ZURICH, SWITZERLAND: Kaspersky Lab has been embroiled in a clash between the US and Russia over hacking and has been fighting claims its software has been used for cyberespionage in recent times.
While the United States and Russia have been snarling at each other for years over allegations of cyberespionage, hacking, and IP theft, the trouble truly began for Kaspersky in October 2017, when the Wall Street Journal reported that the Russian government was able to steal sensitive information relating to the US National Security Agency (NSA) by infiltrating a contractor’s PC through Kaspersky Labs’ antivirus software.
The publication said that the alleged attack took place in 2015 after the NSA contractor transferred these confidential files to their home system. The potential breach of national security was uncovered a year after.
According to the WSJ, the apparent security breach was “one of the most significant security breaches in recent years.”
Faced with claims that the firm was in the thrall of the Kremlin and software was made available for covert cyberespionage activities against other nations, Kaspersky said at the time the report was little more than “a false accusation.”
An investigation into the incident revealed that the antivirus software in question had analyzed the PC — as such software will do in the hunt for malicious code or activity — and had stumbled across a .ZIP file deemed malicious.
This file contained some elements of source code for a hacking tool which was later connected to the Equation Group, the NSA’s elite hacking team.
Upon discovery, the file was removed from Kaspersky’s malware repository and any other systems involved. Kaspersky has since denied that any third-party — including the Russian government — was able to access the code, and no evidence has been uncovered to date to the contrary.
The incident, however, was only one ripple in a wave of accusations between the US and Russia, with each country blaming the other for a range of digital assaults.
In 2016, the FBI launched an investigation into Russia’s involvement in attacks against the Democratic Congressional Campaign Committee (DCCC).
The DCCC attack was potentially connected to a cyberattack launched against the Democratic National Committee (DNC) and the leak of thousands of confidential emails connected to the Hillary Clinton campaign in the same year.
In 2017, the US Office of the Director of National Intelligence and the Department of Homeland Security (DHS) claimed that the Kremlin also had a hand in the compromise of emails belonging to a number of US political groups.
A total of 12 Russian nationals have since been indicted by US prosecutors over the DNC hacking spree.
Russia’s president, Vladimir Putin, has constantly denied the alleged involvement of his country in hacking activities; instead, Putin has suggested in the past that some “patriotic” individuals — rather than state-sponsored groups — may have conducted attacks on Russia’s behalf.
This tension continues today, with the latest charges laid at Russia’s door being involvement in troll farms and hacking attempts designed to influence the result of US 2016 elections, an attack designed to tamper with the 2018 US midterm elections which were thwarted by Microsoft, and the recent US charges levied against Russian military officers in connection to cyberattacks against computer systems used by anti-doping and sporting officials, as well as those used by agents investigating the Salisbury poisoning in the United Kingdom, believed to be the work of Russian operatives.
Amidst the verbal salvos, allegations, and denials over the past few years, Kaspersky Lab software was banned from use by US federal agencies by the DHS and the Trump Administration removed the company’s products from US General Services Administration’s (GSA) approved vendor lists.
The DHS has suggested that Russian laws could be used to lean on Kaspersky Lab — whether the firm liked it or not — to provide a conduit for cyberespionage activities and to intercept communication connected to Russian networks.
By drawing Kaspersky into the fight, as a company based in Moscow and with Russian roots, all of these elements battered the cybersecurity firm’s reputation quickly.
The credentials of Eugene Kaspersky, the chief executive officer of Kaspersky Lab since 2007, were also part of the mix, as he was co-sponsored by Russia’s KGB (translation: Committee for State Security) and the Soviet Ministry of Defense while studying, before serving as a software engineer for the latter organization.
While the executive does hold a military rank, applied automatically after graduation, the company has denied that “any relationship with high-ranking government officials in Russia” and the CEO exist.
Kaspersky as a company has also defended itself by saying that it “does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”
This is a message Kaspersky is still attempting to spread to this day.
The cybersecurity firm launched into damage control following the broad federal ban, offering a free version of its antivirus solution worldwide and also begun work on a radical plan to make changes to its infrastructure.
Dubbed the Kaspersky Global Transparency Initiative (GTI) and formally announced in May 2018, Kaspersky outlined plans to move a “number of core processes” from Moscow, Russia, to Zurich, Switzerland, as well as data storage systems and processing for “most regions.”
