view counter

Considered opinionKaspersky antivirus hack a wake-up call for business

By Levi Maxey

Published 11 October 2017

Russian state-sponsored hackers were able to steal National Security Agency (NSA) material on methods the NSA uses to conduct cyber espionage as well as how the agency helps defend critical U.S. government networks. An NSA contractor placed the material on his or her private computer – a violation of the agency’s security policy – and the private computer reportedly had anti-virus software belonging Moscow-based Kaspersky Lab installed. The software detected the unsecured classified material and alerted Russian intelligence to its presence. Michael Sulmeyer, the director of the Belfer Center’s Cyber Security Project at Harvard University, says geopolitics should guide some in the private sector to follow the U.S. government’s lead in removing Kaspersky’s software from their networks.

Russian state-sponsored hackers were able to steal National Security Agency (NSA) material on methods the NSA uses to conduct cyber espionage as well as how the agency helps defend critical U.S. government networks, according to the Wall Street Journal. An NSA contractor placed the material on his or her private computer – a violation of the agency’s security policy – and the private computer reportedly had anti-virus software belonging Moscow-based Kaspersky Lab installed. The software appears to have detected the unsecured classified material and somehow alerted Russian intelligence to its presence, enabling the Russian hackers to glean important information on U.S. cyber capabilities and defenses. Kaspersky Lab denies any involvement in the theft of the information.

The Cipher Brief’s Levi Maxey spoke with Michael Sulmeyer, the director of the Belfer Center’s Cyber Security Project at Harvard University, about how anti-virus software creates a particular vulnerability for adversary nation-states to conduct cyber espionage, and perhaps why geopolitics should guide some in the private sector to follow the U.S. government’s lead in removing Kaspersky’s software from their networks.

The Cipher Brief: Are the security fears involved in Kaspersky anti-virus software exclusive to Kaspersky or are the high-level computer privileges they require common among all antivirus programs?
Michael Sulmeyer:
When we pay for and install anti-virus software, we grant it extraordinary access to our computers and networks. While we expect anti-virus to do what its name implies (protect us), to do so requires us to trust the software and its designers – what they do with the scans of our data can be for good, and sometimes for not-so-good.

The concern about Kaspersky specifically is that with this extraordinary access to so many millions of computers around the world, the Russian security services can see what Kaspersky sees. The result is that customers pay Kaspersky to facilitate the security services eavesdropping on their information.

….

TCB: Will the Kaspersky ban on U.S. federal networks even protect against this kind of security breach considering that it was gleaned from a private computer? Is this more of an insider threat issue?
Sulmeyer:
There are multiple stories within the big story. One is certainly an insider threat problem, which is related to the role that contractors play in our national security establishment. Generally, contractors do not conduct “inherently governmental functions.” We need to re-think the role of contractors as one part of the insider threat problem, given how much access contractors evidently have across the national security establishment to important data.

This should not diminish another part of the story – the impact of sensitive data falling into the wrong hands. If this information fell into the hands of an allied government, it would obviously be a very different story. So the Kaspersky-Russian security service nexus remains a crucial part of this.

Read the full interview: Levi Maxey, “Kaspersky antivirus hack a wake-up call for business,” The Cipher Brief (8 October 2017)