Russian President Vladimir Putin’s regime has been highly aggressive in pursuing cyberwar and cyberespionage at least since its 2007 attacks on the Estonian government. The fact that it is routinely attacking U.S. defense and intelligence cyber-networks can be no surprise.
During the 2016 U.S. presidential campaign Russian government ads appeared on several U.S. social media sites, including Facebook. They were propaganda designed to destabilize and discredit the democratic process, a disinformation campaign at which the Russian FSB, successor to the Soviet KGB, is very adept.
Russian cyberespionage may have achieved its greatest success in 2015.
According to an Oct. 5 report in The Wall Street Journal, in 2015 an employee of a National Security Agency (NSA) contractor — perhaps intending to work at home — stole top-secret information about how the U.S. penetrates foreign computer security networks and defends against cyber-attacks, and copied it onto his home computer. That computer was, he thought, protected by an antivirus software package sold by the Russian company Kaspersky Lab.
That software apparently allowed Russian cyberspies to spot and copy the top-secret software the NSA was using. Russia now knows how the NSA was penetrating foreign computers and can design defenses accordingly. Israeli cyberspies reportedly detected the Russian penetration of the home computer and alerted their U.S. counterparts. It was reportedly the most serious and damaging disclosure of top-secret information since 2013, when Edward Snowden stole and then disseminated top-secret NSA intelligence-gathering programs.
The intelligence community reportedly regarded this breach as so severe it gave the incident its own code name under which the investigation and damage assessment could be conducted.
The person who took the NSA information home and put it on his home computer committed the same crimes — felonies under 18 U.S. Code Sections 1924 and 793(f) — that Hillary Clinton apparently committed.
Kaspersky Labs came to the attention of the FBI’s Counterterrorism Division in 2015 because of its aggressive marketing of its software to U.S. defense and intelligence agencies. The FBI was, of course, aware that Kaspersky, like all such Russian companies, would need a license from the FSB to operate, which means the FSB would have complete access to its products and be able to embed spyware in them.
One report says that CIA representatives were called to a Moscow meeting with FSB officials in which the CIA was warned to keep its hands off Kaspersky’s products. It was a “demarche,” diplomatic warning, unusually delivered by spies, not diplomats. Since then, the FBI has been warning U.S. defense and intelligence agencies, as well as their contractors, to either rid themselves of the Kaspersky software or not buy it if they hadn’t already.
This sort of threat is not new. When China bought IBM’s ThinkPad business more than a decade ago, it continued producing the products under the Lenovo brand. The State Department, which had bought many of them, in 2006 finally decided that they couldn’t be used for classified information or on classified networks because they were believed to pose a cyberspying risk.
Kaspersky Labs’ antivirus software, like its legitimate counterparts in the cyberworld, function by gaining access to every bit of data and programming on a computer. If, as suspected, it contains “back doors” and other spyware, it may also have the ability to “jump” to any other computers with which the Kaspersky-laden machine comes into contact. According to The New York Times, Kaspersky’s customers have included nearly two-dozen U.S. government agencies and many of their counterparts in Western Europe.
On Sept. 13, the Department of Homeland Security gave all federal agencies 90 days to remove the suspect Kaspersky software. (Kaspersky Labs has denied any connection to the FSB and that its software is Russian spyware.)
We can be certain of at least one thing: that whatever the Kaspersky Labs’ software contains, it is not unique. The danger it represents is only part of the Russian cyberwar against us.
The U.S. intelligence community relies on many civilian contractors — big companies that include Lockheed Martin, Booz Allen Hamilton, CSRA, SAIC and CACI International, and a few smaller companies — for much of its intelligence-gathering and analysis. They multiply the abilities of NSA, CIA and the FBI to detect cyberintrusions, analyze intelligence information and other intelligence-related operations. Thousands of dedicated, trustworthy people perform these functions for their employers 24/7.
But the old adage holds true: Two can keep a secret if one of them is dead. The more people who have access to a secret, the more computers they use to work on that information, the more vulnerable our secrets are.
The big questions remain. Why would the intelligence agencies or their contractors trust any software (or hardware) produced in Russia, China or any adversary nation? Why would anyone in the intelligence or defense communities — agencies, contractors or employees of either — trust such software? Their training, obviously inadequate at this point, should have prevented that.
There will be no respite for our intelligence and defense communities. Russia, China, Iran and North Korea, among other nations, will continue their cyberespionage against them. The leadership of our agencies and contractors have to ensure better training of all their employees to prevent smart people from doing stupid things with our secrets.
• Jed Babbin, a deputy undersecretary of defense in the George H.W. Bush administration, is the author of “In the Words of Our Enemies.”
Copyright © 2017 The Washington Times, LLC.