Nicole: Yup. It turns out the Kremlin has found their sweet spot in the ugly fault lines in American politics. They’ve truly exploited our country’s political grievances, cultural resentments, news literacy and diminishing faith in once-trusted institutions like the news media to bring out the worst in us, simply by creating some Facebook pages. Who would have thought that Russians would be behind a pro-Texas fan page disseminating pro-secessionist Texas messages, or a “Blacktivist” page advocating for more protests against racial inequality?
Farhad: It wasn’t just Facebook. Google disclosed this week that Russian operatives also bought ads on its platform to interfere with the 2016 race. The amounts were small — about $4,700 in ads from the Russian government — but they added to the overall story line, which is that the tech giants’ platforms are being used in ways they probably had never foreseen.
Nicole: Did we really think Russia was going to try to hack election databases in 21 states, and pour that many resources into Facebook and not touch Google, the No. 1 source of information for most Americans?
It’s frustrating that this is only coming out now, but to be fair, much of the Russian activity was not exactly obvious. The silver lining is that we may finally be getting some answers. This week, the House Intelligence Committee said it would turn over Russian Facebook ad content, after meeting with Facebook’s chief operating officer, Sheryl Sandberg.
The Web of Kaspersky
Farhad: Let’s turn to another story about Russian spies, this one not at all banal. The United States recently discovered that a Russian antivirus company, Kaspersky Lab, had been compromised by the Russian government. The software was essentially being used as a kind of search engine for spying — the Russians could search through the files of people who’d installed the software, and in some cases it led them to classified documents, including from an employee of the National Security Agency who had stored files on a home computer.
That’s pretty amazing by itself. But what was most amazing was how the spying was discovered — because Israeli spies were watching the Russians spy on the Americans, as you and Scott Shane reported. That’s crazy! Can you explain how it went down?
Nicole: My reporting can basically be summed up as: Spies were spying on spies spying on spies’ spying. Are you with me?
Nicole: So in 2014, the Israeli government hackers managed to compromise Kaspersky Lab, a Russian antivirus company with 400 million users, many of them in Western Europe and the United States.
Here I should mention that some two dozen American federal agencies used Kaspersky’s software, including some of the most critical agencies like the Department of Energy, which oversees our nuclear program. Kaspersky was so thoroughly “owned” by the Israelis, that nearly a year later when Kaspersky’s researchers discovered the intrusion, its own researchers called the Israeli attack code “the best we have ever seen.”
As it turns out, the Israelis were so deep inside Kaspersky’s systems that they watched — in real time — as Russian spies used Kaspersky’s systems effectively as a Google search box for American classified government programs. The Israelis caught Russian spies searching any computer that contained Kaspersky’s software for the words “Top Secret,” in a sense abusing Kaspersky’s deep access to the innards of more than 400 million people’s machines to search for American government classified programs.
In at least one case, the spies struck gold: They discovered a trove of highly classified National Security Agency programs on an agency employee’s personal computer. Apparently the employee had installed the Kaspersky software on his home computer, not knowing that in doing so he was giving Russians full access to some of the N.S.A.’s most coveted programs for penetrating foreign networks.
Israel was able to capture all of this in real time and provided the N.S.A. with evidence in the forms of screenshots and other documentation, which is how the N.S.A. learned the source of this particular leak. The tip also prompted tons of internal discussions and studies within the United States intelligence community, which eventually led to a government ban on Kaspersky products last month.
Farhad: Kaspersky is a real mystery in this. They’ve denied any wrongdoing, but is it plausible that they wouldn’t have had an idea that their tools had been infiltrated by the Russian government?
Nicole: This is the mystery indeed. I sent Kaspersky a detailed list of questions that gave them ample opportunity to offer any explanations. But they declined to answer any of those questions. Instead they put out a short vague statement and sent me a Rihanna GIF on Twitter.
There are still some possible technical explanations for how Russia could have used Kaspersky as a backdoor without Kaspersky’s knowledge. But most counterintelligence experts, including one we quoted from the Central Intelligence Agency, insist there is no way these kinds of broad scans for United States intelligence could have been conducted without Kaspersky’s knowledge.
And even if Kaspersky was not complicit, these experts say, that would still mean Kaspersky is either grossly incompetent or horrendously compromised. As a security company, neither is optimal.
Farhad: That’s been quite the week! Thanks for joining me, Nicole. See you!
Nicole: Ciao! Or as they say in Russian “Прощай!”
Farhad Manjoo, who joined the Times in 2013, writes a weekly technology column called State of the Art. Nicole Perlroth joined The Times in 2011 and covers cybersecurity. You can follow them on Twitter here: @fmanjoo and @NicolePerlroth.