Michael Flynn and Antivirus Software

The issue of Michael Flynn, Donald Trump’s former national security advisor, and his Russian connections are still making the news cycles. The issue involves allegations of Russian influence over the 2016 United States national elections. There is much conjecture and little facts involving the various allegations, yet there is another dimension that has not received much attention – antivirus software. The obvious question is, what does antivirus software have to do with Michael Flynn?

The national debate centers around the Russian government hacking computer systems to influence the presidential elections. Who did it, or whether this was condoned by the Russian government is still up for debate. The United States government, through its various security services, has conclusively accused the Russian government of hacking the Democratic National Committee (DNC) computer systems.

Most computer users are familiar with antivirus software on their computers. The software is supposed to thwart attempts at installing rogue software on their computers. Rogue software, or malware, is software that facilitates the hacking of the computer and its files. Through malware, a hacker is allowed into a computer system to steal files or to use the computer to hack into servers or other computers. Thus, antivirus software is the first line of defense for computer users.

AV-Comparatives GmbH, an Austrian organization that tests security software published a security survey on February 2016 listing the market share for various antivirus software. According to the survey, Kaspersky Lab antimalware software is the number one used software in Asia, Europe and South/Central America. In North America, Kaspersky Lab antivirus software is number three, after Bitdefender and ESET. [4]

Also, PC Magazine ranked the top ten antivirus software earlier this month. It ranked McAfee, Webroot, Bitdefender, Norton by Symantec and Kaspersky as the top five antivirus software. [2] McAfee, Norton and Webroot are California-based companies. Bitdefender is a Romanian company and Kaspersy is based in Russia. [1] Kaspersky was founded in 1997 in Moscow and continues to keep its headquarters there, although most users may not realize this.

Kaspersky Lab has actively been seeking to sell its security software to agencies of the United States. To do so, the company has attempted to distance itself from its Russian heritage. It’s website (last accessed on May 9, 2016) does not mention its Russian-connection on its English version. Instead the company states on its about page that it was “founded in 2004,” as “Kaspersky Lab North America” and “is a Massachusetts corporation” that “is a wholly-owned subsidiary of its holding company, Kaspersky Labs Limited, based in the United Kingdom.”

As you can see, the Russian connection is ignored.

The Spanish version of the website, targeted for Latin American customers, also does not mention its Russian connections. It only mentions its holding registration in England. Likewise, the French version of the site, targeted at France and Switzerland, also neglects to mention Russia as its headquarters. This version also focuses on its British connection.

Kaspersky Lab clearly understands that its Russian lineage is detrimental to its market share. Additionally, Kaspersky has publicly stated that it has been blacklisted by U.S. government agencies thus making it difficult for the company to sell to U.S. government agencies.

KGSS, a privately held company founded in 2014, seeks to empower “the U.S. government to protect our nation’s critical assets and sensitive data from cyber threats by providing previously unattainable geographically unique data and threat intelligence”, according to its LinkedIn profile. The company states that its headquarters are in Arlington, Virginia both on LinkedIn and on its website.

Security Forum in 2015

On October 20, 2015, the Government Cybersecurity Forum was held in Washington D.C. The forum, ostensibly, was created three years before as a “result of the complexity of today’s global threat environment.” The forum materials for 2015, urged computer professionals to attend the free, including breakfast and lunch, event so that they could “join leading government, military, technology and policy experts” to solve the “urgent issue facing the government and industry in securing infrastructure.” [3]

The forum organizers provided a downloadable “justification letter” for attendees to use for requesting permission from their respective organizations. Attendees were offered continuing education credits for attending the free session.

Michael Flynn was one of the four featured speakers for the seminar.

According to the seminar’s information packets, KGSS was the organization that was presenting the event. KGSS is Kaspersky Government Security Solutions, Inc. It was formed to “compete for lucrative cybersecurity contracts with U.S. government agencies.” [5] KGSS, according to its website, is the “exclusive channel for Kaspersky Lab.” It uses it for offering security software solutions to the United States government. [3] On June 3, 2015, Bravatek, formerly Ecrypt Technologies, Inc. and based in Austin, Texas, announced via a press release that it had reached an agreement with KGSS to be the sole provider of Kaspersky software to “multiple United States federal government agencies via Ecrypt’s Marketing Alliance Program (MAP).”

Kaspersky and the DNC Hack Connections

Kaspersky Lab opined publicly that it doubted that the Russians were behind the DNC hack when the news of the Russian involvement first broke.

An NPR show about the allegations of Russian hacking into the DNC computers on January 4, 2017 referred to Kaspersky’s doubts that the Russians were behind the DNC hack. The moderator of the show, David Greene, concluded the show by stating “we should also note here that Kaspersky Lab, whose doubts about the hack that we cited, has its headquarters in Moscow.” [7] NPR is partially funded by Kaspersky Lab.

In December of 2016, Ruslan Stoyanov, the head of computer incidents investigations unit for Kaspersky Lab was arrested by Russian authorities. Stoyanov was arrested on charges of aiding a foreign government or organization under Russia’s article 275 of its criminal code. Kaspersky Lab subsequently issued a statement about the arrest, stating that the arrest was not related to Kaspersky. [8]

On January 27, 2017, The New York Times published an article about the linkages between recently arrested Russian officials and the election hacking allegations. Per The New York Times, “human sources in Russia did play a crucial role in proving who was responsible” for hacking the DNC and John Podesta computers. Russia was alleged to be behind the hacking. The paper added, “A prominent Russian criminal defense lawyer on Friday confirmed that the authorities in Moscow were prosecuting at least one computer security expert for treason.” [9]

Of the individuals arrested for espionage in Russia, that are related to the election hacking, only one, Ruslan Stoyanov, works in the computer industry.

