Login ID:
Password:
Partner Login
Contact Us : 7066511911

Why U.S. Grew Wary Of Kaspersky's Software -- WSJ

6 Jan 2018 7:32 am

Officials reveal incidents that led to spying concerns
By Shane Harris, Gordon Lubold and Paul Sonne 

This article is being republished as part of our daily reproduction of WSJ.com articles that also appeared in the U.S. print edition of The Wall Street Journal (January 6, 2018).

Eugene Kaspersky was late for his own dinner party.

At his invitation, guests from the Washington cybersecurity community waited one evening in 2012. Seated at the National Press Club were officials from the White House, State Department, Federal Bureau of Investigation and other agencies, said people who were there. Guests had started their first course when Mr. Kaspersky arrived, wearing a tuxedo with a drink in hand.

Mr. Kaspersky, chief executive of Russian security-software vendor Kaspersky Lab, proposed a toast to the ranking guest, Estonian President Toomas Hendrik Ilves, whose country had suffered a cyberattack five years earlier. The assault followed Estonia's decision to remove a Soviet-era monument from its capital, and U.S. officials suspected Russia was behind it.

"Toomas," Mr. Kaspersky said. "I am so sorry that we attacked you."

The comment stopped all conversation until Mr. Ilves broke the silence. "Thank you," he said, raising his glass. "This is the first time anyone from Russia has ever admitted attacking my country."

No one suggested Kaspersky was involved in the Estonian hack, but Mr. Kaspersky's toast played into a suspicion held by many in the U.S. intelligence community that his company might be wittingly or unwittingly in league with the Russian government -- a suspicion that has only intensified since.

The process of evaluating Kaspersky's role, and taking action against the company, is complicated by the realities of global commerce and the nature of how modern online software works. A top Department of Homeland Security official said in November congressional testimony the U.S. lacks "conclusive evidence" Kaspersky facilitated national-security breaches.

While the U.S. government hasn't offered conclusive evidence, Wall Street Journal interviews with current and former U.S. government officials reveal what is driving their suspicions.

Some of these officials said they suspect Kaspersky's antivirus software -- the company says it is installed on 400 million computers world-wide -- has been used to spy on the U.S. and blunt American espionage. Kaspersky's suspected involvement in U.S. security breaches raises concerns about the relationship between the company and Russian intelligence, these officials said.

DHS, convinced Kaspersky is a threat, has banned its software from government computers. The company sued the U.S. government on Dec. 18 in U.S. District Court in Washington, D.C., saying the ban was arbitrary and capricious, and demanding the prohibition be overturned. DHS referred inquiries to the Justice Department, which declined to comment.

Kaspersky, in a statement, said: "Unverified opinions of anonymous officials about Kaspersky Lab continue to be shared, and should be taken as nothing more than unsubstantiated allegations against a company whose mission has always been to protect against malware regardless of its source, and which has repeatedly extended an offering to the U.S. government to help alleviate any substantiated concerns. We have never helped and will never help any government with its cyberespionage efforts."

The company in a court filing said any Russian government engagement in cyberespionage isn't evidence that a Russia-headquartered company such as Kaspersky is facilitating government-sponsored cyberintrusions, adding: "In fact, more than 85 percent of Kaspersky Lab's revenue comes from outside of Russia -- a powerful economic incentive to avoid any action that would endanger the trusted relationships and integrity that serve as the foundation of its business by conducting inappropriate or unethical activities with any organization or government."

The Russian Embassy in Washington, D.C., didn't respond to requests for comment. In October, Kremlin spokesman Dmitry Peskov didn't address reports that the Russian government may have stolen U.S. National Security Agency materials using Kaspersky software but criticized the U.S. software ban as "undermining the competitive positions of Russian companies on the world arena."

Servers in Russia

Mr. Kaspersky enrolled at the KGB-sponsored Institute of Cryptography, Telecommunications, and Computer Science, finished in 1987 and was commissioned in Soviet military intelligence, he has told reporters. He has acknowledged his company has done work for the KGB's successor, the FSB.

Kaspersky, closely held, says it has unaudited 2016 revenues of $644 million. Current and former U.S. intelligence officials said they doubt Kaspersky could have risen to such heights outside of Russia without cooperating with Russian authorities' aims, a conjecture the company denies.

