Giving Aid and Comfort to the Enemy

Thursday, August 16, 2012


Anyone who doubts that we are not in the midst of cyber warfare, they are not educated as to the current state of global affairs.

The United States is under siege from nearly every corner of the virtual universe. The attacks are continuous. The intent clear. 

The United States has the greatest store of intellectual property the world has ever seen. We create new content hourly. We drive new trends, place our technology on the moon and Mars, and push the envelope of most every area of science and math known to human kind.

Recent discoveries of malware such as Stuxnet, Flame, Duqu, and Gauss point to alleged US efforts to penetrate Iranian cyber infrastructures to execute virtual acts of espionage and sabotage. Since 1979, Iran has made every effort to kill Americans and subvert our foreign policy. They are truly an enemy and well defined adversary.

Their intelligence services from the assassination squads of Al-Quds Force Unit 400 to the Iranian Revolution Guard Corp (IRGC) to proxies such as Hezbollah, have and continue to execute acts of espionage, sabotage and assassination against Americans and friends of Americans. Whether it was the murder of Robert Dean Stethem in 1983 aboard TWA Flight 847, the bombing of the Marine barracks in Beirut during the same year or their continued sponsorship of state terrorism, Iran is bent on eliminating every facet of US influence in the Middle East and beyond.

Their drive to eliminate Israel, communicated on a regular basis. Their intent with nuclear technology, well defined with their commitment to develop nuclear weapons. They are a true adversary working to spread their revolution anywhere they believe they can gain foothold. Largely at the expense of the United States and everyday Americans.

Recent responses (allegedly) by the United States include a virtual war that is attempting to delay and disrupt the Iranian nuclear program, potentially as a method to give sanctions and diplomacy time to work before physical acts are the only option. These may be in the form of Stuxnet, Flame, Duqu and Gauss, and others yet discovered. These tools serve to disrupt production, gather information for future operations, uncover illegal financial transfers and track information related to the illegal acts of the Iranian regime. 

What is vexing and causes great consternation, is why the likes of McAfee, Symantec, TrendMicro, Microsoft and Bitdefender (to name a few US-based companies and not the F-Secure’s, ESET’s or Panda’s of the world) would openly publish code examples, reverse engineering information and analysis on cyber espionage and sabotage tools. These tools serve to delay, disrupt, deny, and deceive our enemies from developing nuclear weapons that could one day be used against the United States or our allies. You might think that they are all actively on the payroll of the IRGC and have become another in a long line of Iranian proxies.

When seeing this type of information published by American companies, should the conclusion be that they really are only in the game for economic reasons? This is not a demonstration of true loyalty to United States policy since their disclosures of the malware in question can only be seen as proving to the world that they are highly skilled at malware detection and remediation.

The fact is that most anti-virus solutions catch at best, 30% of the malware in the wild. If they were as good as their annual fees indicate, then they would have caught the malware in question when it was installed, not a year or two later (anti-virus solutions should be free).  However, that is not the point and intent of this writing. The point is this: Are American information security companies providing aid and comfort to our enemies and adversaries by providing solutions to our alleged cyber weaponry?

The information security companies mentioned are but a few of those communicating their prowess by documenting analysis on the malware. It seems as if they believe they have signed some sort of Hippocratic Oath where they apply all measures that are required to prevent malware whenever they can since they believe it is a societal obligation. For some reason, this seems to be far from theunderlying intent.

During the era of the Cold War, anyone giving aid and comfort to the enemy was termed to be treasonous as defined in Article III of the US Constitution. Is the application of this term and associated definition going overboard with respect to the acts of information security companies? Let us leave that to others to determine.

Kaspersky is now asking for a crowdsourcing effort to break the encryption associated with the Gauss payload. Surely US-based mathematicians, computer scientists, college students and information security companies are all rushing to become the first to do so. However, at what cost to alleged US efforts against a foreign enemy?

