Why did FBI agents fan out across the country to interview Kaspersky Lab employees away from their offices? NBC News doesn’t quite answer the question, but implies that the answer might be the special-counsel probe into Russian interference in the previous election. However, there may be other answers:
FBI agents on Tuesday paid visits to at least a dozen employees of Kaspersky Lab, a Russia-based cyber-security company, asking questions about that company’s operations as part of a counter-intelligence inquiry, multiple sources familiar with the matter told NBC News.
In a classic FBI investigative tactic, agents visited the homes of the employees at the end of the work day at multiple locations on both the east and west coasts, the sources said.
There is no indication at this time that the inquiry is part of Special Counsel Robert Mueller’s investigation into Russian election meddling and possible collusion. Kaspersky has long been of interest to the U.S. government. Its cyber-security software is widely used in the United States, and its billionaire owner, Eugene Kaspersky, has close ties to some Russian intelligence figures, according to U.S. officials. He graduated in 1987 from the Soviet KGB-backed Institute of Cryptography, Telecommunications, and Computer Science.
That in itself might not be terribly remarkable. People who work in the anti-virus software and services sector would need that kind of background in order to keep up with constantly evolving and emerging threats. While there may be independent sources of education on cryptography and counter-intrusion, governments would look for the best and brightest to bring into their own organizations, and any entrepreneurs among them would want to market those talents as much as possible — preferably legally.
Of course, that’s the question — but there’s no evidence in the NBC report that Kaspersky Labs had any connection to the DNC, where the Russian intrusions found their greatest success. In fact, a Kaspersky analyst offered commentary on the hack in an undated post at Information Security Buzz, briefly outlining the extent of the hack and offering advice on how to best guard against them — which certainly implies that Kaspersky Lab didn’t have the DNC as a client. Nor does it appear that Kaspersky had anything to do with the Center for American Progress, where John Podesta was victimized by hackers of alleged Russian origin. NBC notes that Kaspersky Labs did have a connection to Michael Flynn, but that was for a paid consultancy that would hardly require the kind of coordinated interrogation operation that NBC describes in its report. NBC’s sources told them that this was unrelated to Flynn anyway.
Does Kaspersky have connections to the Putin government, though? What makes this even more curious is that the Russian government recently charged a Kaspersky analyst with treason. Russian prosecutors charged Ruslan Stoyanov with assisting the US by passing along sensitive information. His crime might have been helping to crack down on Russian hackers:
Stoyanov was arrested along with a senior Russian FSB intelligence officer, Sergei Mikhailov, according to Kommersant. Mikhailov, who also faces treason charges, was the deputy head of the information security department of the FSB, Russia’s national security service.
Investigators are examining money that Stoyanov allegedly received from foreign companies or entities, according to Kommersant. A source told the paper that the case has been filed under article 275 of Russia’s criminal code, which allows the government to prosecute an individual suspected of aiding a foreign state or organization.
“Stoyanov was involved in every big arrest of cybercriminals in Russia in past years,” a source familiar with Stoyanov’s past work told Forbes. …
Andrei Soldatov, however, who has studied the internet and Russian security services for more than a decade, called the arrest of the Kaspersky manager “unprecedented.”
“It destroys a system that has been 20 years in the making, the system of relations between intelligence agencies and companies like Kaspersky,” Soldatov told The Associated Press. “Intelligence agencies used to ask for Kaspersky’s advice, and this is how informal ties were built. This romance is clearly over.”
Kaspersky Labs told the AP that his arrest related to work done prior to Stoyanov’s employment in 2012, and Fortune reported on the details in February:
Treason charges brought in December against two Russian state security officers and a cyber-security expert in Moscow relate to allegations made by a Russian businessman seven years ago, according to the businessman and a source connected with the investigation.
They said the arrests concern allegations that the suspects passed secrets to U.S. firm Verisign (VRSN, +0.18%) and other unidentified American companies, which in turn shared them with U.S. intelligence agencies. …
The source connected to the investigation said the arrests were a result of accusations first made in 2010 by Pavel Vrublevsky, a Russian businessman and founder of ChronoPay, an online payments company. Vrublevsky told Reuters he had also learned that the arrests were a response to his allegations: that Stoyanov and Mikhailov had passed secrets on to American firms.
If Kaspersky had ties to Putin’s regime, it seems unlikely that they would have hired Stoyanov in the first place, given the allegations already aired by 2012. One could speculate the opposite, though, and hypothesize that Stoyanov’s arrest put pressure on Kaspersky Lab to toe the Putin line. That came well after the 2016 election, however.
Perhaps this has nothing to do with the Russian probe at all. In the past few weeks, the global community has been rocked by two ransomware attacks of unknown origin, and that falls into the FBI’s jurisdiction when it comes to US-based firms. This operation might have something to do with that, or perhaps something else entirely of which we know little. Even if the DNC and CAP didn’t use Kaspersky, NBC notes that it has a decent market share in some interesting corners of the US economy:
Kaspersky sells cyber-security software to businesses and the government in the U.S., although intelligence officials have warned for years that the company has ties to Russia. Kaspersky Labs has sought to raise its American profile with corporate sponsorships, including of National Public Radio.
“I wouldn’t put their stuff on my computer if you paid me,” said a former senior U.S. intelligence official.
Whatever is happening, it’s bound to be intriguing … in all possible senses of the word.