Kaspersky Lab Defends Itself

Kaspersky Lab has consistently argued that it is not connected to the Russian government as more news outlets mention the Russian company in articles related to Russian hacking. In his official blog, Eugene Kaspersky, the founder of Kaspersky Lab, posted a blog post lamenting a Bloomberg report about his company. In the post, Kaspersky acknowledged that he “studied mathematics at a school sponsored by they [sic] Ministry of Atomic Energy, the Ministry of Defense, the Soviet Space Agency and the KGB.” Kaspersky ads, “After graduating, I worked for the Ministry of Defense as a software engineer for several years.” Kaspersky emphatically write that he has “NEVER worked for the KGB.” (emphasis his) [10]

Although Kaspersky Lab has frequently complained about not receiving any U.S. federal contracts due to its Russian lineage, according to a BuzzFeed News report, the security software company sold its products to the National Institutes of Health in 2008. Per the news report, “by 2014, the company’s products were being used by the Department of Justice, the Treasury Department, and several offices within the State Department, including US embassies.” [11]

But the problem runs deeper than that. Kaspersky not only peddles its services as a threat investigator and security software vendor, but it also imbeds its software into other products, including U.S. based ones. The BuzzFeed article quotes a GSA official as stating that Kaspersky software could be “engrained across almost 3,500 different products.” [11]

Kaspersky routinely denies any connection to Russian intelligence agencies and argues that it does not collaborate with them. However, the fact remains that Kaspersky is a Russian company operating out of Russia who has taken great pains to distance itself from its Russian lineage.

Could a company be coerced into providing access to a government agency? Would they willingly provide access as a good corporate citizen to its government?

Security companies base their business on their reputations. Because a security company holds the keys to providing access to secure systems, they must prove to the consumers that they can be reliable partners to them.

For example, Norton, which is a product of Symantec, a U.S.-based company headquartered in California was accused of willing to provide a backdoor access to the FBI through its antivirus software. The Norton Antivirus product would theoretically whitelist the FBI’s investigative tool, Magic Lantern, allowing the FBI tool to be superstitiously installed on a user’s computer without alerting them. This was according to Eric Chien, chief researcher at Symantec, parent company of Norton. [12] The FBI tool, now named Computer and Internet Protocol Address Verifier (CIPAV), is a keylogger that collects and transmits the keys typed by the computer’s users. [13]

Back To Michael Flynn

According to the KGSS website, Michael Flynn was a featured speaker at the 2015 Government Cybersecurity Forum. On March 31, 2017, Michael Flynn filed an amended United States Office of Government Ethics financial report. Flynn had not previously listed payments from Russian companies in his original report. In the amended report, Flynn listed Kaspersky Government Security Solutions, Inc. as having paid him over $5,000 for a speaking engagement for an event in the United States.

In March of 2016, Elijah E. Cummings, a ranking member of the House Oversight and Government Reform Committee release documents detailing payments received by Flynn. In the disclosure, Michael Flynn is listed as having received $11,250 from Kaspersky Government Security Solutions, Inc. on October 20, 2015 for an activity booked on July 29, 2015.

Besides the various controversies surrounding Flynn and his activities with the Russians, it is important to consider his activities with Kaspersky Lab, a computer security provider looking to do business with the United States government. Kaspersky, a Russian company, wants to provide software, and according to some reports has already provided software, to U.S. government agencies. Its software could theoretically allow access to the computer systems it ostensibly protects.

On the surface the motivations for Kaspersky and Flynn seem purely financial. Yet, the question remains open, would the Russian security services demand a backdoor access or do they already have it?

Sources:
1. Company headquarters and company information from their respective websites.
2. Rubenking, Niel J.; “The Best Antivirus Protection of 2017”; PC Magazine, April 11, 2017
3. KGSS.solutions website accessed on May 6, 2017.
4. Security Survey 2016; AV-Comparatives, February 15, 2016
5. Westervelt, Robert; “Kaspersky Lab Set To Launch Federal Subsidiary To Go After U.S. Government IT Security Contracts”; CRN, June 20, 2014
6. Ecrypt Technologies, Inc. press release issued on June 3, 2015.
7. Cybersecurity Expert Is Convinced Russia Was Behind DNC Hacking; NPR, Morning Edition, January 4, 2017
8. Bertrand, Natasha; “A top hacker-hunter at Russia’s largest cybersecurity firm has been arrested on charges of treason”; Business Insider, January 25, 2017
9. Shane, Scott and Kramer, Andrew E.; “Russian Charged With Treason Worked in Office Linked to Election Hacking”; The New York Times, January 27, 2017
10. Kaspersky, Eugene; “A practical guide to making up a sensation.”; personal website at eugene.kaspersky.com, posted on April 20, 2015, accessed on May 9, 2017
11. Watkins, Ali and Frenkel, Sheera; “US Officials Are Warning About A Russian Cybersecurity Company’s US Government Ties”; BuzzFeedNews, May 8, 2017
12. Leyden, John; “AV vendors split over FBI Trojan snoops”; The Register, November 27, 2001
13. ACLU Memorandum to Members of the Advisory Committee on Criminal Rules, October 31, 2014, re: Second ACLU Comment on the Proposed Amendment to Rule 41 Concerning ‘Remote Access’ Searches of Electronic Storage Media

Note: although the FBI capability was first revealed in 2001, it wasn’t until 2007 that the FBI capability was confirmed via a court filing. See source 13 for more details.

Advertisements