Russian cyber products face increasing rejection abroad

Below: Russia is using deepfakes to try to discredit Ukrainian President Volodymyr Zelensky, and the Justice Department arrested five alleged Chinese spies. 

Now Germany is also backing away from Russian cybersecurity products

The growing fissure between Russia and the West over the invasion of Ukraine may spell the end for Russian cybersecurity products abroad. 

Germany’s Federal Office for Information Security (BSI) sounded an alarm to German companies this week, warning that using anti-virus from the Russian firm Kaspersky Lab could make them more vulnerable to Kremlin hacking and urging them to transition to different products. 

• The move belatedly brought Germany in closer line with the United States and the United Kingdom, which began issuing similar warnings back in 2017 and banned Kaspersky from some or all of their government computer systems. The Dutch government moved to phase out Kaspersky products in 2018.

The move comes amid a broader fracturing of the global Internet in which the United States and other Western nations are increasingly skeptical of Chinese and Russian products, warning that they could be conduits for hacking and surveillance. 

European officials have generally been less gung-ho about that separation than their U.S. counterparts — perhaps partly due to European nations’ dependence on Russian energy and heavy reliance on the Chinese telecom Huawei. But that seems to be shifting with the invasion of Ukraine. 

The move also comes as many Western tech and cybersecurity companies are withdrawing from Russia — partly as a result of sanctions and for fear of being used in digital attacks against Ukraine — and as the Kremlin is cracking down on other companies as part of a harshening censorship regime. 

“We’re seeing across the board an acceleration of the trend toward fragmentation,” Glenn Gerstell, former general counsel of the National Security Agency, told me. “For years, the whole picture of the Internet was about globalization and everyone enjoying the World Wide Web. Now, we’re seeing a trend swinging in the other direction. … That’s only going to continue and accelerate.”

The BSI statement did not accuse Kaspersky of being complicit in Kremlin hacking. 

It warned, however, that Germany and other NATO nations are at heightened risk of cyberattacks because of the invasion of Ukraine. Anti-virus software also has broad access to a computer’s operations and could be a particularly damaging route for cyberattacks, the office warned. 

Kaspersky has consistently denied any connection with Kremlin hacking. 

• The company said in a statement that the BSI warning is “not based on a technical assessment of Kaspersky products — that we continuously advocated for with the BSI and across Europe — but instead is being made on political grounds.”
• The company’s founder Eugene Kaspersky said in an open letter that the BSI’s “claims are speculations not supported by any objective evidence nor offering technical details.”
• A 2019 report by the European Union Parliament found no hard evidence Kaspersky products had been used for hacking.
• Kaspersky has among the largest international presences of any Russian company. Almost 80 percent of its operations are international and the company operates in 200 countries, a spokesperson told me. The spokesperson did not provide information about Kaspersky’s footprint in Germany specifically. Kaspersky previously participated in a cybersecurity alliance initiated by BIS. 

There are several possible rationales for Germany’s new tough line on Kaspersky. Here are a few:

• Germany has already effectively fractured its relationship with Russia by imposing harsh sanctions in the weeks since the invasion. So merely warning about the dangers of an anti-virus product seems minor by comparison.
• The risk of Russian cyber retaliation against Germany has grown with the imposition of sanctions, so Germany’s interest in taking greater precautions with Russian anti-virus grew as well.
• The likelihood of the Kremlin forcing Kaspersky to assist in spying or hacking — and thus risking the global reputation of a powerful Russian company — is higher now that Russia is in a war in Ukraine and relations between Russia and the West have deteriorated to their lowest point since the Cold War.

Kaspersky has taken pains in the past to push back on claims it’s too close to the Kremlin, including moving data processing for many clients to Switzerland and opening up transparency centers where it invites government cyber officials to review its source code for any Kremlin manipulation or back doors. 

Those moves have done little to soften the U.S. position — which is essentially that the Kremlin could compel Kaspersky to do its bidding where spying and hacking are concerned, so any safeguards are irrelevant. 

Germany’s move also represents a victory for that U.S. tough line — which officials have taken not just against Kaspersky but also with Chinese tech firms including the telecom giant Huawei. U.S. officials crisscrossed the globe urging allies to block Huawei from building their next-generation 5G telecommunications networks — and had a fair amount of success. 

U.S. officials had no smoking gun evidence that Huawei or Kaspersky were assisting government hacking or spying. But they argued that as long as the companies could be compelled to hack or spy by the autocratic Chinese and Russian governments, the risk wasn’t worth it. 

Russia uses ‘deepfake’ video to try to discredit Ukraine’s resistance

The fake video appeared on the hacked Internet stream of the Ukrainian television station Ukraine24 and purported to show Ukrainian President Volodymyr Zelensky surrendering, Joseph Menn reports. 

Zelensky responded with a genuine video, telling people he would only call for Russian soldiers to lay down their arms.

Facebook also removed a “deepfake” video featuring Zelensky earlier in the day, Meta head of security policy Nathaniel Gleicher said:

Justice Department charges five alleged Chinese spies

The five people charged are accused of helping China’s government surveil, stalk and harass Chinese nationals living in the United States, Ellen Nakashima and Shayna Jacobs report. All the victims were targeted “because of their pro-democracy views,” said U.S. attorney for the Eastern District of New York Breon Peace.

The indictments are part of the Justice Department’s broader efforts to get tough on hacking, information theft and efforts to influence and harass U.S. citizens by China and other countries. The Justice Department replaced its controversial China Initiative with the new strategy last month.

One of the schemes: Prosecutors say Qiming Lin, a Chinese citizen allegedly working for China’s Ministry of State Security, hired a New York private investigator to dig up dirt on a Brooklyn resident running for Congress.

• The victim was Yan Xiong, who came to the United States as a political refugee several years after the crackdown at Tiananmen Square, according to public records and open-source information.
• Lin told the private investigator to find “derogatory information” about Yan and “manufacture something” if they couldn’t find anything, prosecutors said.

International ‘information warriors’ are piercing Russia’s propaganda wall

Teams of computer programmers are helping people contact Russian citizens and, in some cases, share information about civilian deaths or photos of the war, Drew Harwell reports. They have sent millions of messages to Russian numbers in less than two weeks, one of the group’s programmers said.

“But some of the initiatives also could backfire due to their reliance on the personal data of Russians, many of whom are disconnected from the war effort and face grave risks for public protest,” Drew writes. “They could also prove ineffective due to the force and speed with which the Kremlin has worked to sever millions of Russians from the open Internet.”

Russians have also flocked to services that let them access banned sites. Virtual private network apps have been downloaded millions of times in recent weeks, Drew reports. Thousands more computers have also connected to the Tor anonymization network since the beginning of the war as Tor use in Russia soars.

Some cyber pros see risks everywhere. Gigamon senior manager for threat intelligence Joe Slowik: 

• The Senate Banking Committee holds a hearing on the use of cryptocurrencies in illicit finance today at 10 a.m.
• National Institute of Standards and Technology acting director James K. Olthoff testifies at a House Science Committee hearing on technical standards today at 10 a.m.

Thanks for reading. See you tomorrow.