The New York Times has reported that Kaspersky Labs, the Russian cybersecurity company that produces software used by hundreds of millions of people, was secretly being used as a surveillance tool by the Kremlin.
Kaspersky, whose software is also used by numerous US government agencies, has long been under the microscope for alleged ties to Moscow allegations that founder Eugene Kaspersky has always denied. Sputnik Radio's Fault Lines with Garland Nixon and Lee Stranahan spoke to Jeffrey Carr, a cybersecurity expert and author of two books on cyberwarfare, about the lab and the allegations.
"My objection for the New York Times and Washington Post and the other mainstream media articles around is that they're simply slandering the company for spying — when there's no evidence that they ever spied," Carr said. "In fact, the evidence suggests that that they were spied on, that their own network was breached by Israeli intelligence, during the time that their antivirus program simply performed as it was supposed to perform — which was identify malware on the laptop of one of its users and determine if they contract it."
"So Kaspersky is the victim. They're not the perpetrator; they're the victim. And yet the New York Times and the Post and others have [slandered] Eugene Kaspersky and his company — which is a company that has actually outperformed most antivirus companies over the years. Their global research team has identified more nation-state-written malware than anyone else, including malware written by the Russian government and other governments."
"This is a company that has just consistently performed well, has elevated the practice of cyber security, and I really hate to see them being victimized because of this political climate that we have to be in."
Carr then discussed CrowdStrike, the cybersecurity company that analyzed the forensic evidence of the 2015 and 2016 leaks of Democratic National Committee information. CrowdStrike claimed that Russian hacking groups Cozy Bear and Fancy Bear, acting on the directions of Moscow, hacked the DNC and released the data to help Donald Trump win the election.
To support their claims, CrowdStrike argued that the same malware used to hack the DNC was also used against the Ukrainian military — but four months later, they republished that particular report, minus the Ukraine hack section, after Kiev stated that the alleged cybercrime never occurred.
The CrowdStrike report was "the worst report ever in the history of bad reports," Carr said bluntly. "There's never been anything like it. They didn't even have a single example of a [Ukrainian] soldier using a device compromised by the malware. They never once spoke with the developer of the malware. The malware sample was corrupted critically, and couldn't be opened by other companies that wanted to double check. Two companies that were able to double check their work found discrepancies, and the entire malware didn't even function the way that it was described by CrowdStrike's vice president of intelligence. I would be embarrassed to walk the street if I were the writer of that report."
So why did CrowdStrike publish such a faulty report, according to Carr? Simple: money. "Journalists who write about a sensational story avoid contacting me, because they're looking for voices that will support the narrative that a particular government is behind an attack. There's no money to be made by the way in being a critic. There's a lot of money to be made when you are propagating a narrative that says ‘this government is responsible for this attack,' especially if that government is on the hot seat inside the Beltway. But to say, ‘no no no,' to be a voice of reason or skepticism, literally hurts your income."
"[Cybersecurity] companies know that when they publish attribution reports that attribute foreign governments, they're going to make money. It's a proven marketing technique. FireEye demonstrated how effective it is when they were blaming China for attacks against a variety of companies and governments and one year they even blamed China for an attack against New York Times. The New York Times gave them incredible coverage, and by that fall, they were acquired for a billion dollars — a company that was worth, at the time I think maybe $150 million got acquired for six or seven times its value."
CrowdStrike is now trying to live up to that coverage, says Carr, and has succeeded in raising their valuation to the nine figure mark. "Even when you're wrong…" Carr started.