From the WSJ’s article a couple of days ago we find out this:

Back a year or two ago, some idiot NSA subcontractor (or contractor) took home some key documents or took home a data stick or flash drive and worked on or viewed these documents on his home PC. That meant that the Kaspersky Labs antivirus software running on his machine or even embedded on his machine without his (or her) knowledge, went to work and found something.

What the Kaspersky Labs apparently found were hacking tools the NSA uses as part of it’s cyber surveillance. NSA’s core mission is signals intelligence after all. This raises more than a few problems:

  • Did the Kaspersky Labs software find malware which is indeed how some of NSA’s (perhaps a large part – who knows?) spyware apparently works. In other words, was the antivirus software merely doing it’s job? In which case it would have sent a report back to Kapersky Labs Head Office. In or near Moscow.
  • Who then within Russia’s intel services (the FSB and whoever else does this sort of thing in Russia) managed to access these NSA hacking tools (most likely some form of malware)? Was it an FSB mole discreetly working at Kaspersky, or does someone at FBS HQ merely call up the Russian company and request they hand over the information? Former American intel operators seem divided on this issue, as far as the quotes in Cipher’s recent story go.
  • Do Russia’s intel agencies piggyback Kaspersky’s software through a massive hacking breach? Most experts seem to think this is unlikely. That is, they are more willling to believe that Kaspersky is a willing (or forced) partner at some level – whether directly or through embedded Russian intel personnel. Many of Kaspersky’s employees are precisely former Russian intel people.
  • Who would now be willing to trust Kaspersky’s software on their company’s or institution’s or government agancy’s information systems? The solution that some beltway intel experts seem to be suggesting is that Kaspersky Labs move their base of operations out of Russia. A dramatic move that would seem to be just a touch tricky in Putin’s Russia. You can imagine Kaspersky himself suddenly falling victim to some strange disease and dying quickly on a hospital bed somewher in Western Europe if he was lucky. Or under even more unpleasant circumstances within Russia. Are they being forced to go to cyberwar for Putin just to keep the peace with the Kremlin?

Finally, there are two main questions aside from speculating on how the hack was done:

  • Why the ever fricking loving heck was Kaspersky Labs still being used on information systems belonging to government agencies – some of them intel agencies?? Why did it take so long and such a disastrous leak to force DHS’s hand and make them finally require government agencies to use a more trusted antivirus provider? The reply that Kasperky Labs antivirus software is good, is not a valid answer in this case.
  • If the NSA can’t control – and that would be with “extreme prejudice” to quote Apocalypse Now – their own contractors, how can America’s premier signals intelligence agency be truly effective? Yes, intel agents do occasionally ge turned for various motives, but this was different. A lapse in physical security (no way that contractor should have had those documents on his home PC) combined with a potentially dangerous backdoor, Kapsersky’s software, that intel experts had been worrying about for some time, to produce a disastrous breach. The only surprising thing is that it didn’t happen sooner. Assuming it didn’t and we don’t know about it.

This was a breach that had been just waiting to happen. Now the NSA has to clean up a mess that it’s sloppiness helped make.

Comments