The campaign to discredit Kaspersky Lab dates back to 2010, when the Russian-based cybersecurity firm uncovered the origin of the Stuxnet malicious computer worm which ruined Iran's nuclear centrifuges, experts in the field told RT.
Kaspersky Lab, founded in Moscow in 1997, has been a world leader in cybersecurity for decades, taking pride in working outside of any government’s sphere of influence. US intelligence agencies, however, seem to consider the Russian firm a competitive challenge, cybersecurity experts say.
“Kaspersky is highly reputable. It has been operating for a couple of decades. It has 400 million users around the world, including until very recently the American government,” former MI5 analyst Annie Machon said. “So of course if they are doing it, other countries are going to do it to a competitor corporation around the world too. Obviously, the CIA would be interested in a very successful Russian-based company that offers protection on the internet.”
“Kaspersky [has] one of the most successful security teams worldwide. Don’t forget that Kaspersky was the security firm that first of all discovered the NSA-linked group of activities involved in cyber espionage activities worldwide,” Pierluigi Paganini, head of cybersecurity at Grant Thornton Consultants, told RT.
“Kaspersky has been a very reputable company. And so what this is, quite frankly, an old Russian term 'kompromat' [compromising material], where you impersonate, as they see it, the enemy... Using [a] particular 'Hive' program,” London-based intelligence analyst Glenmore Trenear-Harvey said.
The Russian company became one of the targets amidst the ongoing anti-Russian hysteria in the US, which centers on the unproven allegations of Russian meddling in the 2016 US presidential elections. In September, the US Department of Homeland Security (DHS) ordered all government agencies to stop using Kaspersky products and to remove it from computers, citing “security risks.”
And while Kaspersky Lab is actively cooperating with the US authorities, on Thursday, WikiLeaks published a source code for the CIA hacking tool ‘Hive', which was used by US intelligence agencies to imitate the Kaspersky Lab code and leave behind false digital fingerprints. Exposing the CIA’s impersonation of Kaspersky Lab is just a part of WikiLeaks’ Vault 7 and 8 revelations which shed light on the CIA’s electronic surveillance methods and cyberwarfare tools.
WikiLeaks latest disclosure features real documents, former CIA analyst Ray McGovern told RT, describing it as “original, pristine and pure documents.” The CIA hacking tool 'Hive', first exposed by Wikileaks in March, “enables the CIA to hack into computer, or network and ‘obfuscate’ is the word in CIA document… To conceal who hacked in and then leave traces like in Cyrillic [alphabet], or the name of the first head of the Soviet secret police... Just to show that it might be the Russians,” McGovern, who has decades of experience in the CIA, said.
“What is important in this specific story is the complexity, the effort spent by the US intelligence to make hard the attribution. Kaspersky is the actual victim of these activities. There is a government agency - the CIA - that conducted cyber espionage activities to also use false flag in its operation in order to make harder the attribution,” Paganini explained.
“The evidence, such as it is, suggests to me - an intelligence analyst connecting dots - that Kaspersky might not even know that it was the CIA that has put in the damaging information which indicated that, supposedly, Kaspersky was doing something untoward,” McGovern told RT.
Kaspersky Lab remains one of the few companies in the world that can expose the CIA’s scheming, and that is why the Russian company is facing so much backlash, Machon believes.
“We have Kaspersky saying 'We can do this. We can prove some of these hacks are not Russian, they are American,’ when it comes to the presidential elections. And so they needed to discredit them, and I think that this new application of a virus at state level, a very aggressive virus that would discredit a very proven brand around the world - it’s exactly what the Americans would want and the Israelis also would want,” the former MI5 operative pointed out.
The campaign against the Russian cybersecurity firm goes back to 2010, when Kaspersky Lab revealed the origin of the Stuxnet virus, Machon told RT. Back then, Kaspersky Labs stated that “this type of attack could only be conducted with nation-state support and backing.” Nobody officially claimed responsibility for the creation of the complex cyber weapon that targeted industrial control systems, used in infrastructure facilities, to affect their automated processes. However, it is widely believed that US and Israeli intelligence agencies were behind Stuxnet, which reportedly ruined almost one-fifth of Iran’s nuclear centrifuges used to develop civilian atomic power.
“Stuxnet was deployed against the centrifuges that enriched the uranium and nobody knew where it came from. It seemed to be very weaponized at the state level. And it was actually Kaspersky that unveiled who had developed it. And it was American and the Israeli intelligence agencies,” Machon told RT. “So ever since then, it has sort of been daggers drawn between these two competing sides [Kaspersky v CIA]. Kaspersky has been very much in the crosshairs of both American and Israeli intelligence agencies.”