Eugene Kaspersky served as a Soviet Intelligence Officer with KGB training. He is directly tied to the new KGB, the Federal Security Service (FSB) and has a tight relationship with Vladimir Putin. His intentions at solving the encryption issue of the Gauss payload is not for the benefit of humankind. It is purely for the benefit of the FSS and Vladimir Putin. Anyone in the US who answers the call from Kaspersky to solve the encryption should think of whom they are supporting and where their loyalties lie. 

Kaspersky is highly active in seeking out any alleged US created and implemented cyber weaponry for the specific benefit and enhancement of Putin’s Russia.  Kaspersky’s company has grown over 177% between 2009 and 2010 according to Forbes with over 50 million users of his software. He is openly fighting against cyber espionage and sabotage, as long as it is not Russian manufactured.  We must ask ourselves, why is it that he has not discovered any alleged Russian malware that fits the cyber espionage or sabotage genre? Are we naïve enough to believe that Putin has not commissioned the authoring of such cyber weaponry? 

We can better understand this sentence, very shocking to our ears in the West, on social networks: "There is too much freedom , he said about Facebook. Freedom is good. But the wicked can abuse the freedom to manipulate opinions. " Interesting and amusing when you consider his sympathy for Vladimir Putin, the "democrat" as we know it. The Russian president that pushes the development of international regulation of the Net and a tightening of control of online media, as demonstrated by the recent legislation passed by the Duma in early July.

Proximity to the makers of our time that does not stop at the Kremlin, Eugene Kaspersky is often invited to attend and intervene in safety symposiums around the world. Meetings attended by security thinkers and politicians on the planet. Ultimately, the Russian security expert watching over your PC, it would be better if he does not care for our freedoms. (As recovered via cached copy of Tech Your Day - ).

The message to US-based information security firms and anyone wishing to solve our adversary’s cyber problems is this: Think very hard at what actions you take to reverse engineer, communicate, publish, and solve the cyber ills of our adversaries and enemies. You are not acting as loyal citizens of the United States and are actually betraying the trust given you by birth or acquired. The call by Kaspersky is nothing more than an effort to aid an adversary. If US-based companies are intent at reverse engineering and communicating their findings, then do so. However, do so to US authorities as a method of finding holes in the cyber weaponry for future improvements and hardening.


About the Author:  Jeff Bardin is currently Chief Intelligence Officer for Treadstone 71. In 2007 he was awarded the RSA Conference award for Excellence in the Field of Security Practices. The Bardin-led security team from Hanover Insurance also won the 2007 SC Magazine Award – Best Security Team competing against such organizations as Barclays Global and the Department of State. Jeff sits on the Board of Directors, Boston Infragard; Content Raven, Wisegate, was a founding member of the Cloud Security Alliance; is a member of the Cyber Security Forum Initiative, the RSA Conference Submission Selection Committee and formerly on the Customer Advisory Board for Chosen Security. Jeff published The Illusion of Due Diligence in 2010 and was a co-author for the Computer and Information Security Handbook, Understanding Computers, and has published articles for magazines such as The Intelligencer, CSO, and SC Magazine. Jeff served in the USAF as a cryptologic linguist, and in the USANG as an officer.  He has BA in Special Studies - Middle East Studies & Arabic Language from Trinity College as well as a MS in Information Assurance from Norwich University.  He is also a professor of masters programs in cyber intelligence, counterintelligence, cybercrime and cyber terrorism at Utica College. Jeff also holds the CISSP, CISM, C|CISO and NSA-IAM certifications.

Possibly Related Articles:
Viruses & Malware
Cyberwar Stuxnet Espionage Kaspersky cyber weapon DUQU Flame GAUSS
Post Rating I Like this!
Alex Popov What a nationalist 'you're either with us, or against us' polarizing one-sighted crap.
shawn merdinger Jeff, I'm wondering if you've any thoughts on British bank Standard Chartered out of New York doing 60,000 financial transactions with Iran over a decade totaling more than 250 billion.
I've not looked at it fully as yet to fully come up with a comment at this point. Like you, I try to evaluate and research an issue based upon evidence (unlike some on InfosecIsland who are merely mouthpieces for their own ego, i.e., if they were chocolate, they would eat themselves)). Back to you as soon as I get time.
Jackie Singh Unsurprising that the first person to complain about the (blatant, overt, not hidden) nationalistic tone of this article has a last name hailing from the Eastern Bloc?
Alex Popov Jackie,
yes, my surname is foreign, just like yours. Singh, isn't that from India, one of the trusted proxy's of the Soviet Union (and now Russia) ?

