We just learned that “Russia hacked NSA documents with aid from anti-virus software,” according to headlines. What actually happened was that a hacking group alleged to be Russian bad guys somehow managed to hack through a vulnerability in Kaspersky anti-virus software to steal sensitive information on a home PC. The headline should have read, “NSA contractor walks out door with secret, sensitive NSA data and gets hacked.” You can see the difference.
Back in 2015, the NSA suffered a serious breach, exposing the spy agency’s cyberwarfare strategy. The breach was discovered in the spring of 2016 and is just now being reported in the context of Russian hysteria and anti-Trump mania.
The simple facts are that an NSA contractor walked off the job one day with a file that contained information that describes offensive and defensive computer network operations at NSA, the tools and techniques and the codes the agency uses to hack into foreign computer systems, and the tools and techniques it uses to protect the NSA’s own computer networks inside the United States. He then proceeded to load it onto his personal computer at home.
All of the reporting in the past week or so has focused on the fact that Kaspersky anti-virus software was used to somehow send alerts to the Russian bad guys that sensitive information was suddenly available on this guy’s computer, which prompted the Russians to exploit some back door in the Kaspersky code that only they know about, in order to steal the data.
Does Kaspersky software send secret alerts to Russian secret agents so they can use a secret back door to steal secret NSA data? No. Is there a vulnerability in Kaspersky anti-virus software? Maybe. Did an NSA contractor leave the building with a file containing secret NSA data and then load it onto his home computer? Yes.
But these facts don’t prevent the hysterical calls by all of the cybersecurity experts in Congress to ban Kaspersky software from all federal government agency use. This will, of course, soon be followed by the same clowns banning any contractor using Kaspersky from doing business with the federal government. Such a ban, along with the associated paranoia, will surely result in the demise of Kaspersky.
And all of this hue and cry obfuscates the real story, which is the incredible incompetency of the federal government, of which the congress and Senate are a part. Whether Kaspersky has a vulnerability that allowed penetration by a threat actor is beside the point. All software has vulnerabilities — that’s why we get hacked every 15 minutes. This is not a secret.
The real question is how on earth does the NSA, or any other government agency, allow such porous security processes around the protection of what should be the most highly classified and sensitive data on the planet? It is unfathomable that anyone could walk out of a federal office with data of any kind on their person. No contractor should have access to any sensitive data. No one should be allowed to download any data onto removable media. But people do. Ed Snowden did. This clown did. And countless others before them also did.
The OPM hack occurred in 2014 and, in terms of the information stolen, was far more damaging than the Equifax hack. This hack occurred in 2015. Many other hacks have occurred before and since.
But suddenly we are going to destroy a highly respected global company because we don’t know what else to do and because we are obsessed with the possibility that the Russians somehow got Trump elected. Or is this an all-too-convenient narrative to draw attention away from the NSA’s ineptitude?
Of all the cybersecurity research companies that operate in the markets they do, Kaspersky is the absolute best at research and investigative forensics, the results of which are published widely and are used by every cybersecurity software and services company on the planet. It makes the most popular anti-virus products for personal and home computers, and the company’s products are sold in every big-box store in America. You are probably running its software right now.
Kaspersky has about half the global market share of its competitor McAfee for business anti-malware software and enjoys over 400 million users, is the market leader in Europe, and has grown to become a highly respected, multiple award-winning, $700 million company.
The Kaspersky Global Research and Analysis Team are the guys who discovered sophisticated espionage platforms linked to U.S. intelligence, such as the Equation Group, the NSA’s secret bad-boy cyberteam, which was responsible for hiding known vulnerabilities in Microsoft products so they could play its spy games while the rest of us got hacked. Kaspersky also discovered the U.S. developed Stuxnet worm used to attack Iranian centrifuges, along with a slew of covert government-sponsored cyberespionage efforts around the world.
Kaspersky publishes the annual Global IT Security Risks Survey, and its research hubs analyze more than 350,000 malware samples per day — contributing significantly to the global body of cyberthreat intelligence, a decided advantage to the good guys. The current congressional witch hunt to destroy an entire company because a handful of grandstanders are intent upon taking down the Trump presidency is appalling.
Here’s a more appropriate headline: “Bumbling federal employees allow yet another breach of classified documents. Heads will roll.” But you will only see that in your dreams.