Regardless of your political leanings, these two stories in the last couple of days, from the Wall Street Journal and the New York Times, have to raise some eyebrows:
How Kaspersky’s Software Fell Under Suspicion of Spying on America
Officials lack conclusive evidence, but incidents involving the firm’s antivirus products raised alarms
By Shane Harris,
Gordon Lubold and Paul Sonne
Jan. 5, 2018 11:14 a.m. ET
* * * * *
How U.S. Intelligence Agencies Underestimated North Korea
By DAVID E. SANGER and WILLIAM J. BROAD
JAN. 6, 2018
How Kaspersky’s Software Fell Under Suspicion of Spying on America
Officials lack conclusive evidence, but incidents involving the firm’s antivirus products raised alarms
By Shane Harris,
Gordon Lubold and Paul Sonne
Jan. 5, 2018 11:14 a.m. ET
Eugene Kaspersky was late for his own dinner party.
At his invitation, guests from the Washington cybersecurity community waited one evening in 2012. Seated at the National Press Club were officials from the White House, State Department, Federal Bureau of Investigation and other agencies, said people who were there. Guests had started their first course when Mr. Kaspersky arrived, wearing a tuxedo with a drink in hand.
Mr. Kaspersky, chief executive of Russian security-software vendor Kaspersky Lab, proposed a toast to the ranking guest, Estonian President Toomas Hendrik Ilves, whose country had suffered a cyberattack five years earlier. The assault followed Estonia’s decision to remove a Soviet-era monument from its capital, and U.S. officials suspected Russia was behind it.
“Toomas,” Mr. Kaspersky said. “I am so sorry that we attacked you.”
The comment stopped all conversation until Mr. Ilves broke the silence. “Thank you,” he said, raising his glass. “This is the first time anyone from Russia has ever admitted attacking my country.”
No one suggested Kaspersky was involved in the Estonian hack, but Mr. Kaspersky’s toast played into a suspicion held by many in the U.S. intelligence community that his company might be wittingly or unwittingly in league with the Russian government—a suspicion that has only intensified since.
The process of evaluating Kaspersky’s role, and taking action against the company, is complicated by the realities of global commerce and the nature of how modern online software works. A top Department of Homeland Security official said in November congressional testimony the U.S. lacks “conclusive evidence” Kaspersky facilitated national-security breaches.
While the U.S. government hasn’t offered conclusive evidence, Wall Street Journal interviews with current and former U.S. government officials reveal what is driving their suspicions.
Some of these officials said they suspect Kaspersky’s antivirus software—the company says it is installed on 400 million computers world-wide—has been used to spy on the U.S. and blunt American espionage. Kaspersky’s suspected involvement in U.S. security breaches raises concerns about the relationship between the company and Russian intelligence, these officials said.
DHS, convinced Kaspersky is a threat, has banned its software from government computers. The company sued the U.S. government on Dec. 18 in U.S. District Court in Washington, D.C., saying the ban was arbitrary and capricious, and demanding the prohibition be overturned. DHS referred inquiries to the Justice Department, which declined to comment.
. . . .
At his invitation, guests from the Washington cybersecurity community waited one evening in 2012. Seated at the National Press Club were officials from the White House, State Department, Federal Bureau of Investigation and other agencies, said people who were there. Guests had started their first course when Mr. Kaspersky arrived, wearing a tuxedo with a drink in hand.
Mr. Kaspersky, chief executive of Russian security-software vendor Kaspersky Lab, proposed a toast to the ranking guest, Estonian President Toomas Hendrik Ilves, whose country had suffered a cyberattack five years earlier. The assault followed Estonia’s decision to remove a Soviet-era monument from its capital, and U.S. officials suspected Russia was behind it.
“Toomas,” Mr. Kaspersky said. “I am so sorry that we attacked you.”
The comment stopped all conversation until Mr. Ilves broke the silence. “Thank you,” he said, raising his glass. “This is the first time anyone from Russia has ever admitted attacking my country.”
No one suggested Kaspersky was involved in the Estonian hack, but Mr. Kaspersky’s toast played into a suspicion held by many in the U.S. intelligence community that his company might be wittingly or unwittingly in league with the Russian government—a suspicion that has only intensified since.
The process of evaluating Kaspersky’s role, and taking action against the company, is complicated by the realities of global commerce and the nature of how modern online software works. A top Department of Homeland Security official said in November congressional testimony the U.S. lacks “conclusive evidence” Kaspersky facilitated national-security breaches.
While the U.S. government hasn’t offered conclusive evidence, Wall Street Journal interviews with current and former U.S. government officials reveal what is driving their suspicions.
Some of these officials said they suspect Kaspersky’s antivirus software—the company says it is installed on 400 million computers world-wide—has been used to spy on the U.S. and blunt American espionage. Kaspersky’s suspected involvement in U.S. security breaches raises concerns about the relationship between the company and Russian intelligence, these officials said.