Please stay on topic and take a look at the content of the article. We are 'under siege from nearly every corner of the virtual universe' ? Seriously? And we start to distrust companies that publish their software research? As if US companies are the only ones in the world that would be able to to 'reverse engineer, communicate, publish, and solve the cyber ills'. As if US companies are the 'good' guys and everyone else is the 'bad' guy. That type of polarizing rhetoric doesn't help anyone.

Then again, what can I say, how seriously should we take a 'cyber ninja' (follow the Treadstone link) ? In the end it's all just a piece of marketing crap.
Whenever I post a blog or a response, I try very hard to ensure everyone knows who I am and what affiliations I have. It is important to me to maintain complete integrity when it comes to legitimate postings online. When I post an article such as the one above, it is with clean conscious and clear heart that I mean what I say and stand behind it with honor. Many will interpret what I say without knowing who I am, what I stand for or what I am about. There are those who post within InfoSec Island without fact checking or evidence validation with every word they blog. In most every case, their interpretations are off base and without merit. Sometimes, a response to one of my articles is thought to be an insult when in fact it is a compliment. Such is the response from Alex Popov. Alex is making an effort to discredit my comments as nothing more than pure nationalistic fervor and marketing propaganda. I have nothing to gain from this posting other than my hope that U.S. AV companies seriously consider the ramifications of what they do. Outside of that, I am spending political capital about which I have strong convictions.
The above blog demonstrates the inequities in Kaspersky’s efforts. He exhibits complete loyalty to his country and government. Why would any Russian expect anything less? However, from my perspective, he is nothing more than a tool for Putin or as I have tweeted before, “Putin’s Puppet.” I stand behind those less than flattering words based upon demonstrated fact. On the other hand, Kaspersky may revel in the moniker. The demonstration is by Kaspersky himself. The facts defined by him and those who follow him. As I stated in the blog, why is it that Kaspersky Labs is unable to find any Russian malware of the same type (cyber espionage, sabotage, intelligence)? If he did find such malware (as opposed to his placing it within his own commercial software, which is a rumor at this point), would he run amuck of his benefactors in Moscow? How would Putin respond if Kaspersky identified, communicated, reverse engineered and shared the results of an FSB cyber espionage malware product? I think the answer would be clear and swift. Can you answer any of these questions Alex?
U.S. companies in the same field should take care and use discretion when reverse engineering and communicating solutions to alleged U.S. sponsored or created malware of this type. It is quite surprising that the same executives who have access to the Department of Homeland Security and the National Security Agency to name a couple of organizations, would publish solutions to cyber espionage, sabotage and intelligence tools that could help to remediate major crisis. The same executives who have private meetings with U.S. officials at the RSA Conference in San Francisco are the ones promoting aid and comfort to our enemies.

Alex, we all know that Mr. Kaspersky served in the Soviet Military as an Intel officer trained by the KGB. Why then does he hide it in his bio on the website?

Let us turn the discussion to Александр Попов (Alexander Popov or Alex Popov). Alex has popped up (no pun intended) to debunk my comments. Fair game as is any blog. However, if you are going to debunk, provide factual evidence. What is unusual about this is who Alex seems to be. He does not identify himself other than someone with a name that may tie to one of the targets of the blog. There are dozens of Alexander Popov sock puppets on Twitter. Are you the Alexander Popov that started following @Treadstone71LLC right after the blog was posted?

What is possible is that Alexander Popov is the same Alexander Popov who is a Program Manager for Kaspersky (since July 2010). This would easily explain efforts to defend the boss. Alex, what is the truth? Are you one in the same or am I mistaken in my assumption? If you do work for Kaspersky, then your comments are heavily biased and suspect. Some may say without merit since they are supposition based upon emotional response.
(Alex is also on Google+).

