‘The nail in the coffin’: Russia’s top cyber firm may have made a ‘catastrophic’ mistake

An employee in the virus lab at the headquarters of the Russian cybersecurity company Kaspersky Lab in Moscow.

caption
An employee in the virus lab at the headquarters of the Russian cybersecurity company Kaspersky Lab in Moscow.
source
Thomson Reuters

    Russian hackers reportedly stole top-secret intelligence from the National Security Agency by exploiting Kaspersky antivirus software. Experts say that, depending on what was stolen from the contractor, the revelation could be “catastrophic” for Kaspersky Lab. The FBI has warned the private sector not to use Kaspersky software, and President Donald Trump in September banned all government agencies from using it.

Investigators believe that software from Russia’s top cybersecurity firm, Kaspersky Lab, was involved in a theft of top-secret National Security Agency intelligence outlining how the US hacks its adversaries, The Wall Street Journal reported Thursday.

And depending on what was stolen, the breach could spell catastrophe for the company.

The Journal reported that an NSA contractor stole and downloaded onto his personal computer highly classified details about how the US penetrates foreign computer networks and defends itself against cyberattacks. (The Washington Post reported that the person was not a contractor but an employee working for the NSA’s elite hacking division known as Tailored Access Operations.)

Russian hackers then reportedly stole that intelligence by exploiting the Kaspersky antivirus software the contractor had been running on his computer.

The breach wasn’t discovered until the spring of 2016, according to The Journal and The Washington Post – nearly one year after the hackers are believed to have gained access to the intelligence.

Kaspersky has denied any involvement in the theft, and it is unclear whether the hackers stole code or documents from the contractor. The latter would prove far more damning for Kaspersky, experts say, especially as it stands accused by the US government of being a tool of the Kremlin.

Russian President Vladimir Putin.

caption
Russian President Vladimir Putin.
source
Yuri Kadobnov/Pool/Reuters

“Ultimately, this will come down to what was stolen from the computer,” said David Kennedy, a former NSA intelligence analyst who founded the cybersecurity firm TrustedSec.

“If the antivirus software was pulling back data with no code – for example, strategic documents containing classified information – that’s the nail in the coffin,” Kennedy said, adding it would be a “catastrophic” for the company.

“That’s an indication they’re spying on individuals,” he said.

Jeff Bardin, the chief intelligence officer of the cybersecurity firm Treadstone 71, echoed those sentiments.

“If documents were stolen, then that would make them an agent of the Russian government,” he said.

Bardin said there was “a certain level of trust” when a customer downloads an antivirus software, because it involves giving the program “a significant amount of access” to a computer.

“They’re scanning every file for malware, but at the same time they could search for keywords relative to sensitive data,” he said.

The FBI interviewed at least a dozen Kaspersky employees in June, visiting them at their homes on both US coasts to gather facts about how the company works, NBC reported. Two months later, the bureau reportedly warned private-sector companies against using Kaspersky software. Last month, President Donald Trump ordered US government agencies to purge Kaspersky products from their computers.

Kennedy said it was unlikely the government would have made those moves without “direct evidence” that Kaspersky was in some way connected to the Russian government.

Bardin agreed.

The FBI is “not going to let on, and they’ll be very generic in their comments to prevent Kaspersky from learning what they know,” he said. “But there’s definitely something there.”

Kaspersky said in a statement that it “does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”

“We make no apologies for being aggressive in the battle against malware and cybercriminals,” the company said.

While the firm is often aggressive in its pursuit of foreign hackers, however, it doesn’t pursue alleged Russian cyber operations “with the same vigor,” a 2015 Bloomberg investigation found.

One Kaspersky investigator stood out for his relentless pursuit of Russian cybercriminals: Ruslan Stoyanov, the head of Kaspersky’s computer-incidents-investigations unit. But he was arrested in December on charges of treason.

Eugene Kaspersky, the firm’s billionaire founder and CEO, was educated at a KGB-sponsored cryptography institute before working for Russian military intelligence. He reportedly maintains relationships with former and current Russian intelligence officials but has pushed back against claims that his company works with the Kremlin.