The only thing I knew about Kaspersky Lab was that it used to sponsor the New England Patriots’ radio broadcast.
That was until this summer, when New Hampshire Sen. Jeanne Shaheen started ringing alarm bells about the anti-virus software company.
Shaheen sits on a Senate Homeland Security subcommittee that received a classified report on Russian interference in the 2016 elections. Shaheen can’t share everything she knows, but there has been enough publicly-reported smoke for Shaheen to call for putting out the fire.
Shaheen explains that under Russian law, “all information in and out of Russia is subject to surveillance, including digital info.”
Since Kaspersky’s servers are in Russia, Vladimir Putin’s government has a back door into all that data. U.S. government agencies had left that door wide open.
“About 15 percent of government agencies detected Kaspersky software on their networks, including the Department of Defense,” Shaheen says.
Was this just a Russian firm forced to give Putin’s government access to comply with Russian law? Shaheen says no.
“There are open-source reports of top Kaspersky officials working with Russian intelligence, the FSB,” Shaheen says, while not commenting on her classified briefings.
In June, she was the first public official to claim direct links between Kaspersky and the Russian government.
Last month, the New York Times reported Israeli spies had hacked into Kaspersky, and found Russian hackers had been exploiting the Kaspersky back door to gain sensitive intelligence. The Washington Post reported the Kaspersky network had hacking tools from the U.S. National Security Agency, which were later traced to the Kremlin.
In June, Shaheen introduced an amendment to the National Defense Authorization Act (NDAA) to ban Kaspersky products from defense department computers. Arizona Republican Sen. John McCain not only joined her effort, but joined in a broader push for a ban across all federal government computers.
Shaheen and McCain’s language was incorporated into the NDAA, with remarkably little debate.
As the bill was working its way across Capitol Hill, the Trump administration began to respond. In July, the General Services Administration delisted Kaspersky from the list of approved products for government use. In September, nine days after a Shaheen op-ed on the Kaspersky threat ran in the New York Times, the Department of Homeland Security banned the entire federal government from using Kaspersky products.
Last week, the NDAA sailed through the House and Senate, and is headed to President Trump’s desk to be signed into law. Shaheen’s amendment, now applying to every federal computer, is included.
It is a big win for a senator who staked out a small, but important issue, and worked across party lines to build consensus.
I asked Shaheen if she was frustrated that she was barred from sharing the evidence that convinced her Kaspersky was a threat.
“This is a long-standing problem that we have with our federal government. Classified information sharing has been challenging at best,” she responded.
A key section of Shaheen’s amendment requires the DOD to report on its own capacity to spot and address cyberthreats such as Kaspersky. It also requires a version of this report to be unclassified.
“We know that Russia has a theory of warfare that includes cyberwarfare. We saw that in Ukraine. We saw that in Georgia,” Shaheen says. “We just saw for example that Russia interfered in Spain to inflame the Catalonia separatist movement. The goal of the Putin government is to undermine the West’s faith in our democratic institutions, and this is a piece of that.”
Putin, like his Soviet predecessors, wants to encourage chaos in the U.S. and other Western democracies. This very real threat is conflated by some on the left with groundless theories that Russian interference somehow stole the election from Hillary Clinton. Such theories play right into Putin’s hands.
So does dismissing the threat, or mistaking Putin’s efforts to undermine Clinton as evidence of allegiance with Trump. The President and many of his supporters can’t bring themselves to see this.
Kaspersky, wittingly or not, was one tool Putin used to steal our secrets. Kudos to Jeanne Shaheen for shutting it down.
Grant Bosse is editorial page editor of the New Hampshire Union Leader and Sunday News.