DHS, convinced Kaspersky is a threat, has banned its software from government computers. The company sued the U.S. government on Dec. 18 in U.S. District Court in Washington, D.C., saying the ban was arbitrary and capricious, and demanding the prohibition be overturned. DHS referred inquiries to the Justice Department, which declined to comment.
. . . .
Mr. Kaspersky enrolled at the KGB-sponsored Institute of Cryptography, Telecommunications, and Computer Science, finished in 1987 and was commissioned in Soviet military intelligence, he has told reporters. He has acknowledged his company has done work for the KGB’s successor, the FSB.
Kaspersky, closely held, says it has unaudited 2016 revenues of $644 million. Current and former U.S. intelligence officials said they doubt Kaspersky could have risen to such heights outside of Russia without cooperating with Russian authorities’ aims, a conjecture the company denies.
Kaspersky’s main product is similar to other antivirus software, which scans computers to identify malicious code or infected files. Such software typically requires total access so it can remotely scan documents or emails and send a record of any suspicious and previously unidentified code back to the software company.
In Kaspersky’s case, some servers are in Russia. When the DHS banned Kaspersky products, it cited “requirements under Russian law that allow Russian intelligence agencies to compel assistance from Kaspersky or intercept communications transiting Russian networks.” Kaspersky countered that those laws and tools don’t apply to its products because the firm doesn’t provide communications services.
Concerns about the potential threat posed by Kaspersky software have circulated in U.S. intelligence circles for years. U.S. intelligence issued more than two dozen reports referring to the company or its connections, according to a U.S. defense official, with the Pentagon first mentioning the firm as a potential “threat actor” in 2004.
A Defense Intelligence Agency supply-chain report flagged Kaspersky in 2013, referring to its efforts to sell American firms a protection product for large-scale U.S. industrial companies, the defense official said. A former U.S. official said Kaspersky’s efforts to make inroads in the U.S. industrial and infrastructure market made people uncomfortable.
At a February 2015 conference, Kaspersky exposed what it described as a cyber-snooping network it dubbed the “Equation Group.” In fact, it was an elite classified espionage group within the NSA, said some of the former U.S. officials. Kaspersky linked it to a virus called Stuxnet that the Journal and other publications have since reported was designed by the U.S. and Israel to destroy Iranian nuclear centrifuges. Kaspersky also described other techniques and tactics the U.S. uses to break into foreign computer networks.
Once such techniques are public, they are effectively useless for spying. When NSA officials got word of Kaspersky’s plans to expose its tactics, they pulled the agency’s spying tools from around the world as a preventive measure and reworked how its hackers were functioning, said some of the former U.S. officials. The NSA didn’t respond to requests for comment.
U.S.-Russian relations at the time were deteriorating. President Vladimir Putin had granted NSA leaker Edward Snowden asylum and annexed a swath of Ukraine. Some U.S. officials were convinced Kaspersky was promoting Russian interests and had shared with the Kremlin what it knew about the Equation Group.
“To think that information wasn’t shared with Russian intelligence, or they weren’t supporting Russian intelligence,” said one former U.S. official about Kaspersky, “you’d have to be very nearsighted to not at least think there was something there.”
Not all U.S. officials believed the worst about Kaspersky, with many citing the high quality of the firm’s cyberthreat research. “There was this innocent until proven guilty attitude,” said another former U.S. official who worked on Russia and national-security matters.
https://www.wsj.com/articles/how-ka...der-suspicion-of-spying-on-america-1515168888Kaspersky, closely held, says it has unaudited 2016 revenues of $644 million. Current and former U.S. intelligence officials said they doubt Kaspersky could have risen to such heights outside of Russia without cooperating with Russian authorities’ aims, a conjecture the company denies.
Kaspersky’s main product is similar to other antivirus software, which scans computers to identify malicious code or infected files. Such software typically requires total access so it can remotely scan documents or emails and send a record of any suspicious and previously unidentified code back to the software company.
In Kaspersky’s case, some servers are in Russia. When the DHS banned Kaspersky products, it cited “requirements under Russian law that allow Russian intelligence agencies to compel assistance from Kaspersky or intercept communications transiting Russian networks.” Kaspersky countered that those laws and tools don’t apply to its products because the firm doesn’t provide communications services.
Concerns about the potential threat posed by Kaspersky software have circulated in U.S. intelligence circles for years. U.S. intelligence issued more than two dozen reports referring to the company or its connections, according to a U.S. defense official, with the Pentagon first mentioning the firm as a potential “threat actor” in 2004.
A Defense Intelligence Agency supply-chain report flagged Kaspersky in 2013, referring to its efforts to sell American firms a protection product for large-scale U.S. industrial companies, the defense official said. A former U.S. official said Kaspersky’s efforts to make inroads in the U.S. industrial and infrastructure market made people uncomfortable.
