President Donald Trump has signed the defense policy cementing the ban on federal systems using the Moscow-based software provider, after ongoing speculation around their connection to Russian authorities. While this move appears to be a rational pre-emptive measure, a short investigation into the details of the case suggests a very different motive.
After month’s of discussion and speculation, Trump has finally officiated the law banning Kaspersky Lab from being used anywhere in the government. Those in tune with global cybersecurity news will have already heard the ongoing saga between the antivirus provider and the US administration.
Kaspersky Lab, whose headquarters are located in Russia, has faced a stream of controversy surrounding their potential alliance with the country’s government. While it’s highly doubtable that any suspicious activity has occurred in the firm, the timing of this bill only raises further questions.
On the surface, the rapid law change is a diligent response to a security threat. However, it’s difficult to overlook that the President’s vocal campaign against Kaspersky was instigated by the media frenzy last July – which, at that time, was lacking any credible evidence.
Is this recent move the black-and-white response it appears, or is it part of the broader picture regarding the already-scrutinized Trump-Russia relationship?
The ‘Russia’ Question
A large part of Trump’s election campaign surrounded his promises to restore relations with Russia. His consistent praise of Vladimir Putin was widely noted, to the extent that when allegations surfaced of Russian influence in the election, serious investigations began instantly.
Throughout the inquiry process by Special Council Robert Mueller, many red flags have only increased suspicion. Trump’s former national security advisor, Michael Flynn, recently pleaded guilty to lying to the FBI about a meeting with a Russian representative. Campaign advisor, George Papadopoulos, was also convicted under similar charges. While neither of these cases explicitly unveiled conspiracy between the Trump administration and Russia, it has done little to quell doubts over the issue.
It seems Trump’s presidency cannot escape accusations of affiliation with one of the USA’s most notorious rivals. However, this recent move tells a very different story. The speed and virility with which Trump banned Kaspersky software from all government departments suggest a significant change of heart.
The Initial Accusation
For years there has been speculation about Kaspersky’s involvement in Russian espionage, due to its unfortunate Moscow-based location and the intrusive nature of the software. However, these claims have continuously lacked substance.
In July 2017, Bloomberg caused a media storm when it produced details of Kaspersky involvement in the theft of classified NSA data for the Russian authorities. Soon, every major newspaper was searching for specifics and documenting the political response to the accusations. However, still, no real evidence surfaced.
Later that year, it was disclosed that Israel had alerted the US to a threat after uncovering NSA hacking tools in the computers of the antivirus headquarters, during their own spy campaign.
One by one, the articles began to corroborate some of the facts:
- In 2014, an NSA contractor decided to move data for a sophisticated hacking tool onto his home computer.
- The Kaspersky software flagged an issue within this data.
- It was then somehow found its way back to the Moscow headquarters.
However, this is where the facts get blurry. Kaspersky claims that an existing virus from a trojanized Windows keygen created a backdoor that could have been exploited by third parties. The data was only transferred as a record of flagging the threat and was encrypted, and therefore not accessible by the Russian government.
Other undisclosed sources suggest this is not the case. Alternative narratives included:
- The Kaspersky threat-flag alerted third-party Russian hackers to the vulnerability in classified docs.
- The Russian government paid the company to include a back door.
- Russian intelligence was monitoring the malware-tracking pipeline, potentially without the consent of Eugene Kaspersky.
While the details of the incident remained unclear, the backlash was immediate and intentional.
Internal Pressure & Commercial Repercussions
Following the media frenzy, the Trump administration moved quickly. They stopped the use of Kaspersky products where possible and suggested that a government-wide ban was on the cards. In the same month, the Pentagon recommended ceasing the use of the software by 2018. Shortly after, the commercial retailer, Best Buy, wiped Kaspersky products from the shelves.
By October, Both the U.S. Department of Homeland Security and the General Services Administration (GSA) also moved to shut down the service. Although these decisions were made independently of the President, it is worth noting that the GSA chief was chosen personally by Trump and has already been accused of leniency towards the head of state’s missteps.
In a matter of months, a company once integral to the security of the US government has been blacklisted completely – an admiral effort, if Kaspersky is guilty.
The Future of Kaspersky
In the face of all the rising accusations, CEO, Eugene Kaspersky has outright rejected every claim, stating they were nothing more than “unground speculation and all sorts of other made-up things.” He also firmly denied any involvement with any national government, treating the allegations with seeming transparency and even offering the source code to the US.
Unfortunately, as antivirus programs often mimic rootkits, they could easily hide intentional backdoors within the software. Similarly, It’s easy to deny complicity but, without proof, they are just empty words.
However, the credibility of the company itself and its long-time service to global cybersecurity raises legitimate queries about the likelihood of known-involvement in political espionage. Alongside tracking and identifying major malware threats in the world and working closely with international police, Kaspersky has also exposed hacking plots from several governments. Israel, the US, and Russia have all been victim to the cybersecurity company’s revelations.
However, this longstanding reputation within the cyber community did nothing to slow US government action. Although Kaspersky’s time in the states may be coming to an end – at least temporarily – it will likely survive on the international stage, as its contributions thus far have been invaluable.
Pre-Emptive Measures or Tactical Strategy?
It was White House Officials that decided the Kaspersky back door was installed with the permission of the company. However, so far no evidence has backed this up. It could be that proof exists, which the media don’t have, but then opens up another question:
If the Trump administration knew about the threat before the media leak, why were preventative steps only taken after it became public knowledge?
When the hack was first flagged by Israel, why did the government not take immediate action? At the end of the day, we’re all spying on each other. Every developed country now has a cyber-espionage program. This specific attempt to close a cyber-door to hackers is just one of countless happening all the time.
Certainly, the media frenzy surrounding the incident is mostly responsible for its notoriety. However, was the fast and public response from the Trump administration an admirable call-to-arms or a cunning stunt to push a separate agenda?
Trump has lavishly praised Russia in the past, even when this resulted in mounting accusations to his collusion with the country. Loudly quashing a security threat from one of America’s most infamous rivals is unarguably a crafty move to distance himself from the controversy. The only thing left to determine is whether he’s doing so at the expense of one of the world’s most trusted cybersecurity labs.
As it stands, it’s currently impossible to know whether Kaspersky has been caught in the crossfires of a broader political issue or if this seemingly accidental breach was part of a greater Russian hacking scheme.