Is there a KGB agent in your computer?

No, I’m not talking about Trump and the Russian hacking. There are plenty of other places to look into that topic, if you’re interested.
I’m talking about a trained Russian intelligence agent who sells security products. That’s Eugene Kaspersky, CEO of Kaspersky Labs, who was accepted at age 16 to the KGB-backed Institute of Cryptography, Telecommunications & Computer Science. When he graduated, he was commissioned as an intelligence officer in the Russian Army ­— something he has bragged about while pitching his software. Its offices are still headquartered in Moscow, and the vast majority of its employees work there, in a converted factory.

In case you think this is just another blurb fueled by Russian paranoia, let’s journey to a Senate Intelligence Committee hearing that was held in May and started as an investigation of meddling in our 2016 elections. Six leaders of the intelligence community, from the CIA to NSA and the FBI to DISA, were asked by Florida Sen. Marco Rubio if they would be comfortable having Kaspersky Lab software on their computers. They all said no, with (then) FBI Director Andrew McCabe saying, “A resounding no.”

What’s interesting about this out-of-nowhere question by Rubio is that this technique is often used to bring points learned in a closed intelligence briefing out in an unclassified setting.

It was successful in doing so, because they all answered without weasel-wording.

 

Not Neutral

Kaspersky Labs has not been entirely benign as far as U.S. intelligence goes. In 2010, a Kaspersky researcher discovered Stuxnet, a U.S.-Israeli worm that had successfully wrecked more than a thousand Iranian centrifuges being used in their nuclear program; and just this May, it discovered another joint U.S.-Israeli cyberweapon aimed at Iran, which it named Flame.

This will not endear them to the U.S. intelligence chiefs.

Let’s face it, anti-virus software is one thing we give complete and utter access to all the files and incoming emails on our computers. When you install Kaspersky, the first thing it does is scan every file on your machine. If it finds something it doesn’t like it will delete it; but if it finds something that it doesn’t know what to do with, it will send an encrypted copy to that factory in Moscow, so it can take another look at the file in question.

The same thing happens with McAfee and Norton, of course, and they probably subcontract some of their work to Vietnam and China, too. But it’s not quite the same as sending it to Comrade Kaspersky. And every update allows more intrusions into your machine.

 

Not Obvious

Kaspersky is also working very hard to incorporate its software into other products, such as the Cisco routers that handle the vast majority of packets on the Internet. An article in Wired magazine noted that it had an entire lab set up to emulate the industrial equipment that is used to control things like power plants, prisons and sewage plants. This must give security people nightmares.

It should be noted that some Kaspersky employees were involved in killing the Kelihos botnet that was responsible for churning out 3.8 billion pieces of spam a day. It also helped dismantle the Koobface virus that was spread by Facebook messages. That’s fine.

Not All Good

But Kaspersky has been instrumental in developing software that takes “hacking the hackers” to a more disturbing level. In the type of attack known as “distributed denial of service,” hackers use multiple, usually innocent but infected, computers to attack websites, usually demanding ransom to back off.

In concert with the FSB (successor to the KGB), it has developed software to track the Internet addresses of offenders. Kaspersky Lab employees have ridden along with FSB agents to break down doors. Not fine.

 

A Word From GSA

In July, the General Services Administration (GSA), the agency that handles almost all federal contracting, removed Kaspersky Labs from its list of approved vendors, saying it acted to “ensure the integrity and security of U.S. government systems and networks.” And the U.S. government had previously warned travelers to the 2014 Olympics, in Sochi, that connecting cellphones in Russia likely would turn them into listening devices for the FSB, and connecting a laptop to a Russian network would infiltrate it.

Despite Kaspersky’s vehement denials that it might be compromising peoples’ systems, its ties to the intelligence networks in Russia are long-standing and many. So the GSA was being cautious and not saying much else. It has been standard practice for the Department of Defense to not include Kaspersky in the list of approved vendors for many years. Many state and local governments still use Kaspersky, however.
Revenue from American and western European customers was more than $374 million, almost 60% of $633 million in 2016 sales. Any loss of confidence in the reliability (as in Russian back doors) of Kaspersky software would be devastating.

But it’s probably coming. Drink up, comrade.

Cliff Feldwick is owner of Riverside Computing and does PC troubleshooting, network setups and data recovery — when not trying to understand any Russian, except “nyet.” He can be reached at 410-880-0171 or at cliff@feldwick.com. Older columns are available online at http://feldwick.com.