Russia Witch-Hunt Attacks Wrong Target
Steve King, CISM, CISSP
Cybersecurity Marketing and Education Leader | CISM, Direct-to-Human Marketing, CyberTheory
According to headlines, we just learned that “Russia hacked NSA documents with aid from antivirus software.”
What actually happened was that a hacking group alleged to be Russian bad guys somehow managed to hack through a vulnerability in Kaspersky anti-virus software to steal sensitive information on a home PC. The headline should have read ”NSA contractor walks out door with secret sensitive NSA data and gets hacked.”
You can see the difference.
Back in 2015, the NSA suffered a serious breach, exposing the spy agency’s cyber-warfare strategy. The breach was discovered in the spring of 2016 and is just now being reported in the context of Russian hysteria and anti-Trump mania.
The simple facts are that an NSA contractor walked off the job one day with a file that contained information that describes offensive and defensive computer network operations at NSA, the tools and techniques and the codes that the NSA uses to hack into foreign computer systems and the tools and techniques they use to protect the NSA’s own computer networks inside the United States. He then proceeded to load it onto his personal computer at home.
All of the reporting in the last week or so has focused on the fact that Kaspersky antivirus software was used to somehow send alerts to the Russian bad guys that sensitive information was suddenly available on this guy’s computer which prompted the Russians to exploit some back door in the Kaspersky code that only the Russians know about to steal the data.
Does Kaspersky software send secret alerts to secret Russian agents so they can use a secret back door to steal secret NSA data? No. Is there a vulnerability in Kaspersky anti-virus software? Maybe. Did an NSA contractor leave the building with a file containing secret NSA data and then load it onto his home computer? You betcha' baby.
But these facts don’t prevent the hysterical calls by all of the Cybersecurity experts in Congress to ban Kaspersky software from all Federal government agency use. This will of course soon be followed by the same clowns banning any contractor using Kaspersky from doing business with the Federal government. Such a ban along with the associated paranoia will surely result in the demise of Kaspersky.
And all of this hue and cry obfuscates the real story which is the incredible incompetency of the Federal government, of which the congress and Senate are a part. Whether Kaspersky has a vulnerability that allowed penetration by a threat actor is beside the point. All software has vulnerabilities – that’s why we get hacked every 15 minutes. This is not a secret.
The real question is how on earth does the NSA or any other government agency allow such porous security processes around the protection of what should be the most highly classified and sensitive data on the planet? It is unfathomable that anyone could walk out of a Federal office with any data of any kind on their person. No contractor should have access to any sensitive data. No one should be allowed to download any data onto removable media. But they do. Ed Snowden did. This clown did. And countless others before them also did.
The OPM hack occurred in 2014 and in terms of the information stolen was far more damaging than the Equifax hack. This hack occurred in 2015. Many other hacks have occurred before and since.
But suddenly we are going to destroy a highly respected global company because we don’t know what else to do and because we are obsessed with the possibility that the Russians somehow got Trump elected. Or is this an all too convenient narrative to draw attention away from the NSA’s ineptitude?
Of all the Cybersecurity research companies who operate in the markets they do, Kaspersky is the absolute best at research and investigative forensics, the results of which are published widely and are used by every Cybersecurity software and services company on the planet. They make the most popular anti-virus products for personal and home computers and their products are sold in every big box store in America. You are probably running their software right now.
Kaspersky has about half the global market share of its competitor McAfee for business anti-malware software and enjoys over 400 million users, is the market leader in Europe and has grown to become a highly respected multiple award-winning $700 million company.
The Kaspersky Global Research and Analysis Team are the guys who discovered sophisticated espionage platforms linked to US intelligence, such as the Equation Group, the NSA’s secret bad boy Cyber-team who was responsible for hiding known vulnerabilities in Microsoft products so they could play their spy games while the rest of us got hacked. Kaspersky also discovered the U.S. developed Stuxnet worm used to attack Iranian centrifuges, along with a slew of covert government-sponsored cyber-espionage efforts around the world.
Kaspersky publishes the annual Global IT Security Risks Survey and their research hubs analyze more than 350,000 malware samples per day contributing significantly to the global body of Cyber-threat intelligence and a decided advantage to the good guys. The current congressional witch-hunt to destroy an entire company because a handful of illiterate grand-standers are intent upon taking down a presidency is appalling.
Here’s a more appropriate headline: “Bumbling federal employees allow yet another breach of classified documents. Heads will roll.”
But you will only see that in your dreams.