Leaked emails are the new "IT" when it comes to swaying the debate

Questionable security practices aside, it seems that just about every "big" scandal lately has had leaked emails as some sort of component. In the latest such scandal we find that leaked Kaspersky emails are at the core of the US National Security policy maker's concerns over the company and the use of the product inside the US. According to "internal company emails obtained by Bloomberg Businessweek" Kaspersky has had a rather close relationship with Russian intelligence agencies.

The question is, do these emails actually tell us anything that is not exactly what every security company already does? In reality, not really. The emails show that Kaspersky worked with the Russian government to develop products and technologies to protect the government from threats and to help them counter attacks. This is nothing that does not happen with other companies all over the globe. Most governments are going to use security companies that are operated inside their borders for this type of work as it gives them a bit of control over the product and company providing the services.  
 
We see companies providing incident response, malware protection and other services to many governments. The US also contracts out work to groups to develop some of their own "products" for use in intelligence gathering activities. So, in reality the Kaspersky emails are not anything that should be raising a red flag (no pun intended). They seem to be little more than an extension of the existing narrative that Russia is "bad" and all of it is a threat to the US and their allies.  
 
This narrative has become the source of so much bad and outright false reporting that it is clouding any potential for real investigation into what might really be going on. While there are more than enough criminal groups that operate out of Russia to keep investigators busy the Rumor that Kaspersky is one of them or is an extension of the Russian Intelligence community is simply goofy. It would be like saying that CrowdStrike is an extension of the DNC because they provided the Incident Response and remediation recommendations for the DNC email hack.

No comments

Leave your comment

In reply to Some User