Our new cybertechnology–all linked, interconnected, and hackable–including now the “internet of things”–opens up whole new vistas for espionage. The government is requiring that a popular anti-virus and security software program be deleted from agency computers, out of fear that its Russian maker is connected to the successor to the KGB. And Congress is considering a bill designed to require security measures for the “internet of things,” lest government refrigerators and coffee-makers get hacked.
The ban on Kaspersky cybersecurity software for government computers is the result of an FBI investigation, which has found that the company has close ties with Russian intelligence. Even if there is not active collusion–which the FBI apparently suspects– a Russian law allows the state to commandeer companies in the service of national security.
Kaspersky software is a respected product also used widely by American consumers. The company denies all of the charges.
But Bloomberg Businessweek journalists Jordan Robertson and Michael Riley report having seen e-mail correspondence from the head of the company Eugene Kaspersky about “a big request on the Lubyanka side” (referring to the headquarters of Russian intelligence). He writes,
“The project includes both technology to protect against attacks (filters) as well as interaction with the hosters (‘spreading’ of sacrifice) and active countermeasures (about which, we keep quiet) and so on.”
“Active countermeasures,” according to the reporters, refers to the capability of “hacking the hackers,” tapping into their computers, identifying them and learning their location so that they can be apprehended.
This sounds like a good tool against hackers of every variety. I see nothing wrong with a Russian security firm taking a contract from a Russian intelligence agency. Yes, this capability could wreak havoc with American attempts at cyber-espionage and counter-espionage. But this is a security firm. Protecting from hackers is what security firms are all about, whatever the hackers’ origins. The CIA would do well to buy the same product, if it could. If not, maybe we would have a problem. And the real issue is whether Kaspersky is doing other favors for Lubyanka, such as building in portals for eavesdropping on U.S. government computers.In related news, Sen. Cory Gardner (R-Colorado) has introduced legislation requiring that any internet-connected device purchased by the federal government must meet certain security standards. “Things like firewalling off information, requiring patchable and securable devices, making sure that you don’t have a hardcoded password from a factory that someone can have access to.”
This would include appliances such as refrigerators and coffeemakers that are designed to be controlled via the internet. “The federal government orders billions of dollars worth of Internet of Things devices each and every year,” says Sen. Gardner. “These are things that can be hacked into. You can try to control systems, instruments with them. You can certainly read what people are doing and maybe even eavesdrop on a conversation people are having.”
This is not paranoia. The news report on the subject, Is Your Refrigerator A National Security Risk? from CBS Denver, says that webcams and baby monitors were hacked into in last year’s cyberattack that took down Twitter, Paypal, and other major sites.
I can’t decide if people in the federal government have been reading too many spy novels–as in the James Bond stories that feature the ingenious technological genius Q–or not nearly enough. (Would M have bought anti-spyware from the Russians?)
Photo: Desmond Llewelyn as “Q” by Towpilot (Own work) [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0/)], via Wikimedia Commons