Kaspersky and the Kremlin
When it comes to the business of security, provenance matters.
For years the United States has effectively banned the Chinese tech giant Huawei from entering its network equipment market for fear of possible government-mandated backdoors. Former President Barack Obama last year blocked a Chinese investment fund from acquiring Aixtron, a German chip equipment maker with a presence in the U.S., citing security concerns. China, meanwhile, has long barred western social media companies, like Facebook, from making inroads within the Middle Kingdom, where the Communist Party regards free speech as a threat.
Kaspersky Lab is the latest company to receive the brunt of a nation’s suspicions. The Russian cybersecurity firm has been taking heat in Washington, D.C., where U.S. officials have mulled restrictions on Kaspersky sales and where national security hawks have warned that the company’s proximity to Moscow threatens U.S. interests. Eugene Kaspersky, CEO and founder of his namesake firm, has been doing his damnedest to fend off accusations of alleged impropriety, even as news organizations attempt to dredge up anything that might be construed as an unseemly tie to the Kremlin. (To wit: this Bloomberg story, which is barely newsworthy, despite what its headline suggests.)
Personally, I find it hard to believe that Russia would sabotage one of its greatest software successes to meddle with American infrastructure. A move like that would immediately and irrevocably cast every business with a hint of Russian influence into disrepute. Retaliation would be swift and certain. The only circumstance under which I can imagine Russia abusing Kaspersky’s foothold on networks would be in the event that the U.S. and Russia were engaged in all out conflict. Then all bets are off.
That said, I also understand the U.S. view: wanting to prevent Russia—or a Russian business, more accurately—from having any leverage over its critical systems. The Kremlin has become far more brazen when it comes to hacking and cyber espionage in recent months. Why grant an adversary such a potentially strategic position?
Kaspersky has topnotch researchers, some of the best in the business. It’s a shame that its commercial aspirations, which have the potential to build common economic and diplomatic ground, must suffer amid this cloud of fomenting distrust. It’s like two sets of parents forbidding their children from playing together because the folks don’t get along. Like I said, a shame.
This week Fortune’s team is headed to Aspen, Colorado, for our Brainstorm Tech conference. There we’ll have a number of experts from the national security world taking the stage, including Stanley McChrystal, a former top military commander, Keith Alexander, ex-head of the NSA, and John Brennan, onetime CIA boss. We’ll be sure to share what we learn about private industry and public sector relations in an upcoming edition of Cyber Saturday. Stay tuned.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Dark market goes dark. AlphaBay, the dark web’s biggest marketplace, where unscrupulous sorts could buy and sell drugs, stolen credit card information, weapons, and other criminal miscellany, was taken offline a week ago after a joint action by officials from the U.S., Canada, and Thailand. Authorities arrested Alexandre Cazes, a Canadian citizen living in Thailand and allegedly one of the site’s operators. The suspect apparently hanged himself in a Thai prison cell on Wednesday. (Wall Street Journal, Wired)
Stolen Trump cards. Trump International Hotels Management, the company formerly run by U.S. President Donald Trump, disclosed a data breach on Tuesday that affected people who had booked reservations at 14 of its properties. Hackers stole the payment card information from the systems of Sabre, a service provider, between August 10, 2016 and March 9. (Reuters)
Los ojos en los celulares. The Mexican government has been targeting international human rights lawyers with iPhone spyware, according to security researchers at The Citizen Lab, an academic research group based in Toronto, Canada. The surveillance tools were created by NSO Group, an Israeli firm that sells hacking tools to governments so they may keep tabs on criminals and terrorists. As the latest research shows, its hard to prevent governments from using such tools against whomever they please, whether that be journalists, activists, investigators, or lawyers. (Fortune, New York Times, Citizen Lab)
Alphabet winks, Symantec blinks. Cybersecurity giant Symantec is reportedly mulling a sale of its website certification business after Alphabet’s Google said it was running poor security checks. Symantec is apparently in talks with other companies and private equity firms about a deal to sell the division, which could be worth $1 billion. The move comes as Symantec CEO Greg Clark looks to shed slow-growth units and acquire new ones. (Reuters)
Before you toss that junk stashed in your attic, remember: One person’s trash is another person’s WWII-era crypto treasure.
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Here’s Fortune’s Aric Jenkins with a primer on net neutrality, and why people are once again debating the principle’s merits.
The general fear from advocates of net neutrality is that ISPs could fracture the web into two different internets — one faster version for the major companies who could afford to pay fast lane fees, and slower version for everyone else. Proponents additionally argue that rolling back net neutrality could lead to an increase in internet bills for everyday web users and dent the innovation that can sprout from an open, available web — smaller startups with new ideas might not be able to afford the ISP fees. Read more on Fortune.com.
Securitas CEO Declared Bankrupt After Identity Theft, by Mahita Gajanan
Cisco Just Bought Security Startup Observable Networks, by Jonathan Vanian
Here Are Top 10 Phishing Email Lures. Would You Fall for Them?, by Robert Hackett
ONE MORE THING
Your password habit hurts Netflix. It’s no secret that many people share passwords for video streaming services, like Netflix, HBO GO, and Hulu. According to Reuters, 1 in 5 people swap log-in credentials so they can get past paywalls to watch TV shows and films online. Quartz crunched the numbers and determined that Netflix password-sharing is eating hundreds of millions of dollars into the company’s potential revenue. (Quartz, Reuters)