{"id":5358,"date":"2017-10-22T01:25:18","date_gmt":"2017-10-22T05:25:18","guid":{"rendered":"http:\/\/ncjolt.org\/?p=5358"},"modified":"2020-06-04T20:52:51","modified_gmt":"2020-06-04T20:52:51","slug":"kaspersky-russia-exposure-american-national-security-secrets","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/kaspersky-russia-exposure-american-national-security-secrets\/","title":{"rendered":"Kaspersky, Russia, and the Exposure of American National Security Secrets"},"content":{"rendered":"<p>Last week, <a href=\"https:\/\/www.wsj.com\/articles\/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108\">news broke<\/a> that hackers working for the Russian government acquired American intelligence programs by exploiting weaknesses in Kaspersky Lab, a software security program used by several agencies in the United States government. According to the <a href=\"https:\/\/www.wsj.com\/articles\/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108\"><em>Wall Street Journal<\/em><\/a>, the hackers successfully acquired \u201cdetails of how the U.S. penetrates foreign computer networks and defends against cyberattacks,\u201d including \u201cdetails about how the NSA [National Security Agency] penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S.\u201d<br \/>\n<a href=\"https:\/\/www.wsj.com\/articles\/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108\">The same report<\/a> described the breach as having occurred because an NSA contractor, who used Kaspersky Lab antivirus software on his home computer, removed classified material from his work computer and put it on his home computer, thus leaving the information susceptible to attack. There is <a href=\"https:\/\/www.wsj.com\/articles\/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108\">no indication that the individual sought to aid<\/a> the Russian government in any capacity. This reportedly <a href=\"https:\/\/www.wsj.com\/articles\/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108\">occurred in 2015<\/a>, although it was not known until last spring. <a href=\"https:\/\/www.nytimes.com\/2017\/10\/10\/technology\/kaspersky-lab-israel-russia-hacking.html\">Israeli intelligence officials<\/a> informed the United States that Russians used Kaspersky \u201cto aggressively scan for American government classified programs, and pull[ed] any findings back to Russian intelligence systems.\u201d Although <a href=\"https:\/\/www.nytimes.com\/2017\/10\/10\/technology\/kaspersky-lab-israel-russia-hacking.html\">Kaspersky denies knowledge of or involvement in<\/a> Russian espionage efforts, many in the national intelligence community have speculated that the company \u201c<a href=\"https:\/\/www.wsj.com\/articles\/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108%20\">is a proxy of the Russian government<\/a>\u201d\u2014or if not a proxy, certainly capable of <a href=\"https:\/\/www.nytimes.com\/2017\/10\/10\/technology\/kaspersky-lab-israel-russia-hacking.html\">assisting the Russian government<\/a>.<br \/>\n<a href=\"https:\/\/www.nytimes.com\/2017\/10\/10\/technology\/kaspersky-lab-israel-russia-hacking.html\">Nearly two dozen<\/a> American agencies use or have used Kaspersky\u2019s software. This group includes the State Department, the Department of Defense, the Department of Justice, and the Army, Navy, and Air Force\u2014and each of these agencies hold highly classified and sensitive information. <a href=\"https:\/\/www.nytimes.com\/2017\/10\/10\/technology\/kaspersky-lab-israel-russia-hacking.html\">Interestingly, the NSA<\/a> \u201cbans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries\u201d\u2014yet it was still <a href=\"https:\/\/www.wsj.com\/articles\/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108\">through an NSA contractor<\/a> that the Russian hackers were able to access the sensitive information. There is also the question as to why other agencies used Kaspersky even though the NSA was aware of significant, compromising flaws in its antivirus software. In fact, a former NSA operator noted that antivirus software is \u201c<a href=\"https:\/\/www.nytimes.com\/2017\/10\/10\/technology\/kaspersky-lab-israel-russia-hacking.html\">the ultimate backdoor<\/a>,\u201d meaning that it can be used to perform devastating attacks and executing espionage operations.<br \/>\nOn September 13, the Department of Homeland Security announced a mandatory order requiring all agencies using Kaspersky products to <a href=\"https:\/\/www.dhs.gov\/news\/2017\/09\/13\/dhs-statement-issuance-binding-operational-directive-17-01\">remove the software within ninety days<\/a>. Of particular note, the mandate noted: \u201cThe risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.\u201d Perhaps not surprisingly, <a href=\"https:\/\/uk.reuters.com\/article\/uk-usa-security-kaspersky-russia\/russia-says-kaspersky-removal-in-u-s-delays-bilateral-ties-recovery-idUKKCN1BP0KA\">the Russian embassy responded the following day<\/a>, lamenting the \u201cregrettable\u201d decision delaying the \u201crestoration of bilateral ties.\u201d About a month later, the public learned via the <em>Wall Street Journal <\/em>report that Russian hackers acquired highly classified information.<\/p>\n<blockquote><p>Among a multitude of concerns, the revelation that Russian hackers acquired American national security secrets forces the United States to consider an important question: who do we trust with our cybersecurity?<\/p><\/blockquote>\n<p>For a country that is already in an adversarial relationship with Russia, the fact that Russia was able to obtain national security secrets relating to our cyber defenses and capabilities puts additional strain on the relationship. Moreover, why are government agencies\u2014particularly ones that handle classified information relating to foreign policy, defense, and grand strategy\u2014trusting antivirus software made by a company which is suspected to be \u201ca proxy of the Russian government\u201d and whose <a href=\"https:\/\/www.wsj.com\/articles\/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108\">founder was educated at a KGB-sponsored school<\/a>? Why have American agencies used antivirus software of questionable security when antivirus programs already pose a vulnerability? Additionally, if the NSA does not trust the antivirus software enough to use on its computers, why were other agencies permitted to use it?<br \/>\nPresumably, there will be more information that will continue to shed light on the situation. The United States government should use this as an opportunity for serious reflection on who it trusts to protect sensitive and classified information. To be fair, even if Kaspersky software was not used on any government computer, it may not have been enough to prevent this problem. That does not, however, excuse the government from not taking common-sense measures to ensure that its information is as secure as possible.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week, news broke that hackers working for the Russian government acquired American intelligence programs by exploiting weaknesses in Kaspersky Lab, a software security program used by several agencies in the United States government. According to the Wall Street Journal, the hackers successfully acquired \u201cdetails of how the U.S. penetrates foreign computer networks and defends <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/kaspersky-russia-exposure-american-national-security-secrets\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":5359,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5358"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=5358"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5358\/revisions"}],"predecessor-version":[{"id":7019,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5358\/revisions\/7019"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/5359"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=5358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=5358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=5358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}