Eugene Kapersky, CEO of security company Kapersky Labs, has agreed to share his company’s source code with the US Government in order to “prove that we don’t behave maliciously.”
Kapersky Labs, which operates out of Russia and has mediated interactions between the US and Russian governments for years, has apparently become a casualty of the United States’ mounting suspicion of Russia. In the wake of rumors that Russia hacked the 2016 US presidential election and suspicions of Russian connections to President Trump’s campaign, a proposal to sever all relationships between the Department of Defense and any US government agency employing the services of Kapersky Labs has been brought before the Senate.
Jeanne Shaheen, a Democratic senator from New Hampshire, says there is “a consensus in Congress and among administration officials that Kaspersky Labs cannot be trusted to protect critical infrastructure.”
Kapersky Labs’ official statement maintains the company’s political impartiality. “As a private company,” the statement reads, “Kaspersky Labs has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”
The Russian government employs American companies to protect its own national security, and Russian Communications Minister Nikolay Nikiforov has pledged to retaliate should the US impose any “unilateral political sanctions” requiring Kapensky Labs or other companies to surrender source code. But Russia has demanded and been granted access to the source code for firewalls, anti-virus applications, and other encrypted software created by American companies like IBM, McAfee, and HP.
Symentac, the American software company behind Norton Antivirus and other popular products, broke the mold last week, denying Russia access to its products’ source code. The requests of the Russian government, a Symentac spokesperson said, “pose a risk to the integrity of the products.
One risk is that governments could probe the source code for weaknesses, and exploit those weaknesses to launch cyberattacks. Though governments seize source code under the pretense of ensuring ethical business practices, there is nothing to prevent those governments from using that source code unethically.
According to an article by Rhett Jones of gizidmo.com, the NSA harbored documents exposing security vulnerabilities. Among those vulnerabilities was a weakness in the Windows operating system which the kept as a potential cyber-weapon rather than sharing it with Microsoft.
When information regarding the Windows security flaw leaked, opportunistic hackers created WannaCry, a piece of “ransomware”—that is, malicious software which prohibits access to a computer system until some ransom is paid—which held victims’ data hostage until a sum between $300 and $600 dollars was paid.
Many suspect Russia’s government of having carried out a number of its own cyberattacks. In March of this year, two Russian intelligence agents were indicted in connection with a widespread hacking operation which uncovered data from over a half billion Yahoo accounts. One hacker offered to share the birthdates, email addresses, usernames, and passwords of over 200 million Yahoo users in exchange for just $2,000.
Luckily for Yahoo and victims of the scam, payment information and in many cases passwords were sufficiently encrypted as to remain protected from the hackers.
Neither government trusts the other, and private companies like Kapensky Labs are caught in the middle. In the name of protecting themselves, governments are seizing information from companies. Yet the governments themselves have proven time and again that, whether because of ineptitude, moral corruption, or some combination of both, they cannot be trusted with such information.
Still, the companies are complying with the governments’ demands for the source code. In so doing, they are setting a precedent that empowers corrupt governments and forces ethical private companies to put themselves in danger. There is an intricate web of fear that cannot be untangled: the governments fear each other and the private companies from whom they are seizing information. The companies fear—or at least should fear—the governments, so they hand over the source code. When other companies see their competitors complying with the government, they are forced to do the same.
It is a complicated matrix of forces which seems to propel itself. And Kapensky Labs is the latest domino to fall.