It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs. What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool -- antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies. The Israeli officials who had hacked into Kaspersky's own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers. The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky's antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.
The US government has officially banned the use of Kaspersky security software in all of its federal agencies. Kaspersky has been under suspicion for cyberespionage for several months now, especially due to its ties to the Russian government and the fact that the company is required under Russian law to comply with Russian intelligence agency requests. According to a statement provided by the Department of Homeland Security to the Washington Post: "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security." Kaspersky Lab, on the other hand, firmly denies the accusations, stating that it "doesn't have any inappropriate ties with any government" and that there's "no credible evidence" to back up the "false allegations." It also complained that it's being treated unfairly, and that it's never helped any government in cyberespionage.
Could open source help cut the White House's multibillion-dollar software bill? The US government spends about $6bn per year on software licenses and maintenance, according to the Office of Management and Budget. Given the scale of that spending, it's understandable that the US, like other administrations around the world, is considering open-source software and open software standards as a way of saving money. But more than just seeing the move to open source as a cost-effective alternative, public officials worldwide view it as a means of speeding up innovation in the public sector. In October, the Dutch government set into law a proposal that all government bodies should use open document formats starting in 2017.
The US Marine Corps, the Navy, and the Air Force are not keeping track of their software inventories, according to a report released today by the US Department of Defense Inspector General (DOD IG). Auditors said management at many services part of these three military branches "did not consistently rationalize their software applications" leading to situations where they acquired duplicate applications, underutilized, or used obsolete software. The only military service that had a process in place for eliminating duplicative or obsolete applications was the US Fleet Forces Command. Marine Corps divisions and Navy commands also had a system in place to detect duplicate software before acquisitions but did not keep track of obsolete software. But the report's general finding was that none of the commands or divisions that are part of the three military branches maintained accurate software inventories, all having gaps in the image of their own internal IT network.
In another step toward ending the country's reliance on foreign technology, officials in the Russian capital of Moscow announced that they would replace certain Microsoft products with locally created alternatives. According to Bloomberg, which cited Artem Ermolaev, head of information technology for Moscow, and Russia's Communications Minister Nikolay Nikiforov, the city will initially replace Microsoft Exchange Server and Outlook on 6,000 computers with an email system developed by the state-run Rostelecom PJSC. Next year, it may also consider installing software developed by New Cloud Technologies -- a Russian software vendor -- on 600,000 systems. Even Microsoft Office and Windows may be replaced with homegrown versions eventually, Ermolaev reportedly said. He added that government institutions had been spending roughly 20 billion rubles ( 310 million) every year on foreign software, even though several Russian companies were ready to provide their services to the government.