Kaspersky's main product is similar to other antivirus software, which scans computers to identify malicious code or infected files. Such software typically requires total access so it can remotely scan documents or emails and send a record of any suspicious and previously unidentified code back to the software company.

In Kaspersky's case, some servers are in Russia. When the DHS banned Kaspersky products, it cited "requirements under Russian law that allow Russian intelligence agencies to compel assistance from Kaspersky or intercept communications transiting Russian networks." Kaspersky countered that those laws and tools don't apply to its products because the firm doesn't provide communications services.

Concerns about the potential threat posed by Kaspersky software have circulated in U.S. intelligence circles for years. U.S. intelligence issued more than two dozen reports referring to the company or its connections, according to a U.S. defense official, with the Pentagon first mentioning the firm as a potential "threat actor" in 2004.

A Defense Intelligence Agency supply-chain report flagged Kaspersky in 2013, referring to its efforts to sell American firms a protection product for large-scale U.S. industrial companies, the defense official said. A former U.S. official said Kaspersky's efforts to make inroads in the U.S. industrial and infrastructure market made people uncomfortable.

At a February 2015 conference, Kaspersky exposed what it described as a cyber-snooping network it dubbed the "Equation Group." In fact, it was an elite classified espionage group within the NSA, said some of the former U.S. officials. Kaspersky linked it to a virus called Stuxnet that the Journal and other publications have since reported was designed by the U.S. and Israel to destroy Iranian nuclear centrifuges. Kaspersky also described other techniques and tactics the U.S. uses to break into foreign computer networks.

Once such techniques are public, they are effectively useless for spying. When NSA officials got word of Kaspersky's plans to expose its tactics, they pulled the agency's spying tools from around the world as a preventive measure and reworked how its hackers were functioning, said some of the former U.S. officials. The NSA didn't respond to requests for comment.

U.S.-Russian relations at the time were deteriorating. President Vladimir Putin had granted NSA leaker Edward Snowden asylum and annexed a swath of Ukraine. Some U.S. officials were convinced Kaspersky was promoting Russian interests and had shared with the Kremlin what it knew about the Equation Group.

"To think that information wasn't shared with Russian intelligence, or they weren't supporting Russian intelligence," said one former U.S. official about Kaspersky, "you'd have to be very nearsighted to not at least think there was something there."

Not all U.S. officials believed the worst about Kaspersky, with many citing the high quality of the firm's cyberthreat research. "There was this innocent until proven guilty attitude," said another former U.S. official who worked on Russia and national-security matters.

Israeli intelligence shared with U.S. counterparts in 2015 that it had penetrated the networks of Kaspersky, the Journal reported previously. The Israelis discovered Kaspersky software was being used to scan computers not only for viruses but also for classified government information that would be of interest to Russia, said former U.S. officials familiar with the Israeli discovery.

As the NSA investigated the Israeli tip, it homed in on a worker in the agency's elite hacking unit, then called Tailored Access Operations. The worker had improperly removed classified information about NSA spying operations and installed it on his home computer, said former U.S. officials familiar with the episode. The contractor's computer ran Kaspersky's antivirus software, which acted as a digital scout and identified the classified material, these people said.

Assessing damage

U.S. investigators immediately sought to assess the damage, including whether Kaspersky's products were installed on other sensitive computers, including personal machines used by government employees and their families. That could include those used by family members of then President Barack Obama, said one of the former officials familiar with the episode.

Officials feared Russian intelligence could have not only turned personal computers into tracking devices, but also used them as staging points to access other machines inside the White House, the official said. Still, the incident didn't trigger a broader alarm across the U.S. government about whether any federal agency computers were using Kaspersky.

(MORE TO FOLLOW) Dow Jones Newswires

January 06, 2018 02:32 ET (07:32 GMT)

Copyright (c) 2018 Dow Jones & Company, Inc.
Disclaimer
Top 5 Special Reports
USD/INR (Nov. 19) Sustaining Recent Breakout Hold ...
Canada's Pea Exports May Rise 4.71% To 3.4 Million Tonn...
USD/INR (Nov. 19) Sustaining Recent Breakout Hold ...
Lull In India's Cotton Exports Despite Narrowing Price ...
USD/INR (Nov. 19) Sustaining Recent Breakout Hold ...