Did Kaspersky step in dog-doo?

On 11 May 2017, Senator Marco Rubio (R-FL) sure made it appear as if Russian multinational cybersecurity company, Kaspersky Labs, had a stench attached to it.

During the Senate Select Committee on Intelligence (SSCI) session on World Wide Threat Assessment, when Rubio pointedly asked the senior most members of the intelligence community, including DNI Coats, DCI Pompeo and DRINSA Rogers, “Would any one of you be comfortable with Kaspersky Lab’s software on your computers?” To a man, all replied that they would opt not to have Kaspersky Lab’s software on their computers. 

Thus with one question, Senator Rubio confirmed, what has long been suspected, that the US intelligence and law enforcement community was investigating the ties between Kaspersky Labs and Russian Intelligence. Indeed, DIRNSA Rogers affirmed that he was “personally involved” and DIA Director Stewart, “We are tracking Kaspersky”. In the public session, no further information was revealed, and thus we are forced to speculate the impetus for the investigation.

Russian Election Meddling – it’s so obvious, but there’s more.

The members of the US intelligence community confirmed, this day, that evidence exists of Russian meddling in not only the US elections, but also the French elections of last week. The meddling involved cyber attacks, and data theft, with the information being shared via a third party to the rest of the world. 

Election meddling and Kaspersky Labs? Eugene Kaspersky denies (regularly) any ties between his company and the Russian intelligence community, beyond the standard vendor relationship. Kaspersky also regularly hires talented individuals from within the Russian intelligence community (such is not damning, I carry the label of “former CIA officer,” yet have no relationship with my employer of 30+ years).

Yet if we dig deeper into various cyber attacks, large scale harvesting and publication of harvested materials, in the Ukraine, US and elsewhere, we then begin to see the connection.

Moscow Arrests

In December 2016-January 2017, according to Russian language media outlet Kommersant, there was upheaval within the Russian Federal Security Service of the Russian Federation (FSB; Russian: Федеральная служба безопасности Российской Федерации (ФСБ)) Information Security Centre (CDC) – their cybersecurity team had imploded. (Background: The CDC oversees all of the Russian efforts against cybercrime in Russia, to include monitoring of social networks, theft of credit and financial information and personal data theft/leakage.)

Senior members of the FSB CDC were arrested and charged with treason/espionage. It is reported the deputy head of the CDC, Sergey Mikhailov was in a staff meeting and was bagged by security officers (a bag was placed over his head). He and others were then hauled down to FSB Headquarters (aka Lybyanka) for initial interrogation and then settled into the infamous Lefortovo prison. 

While many in Russia found themselves with mouths agape at the FSB arrests, imagine Kaspersky Labs surprise when they began fielding calls as to why their senior manager, Ruslan Soyanov was also arrested.

Kaspersky Labs went into damage control. As reported in The Guardian. Kaspersky Labs acknowledged Soyanov as an employee and assuring all who would listen that his arrest had nothing to do with Kaspersky Labs. Stoyano, prior to working at Kaspersky, had held the rank of Major within the special technical activities group of the Moscow Police. 

Where is the connection to the US?

The US connect occurs with the second batch of FSB arrests from within the FSB’s CDC. Russian language media outlet, RBC identified Dmitry Dokuchaev, as a Major within the FSB and deputy to Mikhailov. They charged Dokuchaev with espionage.

The name Dokuchaev may ring a bell to US readers. The US Department of Justice announced the indictment of Dokuchaev in February 2017, also on charges of espionage. Interestingly the dates of espionage activity charged by the Russian FSB and the US DOJ coincide. Both are through December 2016. Dokuchaev clearly had his fingers in many pots.

Thus, whether Kaspersky Labs leadership was witting or not is irrelevant, their employee Stoyano’s collusion with Dokuchaev and Mikhailov was the equivalent of walking Kaspersky Labs through the field and having it step in a pile of dog-doo.

This is why Kaspersky Labs is the target of the US intelligence community review.  

Thus Stoyano may have undone years of Eugene Kaspersky’s careful choreography of the relationship between Kaspersky Labs and the Russian intelligence community.