Russia’s Kaspersky Lab illustrates how technological expertise paired with government cooperation can create a serious threat to U.S. national security, according to a recent report from Foundation for Defense of Democracies. In Kaspersky and Beyond: Understanding Russia’s Approach to Cyber-Enabled Economic Warfare, author Boris Zilberman equates the threat to a new beachhead in cyber space from which a country can launch bigger, hostile cyber operations.
Kaspersky Lab is a Russian anti-virus company created by Eugene and Natalya Kaspersky in 1997. Today, the tech giant has more than 400 million users worldwide.
“In some ways, Kaspersky was the natural Russian answer to the rise of American software giants such as Microsoft and Oracle,” the report states. “Russian innovation tends to be spurred on not by aspirational visions of positive global or domestic change, but by perceived threats to Russian greatness or global standing.”
As early as 1998 the company was making headlines, as it produced the only counter to the CIH computer virus, known as Chernobyl, the report notes. But the company also openly mentioned its Russian intelligence connections.
Though company representatives note that the connection is important to the security of Russian citizens, according to the report, U.S. officials more recently have sounded the alarm about the company’s software and its connection to Russian President Vladimir Putin. The primary suspicion is that Russian intelligence has used Kaspersky software to infiltrate companies and organizations that use the software without their knowledge.
As a result, the Department of Homeland Security (DHS) in September of last year issued a memo accusing Kaspersky of transferring data to Russian intelligence and banned Kaspersky software from use on government systems.
A big challenge, however, is complete removal of the suspected software.
“Even as Best Buy took Kaspersky Lab products off its shelves following the U.S. government announcement banning the software—with the caveat that Kaspersky code embedded in the products of other companies would be allowed—American consumers can still find it at other ‘retailers near you’,” the report states. “And despite the U.S. government ban, some 15 percent of U.S. federal agencies continued to run its software on their networks in late 2017.”
Suspicion continued into 2018.
“Kaspersky Lab in March 2018 publicly exposed an ‘active, U.S.-led counterterrorism cyber-espionage operation’ targeting Islamic State and al-Qaeda members,” the report states. “We do not know whether Kaspersky knew of the U.S. operation and purposely tried to undermine it (with or without the direction of the Russian government) or whether, as the company claims, it was merely reporting a piece of malware that could harm its computers.”
Threatening Legal Framework
Unraveling the nature of the threat is naturally an evolving process, as technology continues moving forward at a rapid pace. But Zilberman told Homeland411 that understanding Russia’s legal framework and doctrine—which is explored in depth in the report—is crucial.
“The legal framework, and looking at the laws, really underscores that there’s really not a truly independent Russian company,” he said. “And that’s, I think, partially trying to play on a lack of knowledge in the West of what the legal system is and what the Russian security services are able to do with these companies.”
Whether Russian companies deny connections to the Russian government or not, the report notes that, by Russian law, encryption activities must be licensed. That licensing authority just happens to be Russian Federal Security Services.
“The fact of the matter is that any Russian company in this sector can be utilized by Russia’s security services to serve as a strategic tool for the Kremlin,” the report states.
The report also calls for scrutiny of several other Russian companies, including: Dr. Web, an antivirus company; analytic software company Prognoz; and Speech Technology Center “an outgrowth of the KGB’s applied acoustics unit,” the report states.
Moving Forward
In a nutshell, Russian multinationals could potentially pose future threats as extensions of the Russian government itself. As such, the report poses several recommendations to mitigate those threat.
Report recommendations include urging that DHS create a “watch list of software companies believe to be acting on behalf of, or are being used by, adversarial states in ways that pose a security risk to U.S. entities.” In addition, the DHS ban on Kaspersky software should extend to “code embedded in the products of other companies.”
The report also recommends better cooperation with allies to identify suspect software and hardware, as well as urging the intelligence community and private sector to cooperate to stay better informed of future threats from Russia or elsewhere.
Read the entire report here.
© 2018 Homeland411
Please subscribe to our free weekly electronic newsletter.