Written byPatrick Howell O'Neill
U.S. spies believe FBI agents have mismanaged the ongoing counterintelligence investigation into Moscow-based cybersecurity company Kaspersky Lab, current and former senior U.S. officials familiar with the matter tell CyberScoop.
Officials tell CyberScoop they believe the FBI has engaged in deliberate media leaks and overblown classified congressional briefings to build the case around Kaspersky. These officials also say the FBI should be more covert in its efforts to persuade private companies to uninstall Kaspersky software. A quieter operation would help avoid putting the rest of the intelligence community — especially agencies engaged in cyber-operations — in the crosshairs for retaliation, the officials say.
The FBI has briefed private sector companies across several industries, urging them to cut ties with Kaspersky on security grounds, CyberScoop reported last week. On some occasions, the FBI’s outreach efforts in the U.S. have been successful. At least one major American energy firm recently opted against signing a significant business deal with Kaspersky due in large part to the bureau’s briefings. Larger, brand-name technology giants have generally been less receptive and cooperative with the FBI.
The reaction from inside the U.S. intelligence community to the FBI’s work on Kaspersky has been mixed and, at times, disapproving. While there is general agreement among the intelligence agencies that Kaspersky is connected to and works with Russian spies, senior U.S. intelligence officials disapprove of the bureau’s handling of the years-long issue.
Officials from the NSA, CIA and DIA have spent the last year privately criticizing what they perceive as the bureau’s escalatory strategy, which they say is often based on lackluster intelligence work.
No evidence of a relationship between Kaspersky and the Kremlin has been made public, which has fueled a public debate about Washington’s tactics against the private company.
U.S. intelligence officials tell CyberScoop they are frustrated with what they describe as the FBI’s disregard for the the bigger picture.
When the FBI pokes Kaspersky in the eye, one senior U.S. intelligence official said, it’s often not the FBI that is left to face the consequences. Instead, the onus may fall on intelligence community agencies, like the NSA or CIA. Additionally, private U.S. companies may be targeted due to backlash from the Russian government, the source said.
The FBI did not respond to a request for comment.
The long-running conflict between the U.S. government and Kaspersky stems from years of U.S. investigations and suspicions that Russian intelligence leverages Kaspersky as a billion dollar worldwide intelligence-gathering tool. Kaspersky has long denied any inappropriate relationship with Russian intelligence.
“Kaspersky Lab routinely assists law enforcement agencies and governments, including the United States, by providing technical expertise on malware and cyberattacks,” a Kaspersky Lab spokesperson told CyberScoop. “The company has never helped, nor will help, any government with its cyberespionage efforts, as Kaspersky Lab is committed to fighting cybercrime and making the digital world safer for everyone.”
Current U.S. officials also tell CyberScoop that attempts to build a working relationship with Kaspersky regarding particular cyber threats has been stifled once the FBI learned of the efforts.
The FBI’s actions — which, according to officials, exacerbate an already delicate relationship between the intelligence community and Kaspersky — show the cultural and practical gaps between the different agencies that impact the way they work together on a day-to-day and case-by-case basis regarding cybersecurity.
Much of the criticism of the U.S. government’s handling of the case has taken place behind closed doors. But intelligence veterans have spoken out about the issue.
“There is little doubt that the U.S. government’s handling of their Kaspersky claims will cause trouble for U.S. companies,” Jake Williams, a former NSA employee and founder of Rendition Infosec, told CyberScoop. “The data released so far against Kaspersky is weak and inconclusive and applies to many U.S. information security companies. Making claims without substance to back those claims will just lead to speculation that U.S. companies are involved in similar activities. Rebuking these claims is made difficult since the burden of ‘proof’ established by the U.S. is so low.”
Robert Lee, another U.S. intelligence veteran and now the CEO and co-founder of Dragos Security, has repeatedly spoken out on the issue. “It is not appropriate for the USG to make allegations against Kaspersky a private company w/o proof,” Lee tweeted in May. “Provide proof or stop.”
There is little love lost for Kaspersky in the intelligence community but, among senior officials who spoke with CyberScoop, there is a smaller and shrinking appetite for a public relations battle that could have a profound impact on operators working to defend U.S. computer networks.