Russian Spies in Every PC? So Says Washington

Written by Channel
May 12, 2017

The impact is potentially damaging — but not unique.

By Larry Walsh

If you use Kaspersky Lab security products, you have a Russian spy in your office.

If you resell Kaspersky Lab security products or deliver them as services, you’re complicit in facilitating Russian spying.

That’s essentially the story line coming out of Washington, D.C., this week as government officials essentially denounced the Kaspersky Lab products as unsafe and, without proof, alleged the Russian software company is complicit with Kremlin foreign intelligence and espionage operations.

In a dramatic scene that Oliver Stone couldn’t have scripted better, Sen. Marco Rubio, during a regularly scheduled session of the U.S. Senate Intelligence Committee, asked the head of five U.S. spy agencies and the newly minted acting FBI director whether they felt comfortable using Kaspersky Lab products. Down the line, all six said no.

In fact, Director of National Intelligence Daniel Coats’ no was “resounding.”

At the same time the hearing was happening at the Capitol, Eugene Kaspersky – head of the company that bears his name – was participating in a Reddit Ask Me Anything session. News of the allegations from Washington crept into the discussion, and he responded in kind.

“I would be very happy to testify in front of the Senate, to participate in the hearings and to answer any questions they would decide to ask me,” Kaspersky said. “I think that due to political reasons, these gentlemen don’t have an option, and are deprived from the opportunity to use the best endpoint security on the market without any real reason or evidence of wrongdoing from our side.”

Same Allegations, Different Year

Before proceeding, full disclosure: The 2112 Group has worked with Kaspersky Lab in the past on channel development and partner enablement.{ad}

Talk of Kaspersky Lab collusion with Russian intelligence agencies is nothing new. Eugene Kaspersky received his security training in the Glavnoje Razvedyvatel’noje Upravlenije (translated: Main Intelligence Agency) — commonly referred to as the GRU. Many of the managers at Kaspersky Lab are former Russian military or have held government positions. And Kaspersky Lab does work with the Russian government on security issues.

It would seem where there’s Russian smoke, there’s Kremlin fire. But this issue deserves a more critical look. My company, 2112, did such an inspection in 2015, the last time allegations circulated against Kaspersky Lab. We polled American and European security software resellers on their perceptions of security vendors’ trustworthiness, and here’s what we found (and the results remain relevant today):

(continued on next page)

{vpipagebreak}

Twenty-eight percent said a security vendor colluding with government intelligence agencies would prompt them to reconsider their partnership; 37 percent said they would likely consider ending their vendor partnership.
Two-thirds of respondents closely monitor reports of security vendors participating in government intelligence operations.
Thirty-nine percent rated security vendor trustworthiness as the most important partnership attribute, second only to product quality.
Nearly three-quarters believe a security vendor would hack a rival company to gain a competitive advantage.

Most significant is the perception of different vendors based on their origins. At the time of the poll, Kaspersky Lab was facing allegations that it hacked rivals to gain a competitive advantage and was cooperating with Russian intelligence. When asked about the impact of such allegations, 46 percent of resellers said the allegations would impact Kaspersky Lab marketability. However, when asked the same question about Symantec, McAfee, and other companies, only 22 percent said similar allegations would impact American vendors negatively.

The study found a distinct bias against Eastern European security vendors. While Kaspersky Lab is in the limelight because it’s the largest and most successful software company to come out of the former Warsaw Pact zone, other vendors in the region, including AVG Technologies (now Avast), BitDefender, and ESET, face similar trust biases.

And this isn’t a new phenomenon. In 2012, the Senate Intelligence Committee released a report labeling China-based IT vendors Huawei and ZTE Technologies as security risks and warned American corporations against using their networking gear. The fear was that Chinese manufacturers would plant back doors in their products to enable snooping by foreign intelligence.

After a 60 Minutes expose on Huawei (see below), 2112 took a poll and found that three-quarters of American resellers said they wouldn’t work with a foreign manufacturer labeled as a national security threat by the U.S. government. At the same time, 60 percent of poll respondents said increased foreign competition was fanning fears of security risks. And 69 percent said they believe foreign competition against domestic brands is good for the market.

{video}

Kaspersky Lab, for one, believes the new allegations are …

{vpipagebreak}

… political and economically motivated amid a climate of suspicion that the Russian government interfered with the U.S. presidential election.

“As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts,” said Kaspersky Lab in a statement. “The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations.”

Something to keep in mind is that the same suspicions of American companies exist on the other side of the fallen Iron Curtain. Russian companies hold the same biases against American companies. Moreover, the Russian government has called for the expansion of its domestic software industry and the displacement of Microsoft Office products out of security and economic concerns. {ad}

Will the new allegations against Kaspersky Lab hurt its business in the United States? If the data from previous 2112 polls is any indicator, the answer is yes. But should that be the end of the story? Definitely not. While the FBI confirms that it’s investigating Kaspersky Lab, it concedes that those probes have found nothing conclusive. Businesses will make decisions based on their technology needs and budget limitations. Likewise, governments will rattle their sabers to bolster their geopolitical interests.

My best advice: Proceed with healthy skepticism and always do what’s in the best interest of your business and customers.

Larry Walsh is CEO and chief analyst of The 2112 Group, a channel research and strategy firm. He’s a member of the Channel Partners editorial advisory board. Follow Larry on Twitter: @lmwalsh2112