regime is to please and grease the wheels of its Russian counterparts.

Either way, Kaspersky is really in a tight spot this time. The hammer dropped Tuesday when Bloomberg published Kaspersky Lab Has Been Working With Russian Intelligence. It comes from the same reporters who started 2015's "banyagate," in which Kaspersky Lab Has Close Ties to Russian Spies alleged CEO Eugene Kaspersky colluded with Russian intel in secret sauna meetings.

In each instance Kaspersky -- the company, and its CEO of the same name -- issued statements refuting the articles point by point and denying the accusations.

This week's piece claims to be operating on information from 2009 internal company emails obtained from anonymous sources. In them, the company allegedly discusses working on a DDoS product for a Russian government entity.

Without technical descriptions, what Bloomberg wrote about the deployment and maintenance of the DDoS product is quite hazy. On the one hand, it comes across as maybe nefarious; on the other, it's maybe just enterprise-level threat services. The article did state that Kaspersky participates in "hacking back" on the Russian government's behalf and that the company's employees also go on raids with the FSB -- both of which are incredibly serious charges which are not fully substantiated.

In its statement, Kaspersky said that it does not hack back, but it does assist Russian law enforcement, saying:

"Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."

Here I will say a couple of things "everyone knows" but few want to admit (or will like to hear). Cybersecurity firms have gone from being infosec startups to becoming intelligence brokers, no matter how anyone tries to package it. This is a permanent feature in the infosec landscape.

What upsets people even more, is that pretty much everyone has worked for, or with, a government or law enforcement at some point. Infosec is not black and white: Good luck finding someone in infosec that has not worked for the government -- any government -- or knows exactly who they have worked for at any given time, for that matter.

Which brings us back to Kaspersky.

So far there's been no public evidence to substantiate accusations that Kaspersky is under Kremlin influence. Yet Bloomberg's article moved the needle in Washington.

It got a reaction from Senate Democrats, who are rightfully freaked out about Russian government meddling, and also got action from the Trump camp, which is ... worth a closer look. For the past few months, DC's scrutiny of Kaspersky and any alleged ties to the Kremlin (which Kaspersky denies) has only increased as suspicion about the Trump regime has exploded. This paranoia makes sense, even if the lack of concrete public evidence (so far as we know) makes it illogical.

Around July 4, the Senate Armed Services Committee recommended banning the Department of Defense (the Pentagon) from using Kaspersky's products in 2018. As in, they are using them now, but they will be dropped in the future.

Just before that, on June 25th a "counter-intelligence inquiry" saw the FBI going to the homes of around a dozen Kaspersky employees in the US. Agents questioned employees about their company's operations, but we did not hear anything further.


Continue reading at Engadget »