Customer data from the US, Europe, Singapore, Australia, Japan, and South Korea will be moved, with other countries to follow.
On Tuesday at the Kaspersky Transparency Summit in Zurich, Switzerland, the company announced the completion of the first stage of the move, in which malicious code samples gleaned from EU customers will now be stored and processed automatically in Switzerland.
Research and development teams based in Kaspersky’s center in Moscow will need to have remote access to these samples, but the company was quick to emphasize that all requests are logged and will be made available to stakeholders.
It is estimated that only 0.3 percent of malware samples collected require manual review. The full relocation of customer data is expected by the end of 2019.
Kaspersky’s first Transparency Center has also opened in the country, which will permit stakeholders to review the company’s code, software updates, logs, and threat detection rules, alongside other information.
An external auditor, as of yet unnamed, is also going to audit the company’s developmental lifecycle processes, source code, and supply chain risk mitigation strategies.
“Transparency is becoming the new normal for the IT industry — and for the cybersecurity industry in particular,” said Eugene Kaspersky. “We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world.”
The cost of the project is estimated to be roughly $12 million, with $3 million going towards the implementation of the first stage.
However, if GTI proves to be a success, the company is willing to invest more to speed up the process — and hopes other IT companies will follow suit.
TechRepublic: What we need to worry about with election hacking
“This is a prototype and this project will become standard not just for the cybersecurity industry but for all IT industries,” Eugene Kaspersky said. “How much we are going to do depends on the needs and requests of Switzerland and the EU.”
At the summit, you couldn’t help but notice a new motto emblazoned on the conference’s wall: “Proven, Transparent, Independent.”
Veterans of Kaspersky Lab conferences will tell you that the design themes and graphics used in trailers and product launch ads generally stay the same year after year, but this slogan was an addition which seems to highlight where the cybersecurity firm wants to go — and how the Kaspersky Lab wants to be seen as a brand in the future.
The GTI exists in order to rebuild the shattered trust between Kaspersky and clients — touted by the company itself as an “ongoing commitment to protect our customers” — but the ramifications go far deeper.
The shift to Switzerland, a physical place for the purpose of digital storage, is geopolitical.
As the Internet becomes fought over by legislators imposing domestic rules such as the EU’s General Data Protection Regulation (GDPR), the UK’s snooper’s charter, and China’s surveillance bill, among many others, the fragmentation of the web, data processing, and how trustworthy an IT company is has become woven into the political landscape.
Speaking at the summit, Anton Shingarev, VP for Public Affairs at Kaspersky said that such efforts are “designed to build walls around a country to protect its systems,” and that we “live in the age of technological nationalism which is a global trend.”
This form of nationalism, Shingarev says, is making it ever-more difficult for foreign companies to tap into domestic markets, while local companies are given the upper hand.
“I don’t like tech-nationalism, I believe it is wrong and is not beneficial, but we have to find a way to adapt and find a way to overcome it,” the executive added. “This the GTI — how we can we trust the ‘black box’ in our critical systems.”
Shingarev said that “staying far away from politics is the only way for a cybersecurity company to survive and be successful,” but this simply isn’t going to be possible if we are moving towards tech-nationalism.
Indeed, the shift to Switzerland is not necessarily just because of the claims of software compromise and Kremlin-connected cyberespionage. Instead, the country was selected due to political pressures and the tarnish of Russia in relation to alleged global hacking efforts, a potential thorn in the side of any company based there which touts cybersecurity defense products.
In comparison, politically-speaking, Switzerland and its independent nature — as well as the lack of a connection to frequent state-sponsored cyberattacks that the US, UK, North Korea, China, and Russia all claim as separate countries — are far more appealing, probably to customers and regulators alike.
It will be interesting to see if other IT companies in the future also choose to up sticks and try to become associated with countries away from their roots to avoid scrutiny prompted by international politics.
“We live in a time where there is no presumption of innocence,” Shingarev says. “Now, companies like ours, they are not trusted by default. We have to earn it back.”
“Regulators are in a complicated position and under political pressure,” the executive added. “That’s why we are [trying] this approach to try and help them, our customers as well.”
Disclosure: Conference attendance was sponsored by Kaspersky Lab.
Previous and related coverage