The Wall Street Journal has published allegations that the Russian government stole highly sensitive information from a contractor at the National Security Agency (NSA) with the aid of antivirus software from the Russian company Kaspersky Lab.
The source of this allegation was “people familiar with the matter”. The same, or other, “individuals familiar with the matter”, talked to the Washington Post and further elaborated the story. The NSA employee (not contractor as reported by the WSJ) was a US citizen working with the Tailored Access Operations, the group involved with developing hacking tools for the NSA. He had taken code and other classified material home on a laptop in 2015.
Allegedly, the Kaspersky antivirus software that was running on the employee’s laptop identified the software as malware and sent it back to Kaspersky for analysis, something that is actually not unreasonable for the antivirus software to do. The reports claimed that it was the Kaspersky software’s actions in quarantining the malware for analysis that alerted Russian secret services of the presence of secret NSA material on this employee’s laptop. Armed with this information, the Russians hacked the laptop and stole all of the other information on it.
Both the Wall Street Journal and the Washington Post ignored the more obvious question as to why the employee had taken classified information home on his laptop. They state that he did this for an unspecified reason but that he wasn’t intending to share this information with foreign governments. The reports provide no information about how an NSA employee’s laptop could be hacked so easily, nor why it took a year for the hack to be disclosed.
There is equally no evidence given of Kaspersky Lab working directly for the Russian secret service. The only evidence of Eugene Kaspersky’s ties with the Russian secret service are that he was a member of the Communist Party and that he attended a technical university run by the KGB and worked for military intelligence for 4 years after that, leaving in 1991 to form what would become Kaspersky Lab.
The news reports from the Wall Street Journal and Washington Post come after a recent vote by the US Senate to ban Kaspersky software from use by the US government and its agencies. This move has been led by Democratic Senator Jeanne Shaheen who has made the blacklisting of Kaspersky Lap her cause célèbre. Shaheen wants classified information about Kaspersky Lab to be released to the public.
Needless to say, Eugene Kaspersky has denied all collusion with the Russian government and has reiterated that they have been open about how their software works.
Other countries have not followed suit with a ban of Kaspersky Lab software even though allies would have had access to some, or all, of the information known to the NSA. The French army is considering reducing its reliance on Kaspersky but this was happening before the US ban.
Making claims of links between Russian companies and the Russian Government is nothing new. Another Russian company in the spotlight of US media is one referred to by the media as the “Internet Research Agency”. It was allegedly behind the purchase of USD 100,000 worth of political ads on Facebook. Facebook, removed references to Russia when it published a report on the use of its platform to disseminate fake news and ads during the US Presidential election. This was because it felt it did not have sufficient evidence to make the link.
The Internet Research Agency first came to the media’s attention during the military dispute between Russian and Ukraine. In 2014, media site Buzzfeed had received documents and emails from an anonymous source detailing how the agency was going to mount a campaign of bloggers and commenters to post pro-Russian comments on western media sites and socialise them through Facebook and Twitter. Much of the subsequent media coverage on the Internet Research Agency however has come through interviews with disgruntled ex-employees especially Lyudmila Savchuk has waged a campaign against the company for the past 2 years.
In the case of Facebook’s report of the ads purchased from an entity in Russia, again, there is no evidence linking it back to anyone in particular. The motives for the fake posts other than as an effort to sow social division are not clear. The amount of money spent is relatively small and so the effectiveness of the ads has to be questioned. The amount pales into insignificance compared to the US 11 million spent on Facebook ads by all US campaigns during the election for example.
It is not possible to dismiss the possibility that Kaspersky Lab is somehow aiding Russian secret services through the use of its software. Making these claims on the basis of anonymous sources and the fact that the software is from a Russian company seems to be stretching credulity. The absence of facts may not help Kaspersky Lab however and it is increasingly likely that it will become a casualty of the US media’s ongoing search for the smoking gun proving that Russia meddled with the US Presidential election.
Authors: David Glance, Director of UWA Centre for Software Practice, University of Western Australia