What is also a bit unusual is the appearance of Alexander Popov on the Kaspersky Club forums from September of 2009 where it appears that Alex is already working for Kaspersky. That doesn’t really line up with the LinkedIn dates if in fact it is the same Alexander Popov. Can you explain this as well Alex?

Alex, let us know who you are. We all know the Internet is the opportune vessel for cowards, fanatics, closet bigots, extremists, hidden communists, and those who spew ideas and beliefs, while hiding behind the keyboard. Even when people of this type do provide their names, they do so from the comforts of their offices, homes, crawl spaces, jail cells, churches, dacha, etc.
Jackie Singh Polarizing rhetoric? Really? Let us all stand hand-in-hand and sing "Kumbaya" while hostile nations plot cyber war while using state-run organizations to claim otherwise.
Ian Tibble This blog has an international audience yet we're talking nationalist here. Probably most of the US audience would be ashamed to be associated with this diatribe.

The Internet knows no borders, and neither do any of the MNCs that are mentioned here...this point is best exemplified by Shawn's comment about Standard Chartered. Before that article in the NY Times I wasn't aware their HQ was in London. They have a strong retail and corporate banking presence in APAC and the whole dealing with Iran thing...please. The NY times article was an oh-so-ethical way of helping some Wall Street champions of the ethical cause to move in on Standard Chartered's Asian market. Actually Standard Chartered do well in Asia precisely because nationalism is not on their agenda.

Generally, nationalism is bad for business. This is why you don't see the stars and stripes pasted all over Symantec's website. The C-levels there understand their inter-dependencies with other nations and their own employees. Many companies have a strict Code of Conduct which lead to people getting fired if evidence of racial discrimination is forth-coming.

"Evidence", "evidence", "absolute proof" - in many incidents the gathering of evidence so as to gain absolute proof is sufficiently close to unfeasible as to be called impossible. And gathering absolute proof of a threat from Russia, with no understanding of Russian politics, or culture, - good luck with that, even if you do read, write, and speak Russian. Are we to see a Cheney-style first strike here, based on similar proof that Iraq was in possession of WMDs?

Lance: in keeping with this post, it might be an idea if you setup a geolocation-based firewall for your webserver. Obviously all of the posters on your blog are US nationals and experts in their field - by allowing a non-US based audience to read the posts, they could be gaining knowledge that could be used to threaten ...whatever it is about America that could be lost if such a ...threat were ever realised.
Alex Popov Lance, why do you feel that my comments are trolling? Because you do not like my opinion? I agree, my first comment was a bit rude, perhaps shouldn't have written it that way, but trolling? Nah. Don't worry though, it's unlikely that I will be visiting the blog more often.
aleph I don't understand how the biggest threat to our security is Iran when we have double agents all up in their nuclear programs along with "anti-nuclear cyber munitions". With the nuclear threat out of the way, what else are they going to do to us? Attack us with some cobbled together airframes like the Shahed? Cue the economic sanctions and we're good.

The second thing I do not understand is the ridiculous comments on Kaspersky and other antivirus vendors publishing code that is a threat to people's networks. They are doing their jobs, part of that is throwing bins/rev'd code on AVIEN so people can look at it and figure out what it's doing. They do not give a frak about your politics, they find malware and report on it, write signatures for it and add it to their databases. And calling it anything other than malware is semantics. The US government is writing code (software) to do harm (mal) to a system. You seem to forget that we didn't know what this code was doing before they attributed it to the US/Israel and it could have very well been written by Al-qaeda or Russia or whoever.

Then you go on to criticize the Duma for their ass-backwards view on the Internet when our own government is building one of the largest datacenters in the world in Utah to spy on its own citizens. I've heard from NSA folks that we should "just trust them", but that is impossible to do when nearly everything about the program is classified Secret and up. Driftnet surveillance is a security threat in its own right, imagine if a double agent were to get into the NSA's airgapped systems, they'd have a field day on files for every American citizen. And don't tell me it's impossible to not have a double-agent in the US IC, look up Aldrich Ames.

Drop the Nationalist diatribes, the point is if you are an InfoSec practitioner - trust no one.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked