Russian security vendor Kaspersky Lab is again under fire in the mainstream US media, with the Washington Post alleging that the co-operation it extended to the FSB, Russia's equivalent of the FBI, in getting a suspected cyber criminal jailed was an indication of "an unusual degree of closeness" to the agency which was described as "the country's powerful security service".
The report says a document posted to Facebook by the suspect, Konstantin Kozlovskiy, claims that in April 2015, an FSB agent who was in Kaspersky's Moscow office provided a password for another suspect's computer to a technician. The technician then used it to gain access to the suspect's computer and obtain decrypted material which he passed to the FSB agent.
The document is said to claim that the FSB agent, A.V. Kutasevich, worked side-by-side with Kaspersky technician Russian Sabitov in what was said to be an “information retrieval” operation.
But the Post left it till the last paragraph of a 17-paragraph story to point out that the same Kozlovskiy had claimed in another document left on Facebook that he was the one who had hacked into the Democrat National Committee on the orders of the FSB, an assertion that was deemed "dubious" by senior intelligence officials cited by the Post. It claimed that it was two other Russian spy agencies that were behind the DNC hack.
Kaspersky Lab has been under sustained pressure in the US with allegations regularly being made that it has been serving as a conduit for Russian intelligence services. The accusations gathered momentum as Russia started to be blamed for allegedly interfering in the 2016 presidential election. In September, the US Government banned the use of Kaspersky products in government agencies.
{loadposition sam08}The Post claimed that though American cyber security firms "sometimes provide technical assistance to the FBI in criminal investigations, the close co-operation between Kaspersky Lab and the FSB raises eyebrows" at a time when the firm is so much in the media limelight.
Finally, can we stop saying that @e_kaspersky graduated from a KGB-supported school? Because that neither relevant or helpful in the discussion.
— Martijn Grooten (@martijn_grooten) December 14, 2017
The newspaper gave no indication of whose eyebrows had been raised. The practice of technology or security firms helping trap cyber criminals is as old as the hills; companies have willingly provided information to the FBI, CIA and the NSA in the US. In some cases, they have been spied on and information taken from them without their knowledge.
This was not a perspective that WaPo reporter Ellen Nakashima provided to readers of the newspaper.
Nope, nothing... And it's not as if @kaspersky cooperation with LEA against Lurk was already public knowledge... https://t.co/B3QkqDw4A6
— Valery Marchive (@ValeryMarchive) December 14, 2017
The information provided to the FSB by Kaspersky was used by the agency to craft its case against Kozlovskiy, who is a member of Lurk, a criminal group whose operations were detailed by Kaspersky Lab in a detailed blog post in August 2016.
In that post, the company outlined its role in the demise of Lurk, though the Post said Kaspersky had not specified that an FSB agent was allowed into its Moscow offices to "supervise the operation".
The WaPo report quoted Andrei Soldatov, reportedly an expert on Russian surveillance and the joint author of a book titled The Red Web, as saying it was surprising that Kaspersky's experts were not asked to provide expertise in the operation against Lurk – though why a technician should not be considered an expert was not explained.
The Red Web deals with what the authors — Irina Borogan is the other joint author — deem the "monumental battle for the future of the Internet". Wikipedia says it "examines the history of surveillance technologies in Russia, the Soviet Union's authoritarian control over information and its distribution, and the legacy of this mindset as it reverberates in the Russia in the Internet age".
Kaspersky's role was authorised by a Russian court but Soldatov was of the opinion that “this kind of ‘joint operation’ raises a question whether the company went too far in its co-operation with the Russian secret services".
The Post contrasted the Russian incident with the way things are reportedly done in the US, quoting an unnamed former FBI special agent who had worked on a number of high-profile cyber cases as saying that such an arrangement would be unusual in the US and “outside the realm of something the bureau would approve".
The logic in drawing the conclusion that this act constituted "an unusual degree of closeness to the FSB" evoked scepticism from security professionals.
"This is the FSB in its role of the Russian FBI. This is an operation against some cyber criminals. Security companies co-operate with law enforcement all the time. As a defensive security company, like AV, it would be hypocritical not to," commented Martijn Grooten, the editor of Virus Bulletin, a magazine that covers the prevention, detection and removal of malware and spam.
"One can have a valid discussion on what specific roles security companies should play in a co-operation with law enforcement, and different companies have different views on this, but nowhere does it appear that Kaspersky clearly crossed a line.
"It'd be different if the criminals were running Kaspersky's AV and Kaspersky was asked to backdoor that to get access to their machines. Nowhere does the story even imply this might have happened. (And it won't have, as the FSB wouldn't do this.)"