Login ID:
Password:
Partner Login
Contact Us : 7066511911

Why U.S. Grew Wary Of Kaspersky's Software -- WSJ -2-

6 Jan 2018 7:32 am

In response to the Journal's story on the incident last year, Kaspersky conducted an internal investigation, releasing a report in November. The only incident Kaspersky said it found that matched the story's description occurred in late 2014. By then, it said, it had been investigating Equation Group for six months when its antivirus software detected previously unidentified variants of the malware on a U.S.-based computer and sent a zip file containing the suspicious code to the Moscow-based virus lab for analysis.

The analysis discovered hacking tools now known to have belonged to the NSA, as well as four documents bearing what appeared to be classification markings, Kaspersky said, without mentioning the NSA or U.S. government by name. Mr. Kaspersky ordered the files deleted from the company's systems within days and the information wasn't shared with third parties, the company said.

Kaspersky said it did keep certain malware files from that collection. It said it also detected commercially available malware on the U.S. computer, which could have been used to remove files.

In the summer of 2016, a mysterious online group calling itself the Shadow Brokers posted stolen NSA cyberspying tools. The Shadow Brokers claimed in its postings that some of the tools came from Equation Group.

Again, U.S. officials rushed to determine how the tools were stolen. Among the posted computer code were technical manuals the NSA uses as part of its spying operations. These are akin to guidebooks, showing the agency's hackers how to penetrate various systems and walking them through the procedures for different missions.

One lead pointed back to Kaspersky products, said current and former U.S. officials. Investigators now believe that those manuals may have been obtained using Kaspersky to scan computers on which they were stored, according to one of the officials.

Kaspersky said it has no information on the content of the classified documents it received in 2014 because they were deleted. It isn't clear if the manuals the Shadow Brokers posted are the same documents.

Around the time the Shadow Brokers were spilling NSA secrets, emails stolen from the Democratic National Committee were showing up on WikiLeaks in what intelligence officials have said publicly they concluded was a Russian-led hacking operation to discredit the campaign of Hillary Clinton. Officials from the White House, the Pentagon, the State Department and the intelligence community met in late 2016 to debate responses to the alleged Russian aggression, said some former U.S. officials.

At the State Department, among options considered was taking retaliatory action against Kaspersky, said former officials involved in the deliberations. Daniel Fried, then chief sanctions coordinator at the State Department, told the Journal he recommended to colleagues they look for elements of Russia's cyberpower the U.S. could target. He told colleagues Kaspersky at least needed to be considered as a potential player in Russia's moves against the West.

"I asked rhetorically, do you want to testify before some committee about when did you know about this and why didn't you do anything?" said Mr. Fried, now a Distinguished Fellow at the Atlantic Council, a think tank focusing on international affairs.

The State Department referred inquiries to the Justice Department, which declined to comment.

Some U.S. officials, including top White House security officials at the time, were concerned any action against Kaspersky could hurt U.S. companies by provoking a Russian response against them. U.S. officials also worried that, to justify harsh penalties, they would have to divulge what they knew about Kaspersky and its possible links to Russian intelligence, said several former officials.

Ultimately, the Obama White House didn't seriously consider sanctioning Kaspersky, some former U.S. officials said.

Last year, Homeland Security created and led an interagency task force that collected information about the scope of the risk the Kaspersky software posed and began coordinating efforts across the government to minimize the risks.

In the months after President Donald Trump took office, concern about Kaspersky grew. Sen. Jeanne Shaheen (D., N.H.) put forward an amendment in the annual military-spending bill that would prohibit Kaspersky's use on government computers.

During hearings on the matter on Capitol Hill, "I thought the most damning example" came from intelligence-community representatives, she said in an interview. "When each of them got asked would you put Kaspersky on your own personal computer and the answer was no, that's a pretty strong message that maybe we should be taking a look at this."

In September, the DHS banned Kaspersky products from government computers, instructing agencies to remove any Kaspersky software and report back on where it was found. The public statement accompanying the ban reads like a declassified version of the intelligence community's suspicion regarding Kaspersky:

"The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."

Kaspersky says the DHS ban has had a "severe adverse effect" on its commercial operations in the U.S., with retailers removing its products from shelves and an unprecedented number of product returns.

--Aruna Viswanatha contributed to this article.

Write to Gordon Lubold at Gordon.Lubold@wsj.com
 

(END) Dow Jones Newswires

January 06, 2018 02:32 ET (07:32 GMT)

Copyright (c) 2018 Dow Jones & Company, Inc.
Disclaimer
Top 5 Special Reports
USD/INR (Jul ‘20) – Inflection Point: Retesting Resista...
USD/CNY & USD/IDR
USD/MYR
USD/ARS & USD/BRL—
CRB Index & U.S. Dollar Index