At a February 2015 conference, Kaspersky exposed what it described as a cyber-snooping network it dubbed the “Equation Group.” In fact, it was an elite classified espionage group within the NSA, said some of the former U.S. officials. Kaspersky linked it to a virus called Stuxnet that the Journal and other publications have since reported was designed by the U.S. and Israel to destroy Iranian nuclear centrifuges. Kaspersky also described other techniques and tactics the U.S. uses to break into foreign computer networks.
Once such techniques are public, they are effectively useless for spying. When NSA officials got word of Kaspersky’s plans to expose its tactics, they pulled the agency’s spying tools from around the world as a preventive measure and reworked how its hackers were functioning, said some of the former U.S. officials. The NSA didn’t respond to requests for comment.
U.S.-Russian relations at the time were deteriorating. President Vladimir Putin had granted NSA leaker Edward Snowden asylum and annexed a swath of Ukraine. Some U.S. officials were convinced Kaspersky was promoting Russian interests and had shared with the Kremlin what it knew about the Equation Group.
“To think that information wasn’t shared with Russian intelligence, or they weren’t supporting Russian intelligence,” said one former U.S. official about Kaspersky, “you’d have to be very nearsighted to not at least think there was something there.”
Not all U.S. officials believed the worst about Kaspersky, with many citing the high quality of the firm’s cyberthreat research. “There was this innocent until proven guilty attitude,” said another former U.S. official who worked on Russia and national-security matters.
* * * * *
How U.S. Intelligence Agencies Underestimated North Korea
By DAVID E. SANGER and WILLIAM J. BROAD
JAN. 6, 2018
WASHINGTON — At the start of Donald Trump’s presidency, American intelligence agencies told the new administration that while North Korea had built the bomb, there was still ample time — upward of four years — to slow or stop its development of a missile capable of hitting an American city with a nuclear warhead.
The North’s young leader, Kim Jong-un, faced a range of troubles, they assured the new administration, giving Mr. Trump time to explore negotiations or pursue countermeasures. One official who participated in the early policy reviews said estimates suggested Mr. Kim would be unable to strike the continental United States until 2020, perhaps even 2022.
Mr. Kim tested eight intermediate-range missiles in 2016, but seven blew up on the pad or shattered in flight — which some officials attributed partly to an American sabotage program accelerated by President Barack Obama. And while the North had carried out five underground atomic tests, the intelligence community estimated that it remained years away from developing a more powerful type of weapon known as a hydrogen bomb.
Within months, those comforting assessments looked wildly out of date.
At a speed that caught American intelligence officials off guard, Mr. Kim rolled out new missile technology — based on a decades-old Soviet engine design, apparently developed in a parallel program — and in quick succession demonstrated ranges that could reach Guam, then the West Coast, then Washington.
And on the first Sunday in September, he detonated a sixth nuclear bomb. After early hesitation among analysts, a consensus has now emerged that it was the North’s first successful test of a hydrogen weapon, with explosive force some 15 times greater than the atom bomb that leveled Hiroshima.
The C.I.A. and other American intelligence services had predicted this moment would come, eventually. For decades, they accurately projected the broad trajectory of North Korea’s nuclear program. Yet their inability to foresee the North’s rapid strides over the past several months now ranks among America’s most significant intelligence failures, current and former officials said in recent interviews.
https://www.nytimes.com/2018/01/06/...7&nl=morning-briefing&nlid=78294671&te=1&_r=0The North’s young leader, Kim Jong-un, faced a range of troubles, they assured the new administration, giving Mr. Trump time to explore negotiations or pursue countermeasures. One official who participated in the early policy reviews said estimates suggested Mr. Kim would be unable to strike the continental United States until 2020, perhaps even 2022.
Mr. Kim tested eight intermediate-range missiles in 2016, but seven blew up on the pad or shattered in flight — which some officials attributed partly to an American sabotage program accelerated by President Barack Obama. And while the North had carried out five underground atomic tests, the intelligence community estimated that it remained years away from developing a more powerful type of weapon known as a hydrogen bomb.
Within months, those comforting assessments looked wildly out of date.
At a speed that caught American intelligence officials off guard, Mr. Kim rolled out new missile technology — based on a decades-old Soviet engine design, apparently developed in a parallel program — and in quick succession demonstrated ranges that could reach Guam, then the West Coast, then Washington.
And on the first Sunday in September, he detonated a sixth nuclear bomb. After early hesitation among analysts, a consensus has now emerged that it was the North’s first successful test of a hydrogen weapon, with explosive force some 15 times greater than the atom bomb that leveled Hiroshima.
The C.I.A. and other American intelligence services had predicted this moment would come, eventually. For decades, they accurately projected the broad trajectory of North Korea’s nuclear program. Yet their inability to foresee the North’s rapid strides over the past several months now ranks among America’s most significant intelligence failures, current and former officials said in recent interviews.
