Tuesday27 September 2022

Kaspersky; the plot and ridiculousness thickens

Reading time is around minutes.

A few days ago we published an article that covered a leaked batch of emails that showed Kaspersky has worked with the Russian Government. We also covered that the pieces of the emails that were published were completely out of context, and also are nothing out of the ordinary for a company that has a contract with a Government body. Kaspersky's denial of cooperation is also nothing new, so why the big deal in the media? Well we might have found a few pieces to that puzzle which would certainly explain the big push to discredit Kaspersky.

Before we dive into the reasons behind the recent media push let's take a look at some of the articles that have been put out there. These articles all revolve around a few key items; that Kaspersky did work on a project at the request of the Russian Government and that at least one member of their staff went along on a raid, and that Kaspersky denied working with the Russian Government. These things sound shocking and horrible, especially the way they are covered. The sad part is that they are being covered by people that have very little working knowledge of how security companies work. With that in mind, let's break some of these down.
The Denial -
This one surprises me the most. I do not know of many journalists that have not deal with an NDA (Non-Disclosure Agreement) or an information Embargo. Most of these are for information that would not be considered critical to National Security. After all nations are not going to fall if the latest details of the iPhone, or Intel's next CPU leak. However, when you are working in security (especially information security) some of the NDAs you sign are quite serious. The consequences are not just civil litigation, but can include real prison time. Some NDAs include wording that state that you cannot even talk about the NDA or admit affiliation (first rule of NDA, you do not talk about NDA). This is like getting an NSL (National Security Letter). When a company gets one of these they cannot even say they got one. They just have to comply with it or face serious consequences.  
Remember how Microsoft, Google and others reacted after the Snodwen leaks? Well Kaspersky is likely to have been under similar retractions as to what they can and cannot say about their work with the government. This one should not have even been part of the conversation.
The ride along for the raid -
The fact that a senior employee of Kaspersky rode along with Russian intelligence agents for a raid sounds very damning. Well that is until you realize that this is not an uncommon occurrence. Depending on what products you offer as a security company you might also offer direct forensic data collection. This is where you send an engineer out to collect forensic copies of the data on all systems at a location. It typically happens when there is a fear of data destruction from the target. I personally have been on a few raids (accompanied by US Marshals) for this exact purpose. The warrant even contained a break order in case the suspect was not present. Once there, my job was simple. Make forensic copies of everything onsite and secure them for later independent analysis. Considering the out of context nature of this little talking point, I would suspect that Kaspersky was providing this service. It was not the sinister act that most of the media would have you think.

The secret project -
This one would seem to be the most critical in proving that Kaspersky works closely with the Russian government. Unfortunately it really is not that big of a deal. According to even the out of context email quotes the project was for a DDoS (Distributed Denial of Service) attack mitigation platform that would allow for the source systems to be cataloged and tracked. A project like this for a government body would have had some pretty serious NDAs on it so Kaspersky would not have been able to talk about it due to the sensitivity of the project not to mention the impact on Russian national security if information did get out about it. Many US security firms have contracts with government agencies (not just US) and do not talk about it. Building a DDoS mitigation platform would be a common type of project.  
Why go after Kaspersky?
In looking over some older documentation I noticed that Kaspersky was mentioned as not being fully compromised by the NSA. They did not have a good means of by passing their detection and prevention engine. Not a surprise really as the NSA would not have the same control over them or access to their product as they would US based companies. We know that the NSA has been instrumental in weakening security (including encryption) so that they can continue their surveillance on US citizens and businesses. They would not be happy to know that another option was out there that would potentially prevent easy access. However for a long time Russia was not viewed as the big threat. Now that all of the media hype over potential Russian meddling (and hacking) during the 2016 election has made Russia the big boogeyman, we are betting that the NSA saw an opening and took it.
They pushed for congress to make open statements about Kaspersky being aligned with the Russian Government which were immediately gobbled up by the media like kids with Halloween candy. It allowed the US government to push for access to the source code for Kaspersky's products. This gives the NSA the chance to identify methods of compromising it on the premise of keeping US interests safe. In reality the NSA and other governmental agencies are reducing the overall security of everyone in their paranoid need to have access to all of the data that ever was. Just look at the number of leaks that contain zeros day flaws and intrusion tools that were stock piled by people like the CIA, the NSA and other intelligence agencies. In their arrogance they forget that the bad guys out there are often just as smart, if not smarter, and are going to find the back doors ad flaws they either put in place or have left vulnerable and they are not likely to stop.
Of course, I could be wrong about all of this. It is just that history and the evidence (even circumstantial) is not showing that.

Last modified on Tuesday, 18 July 2017 11:03

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.