Last year, the three big mainstream US newspapers ran articles that more or less spelt the death knell for Kaspersky Lab's deals with the American public sector. The new year has hardly begun, but The Wall Street Journal has been quick off the mark to recycle old claims against the Russian security firm, apparently relying on the old adage that if mud is thrown, then some will stick.
(iTWire has an article here, pointing out the numerous holes in the stories run by the WSJ, The New York Times and the Washington Post last year.)
The WSJ's 2018 effort is not a news story, but a feature. It opens with reference to a party attended by Kaspersky chief Eugene Kaspersky in 2012, where he proposed a toast to Estonian President Toomas Hendrik Ilves, the ranking guest at the function. Eugene, who is known for making jokes when he speaks in public, apparently said, "Toomas, I am so sorry that we attacked you.” This, the WSJ seizes upon as an admission that Russia was responsible for a cyber attack on Tallinn five years earlier.
The possibility that Eugene was merely poking fun at the numerous claims about Russian attribution was not offered by the newspaper - if it was, then the whole premise of the story would collapse. This is a tactic employed right through the 2331-word piece.
{loadposition sam08}For the most part, the article mostly rehashes old happenings: the ban on Kaspersky software in the US public sector, the claims that Kaspersky software was used to transmit NSA documents to the company's Moscow headquarters — any anti-virus software would do something similar with files that it suspected were malware — and a reference to the leaks of NSA documents to the Shadow Brokers, a group that released NSA exploits on the Web in August 2016.
In December, Kaspersky Lab said it was now "seeking an appeal in federal court of US Department of Homeland Security’s decision on Binding Operational Directive 17-01 banning the use of the company’s products in federal agencies".
There are references in the WSJ article to Eugene's background and the fact that he worked for Soviet military intelligence. That's as good as pointing out the fact that there are numerous members of the NSA's elite Tailored Access Operations hacking unit who are now running private security businesses – but in these cases, there has never been even a hint that they are hand-in-glove with the NSA. Two well-known former NSA spooks, Jake Williams and Dave Aitel, head Rendition Infosec and Immunity respectively, and neither has had to ever field an allegation that their companies provide a spying front for the US Government.
"The risk that the US government, whether acting on it's own or in collaboration with Symantec, could capitalize on access provided by Symantec products to compromise Russian government information systems..."
— Jake Williams (@MalwareJake) 7 January 2018
No proof of that you say? How ironic...https://t.co/dDKwVUh5jp pic.twitter.com/SildLNhO9z
Deep into the article, the WSJ had no option but to provide the actual reasons for the actions against Kaspersky: the firm's exposure of NSA spying methods in 2015.
Let me digress a bit here: Kaspersky has been quite forthright about exposing threats to computer users, no matter whether they are from nation-state actors or private individuals. In fact, the first nation-state attack it exposed was in 2014; this was by Britain's GCHQ which tried to hack a Belgian telecommunications provider.
In 2015, Kaspersky exposed a group it called the Equation Group, which the WSJ says is an internal NSA unit. The company also detailed how the Stuxnet operation was carried out to cripple Iran's nuclear reactors. Stuxnet was discovered by Sergey Ulasen in 2010; he joined Kaspersky Lab a year later. The virus was infiltrated into Iran's nuclear labs through an USB drive as the lab was not connected to any external network.
Israeli Government hackers breached the Kaspersky network in 2014; after the company found out in 2015, it wrote a long, detailed analysis of the incident.
And then comes the real reason for the US ban: the WSJ writes, "Once such techniques are public, they are effectively useless for spying." But then is that really Kaspersky's fault? Is the company expected to keep silent when it finds threats to PCs that emanate from national governments? Are journalists expected to stay silent when they discover that their own, or other governments, are acting in a manner that poses a risk to the public?
Earlier this year, the WSJ floated claims that Russian Government employees had used Kaspersky's anti-virus software to search for the code names of US intelligence programs, while Israeli intelligence officials looked on.
The WSJ claims that the NSA, while investigating these claims, honed in on one of its own employees who was running Kaspersky software on his home machine on which he also had numerous samples of NSA malware. The article claims that these were exfiltrated to Kaspersky's Moscow lab, which is again standard practice by any anti-virus software when it encounters suspicious files.
Kaspersky Lab investigated these claims and came up with a detailed report, which basically stated that malware on the PC of the NSA worker had acted as a backdoor and allowed unknown people access to his machine. As he was running Kaspersky software, malware samples had been uploaded to the company's servers in Moscow; when they were recognised as being confidential, they were then deleted.
Here the WSJ throws in an unsourced claim: "Kaspersky said it did keep certain malware files from that collection." But this does not appear in the report that Kaspersky publicly released. Whether it was told to the WSJ in response to a question is unclear. But it does serve to cast another shadow on the company by implying that it retained material that it had admitted was confidential.
Further on, the article tries to tie the Shadow Brokers' leak to Kaspersky software, based on an allegation by a single unnamed US official. (The article is packed with quotes from unnamed officials who appear happy to make claims of all sorts.)
From the Shadow Brokers, the WSJ leaps to the email dump from the Democrat National Committee which was released by WikiLeaks; according to the WSJ, "what intelligence officials have said publicly they concluded (this) was a Russian-led hacking operation to discredit the campaign of Hillary Clinton".
This is a false as only a small number of hand-picked analysts made this assessment. As a recent article in the London Review of Books put it: "(this) is a confused and largely fact-free ‘assessment’ produced last January by a small number of ‘hand-picked’ analysts – as James Clapper, the director of National Intelligence, described them – from the CIA, the FBI and the NSA. The claims of the last were made with only ‘moderate’ confidence. The label Intelligence Community Assessment creates a misleading impression of unanimity, given that only three of the 16 US intelligence agencies contributed to the report. And indeed the assessment itself contained this crucial admission: ‘Judgements are not intended to imply that we have proof that shows something to be a fact. Assessments are based on collected information, which is often incomplete or fragmentary, as well as logic, argumentation and precedents'. Yet the assessment has passed into the media imagination as if it were unassailable fact, allowing journalists to assume what has yet to be proved. In doing so they serve as mouthpieces for the intelligence agencies, or at least for those ‘hand-picked’ analysts."
This, obviously, was a perspective that the WSJ did not wish to provide its readers for it would have made the writers — Shane Harris, Gordon Lubold and Paul Sonne — look rather silly.
Like earlier efforts, the article plays into the old "Russkies under the bed" scare that drove much feverish American patriotism during the days of the Cold War.
Using innuendo and unnamed officials to propagate theories helpful to the US Government is an old game – as one has pointed out in the past, the Middle East correspondent of the Independent, Robert Fisk, once said the Los Angeles Times should change its name to "official sources said". He was referring to the fact that the newspaper uses this term very often to float yarns that push the US Government's point of view.
One can, thus, dismiss the WSJ story as just one more instance of the mainstream media playing from the songsheet that is distributed by Washington DC. Never mind if it sounds somewhat out of tune, given that it does not hold up under scrutiny.