North Korea Kim Jung un, Cyber Theft of Currency

Going back to the 1970’s, North Korea was counterfeiting U.S. currency. In 2006, it was the super note, a perfect $100 dollar bill.

Training for such skills as counterfeiting, illicit drugs, weapons, cyber warfare and bootleg merchandise comes out of Office 39. Clandestine and fraudulent transactions including management operations flowing through Office 39 is estimate in the $6-8 billion range.

In 2014, one defector fleeing to Russia had $5 million of the Office 39 funds money with him.

Those highly selected North Koreans assigned to Office 39 arrive from having received an education in these specialties from elite universities or academies in China and Russia. Other highly selected North Koreans are also required to attend an in country school known as Mirim College. This school was founded by Kim Jong Il in 1986.

According to a defector:

this college has a highly confidential mission—education of world-class IT warriors—its security is so exhaustively kept that individual guard units are dispatched to the college solely for security. The security manual distributed to guards indicates that, “Without the permission of the college commander, no car should be allowed entrance to college grounds except for that of Kim Jong Il.”

Students of the college wear the same uniform as military officials, but on their shoulders they brandish special stars, on which hak (meaning is learning) is printed. A “Kim Il Political Military University” badge is worn on the left side of the chest.

Kim Jung Il lived the high life while his own people suffered to not only beatings but to death by starvation. His son, Kim Jung Un, taking over the country lives much the same yet due to sanctions and isolation by the international community, illicit activities continue.

Counterfeiting of currency is not so much a common practice in North Korea and the country has been dabbling in bitcoin fraud and now through cyber activity, they steal currency.

Just recently, Reuters published an item referring to a report analyzed suspected cyber attacks between 2015 and 2017 on South Korean government and commercial institutions, identified another Lazarus spinoff named Andariel.

“Bluenoroff and Andariel share their common root, but they have different targets and motives,” the report said. “Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country.”

Pyongyang has been stepping up its online hacking capabilities as one way of earning hard currency under the chokehold of international sanctions imposed to stop the development of its nuclear weapons program.

North Korea has cooperated with China, Russia and Iran to improve their cyber capabilities. China is especially complicit in that cooperation by providing the communications network inside the DPRK and inside China. Additionally, China has provided hardware, servers, routers. Russia is not without major blame and shares the guilt by dispatching Russian professors from Frunze Military Academy to train North Koreans to be professional hackers.

Additionally, Russia has sold to North Korea GPS jamming equipment in the area of sea navigation and also provides financial aid to North Korea supporting it’s abilities to interfere and disrupt command and control systems.

North Korea operates yet another location known as Office 91. It has four units:

110= Technology Reconnaissance Team for DDoS attacks

35= External Offensive Cyber Operations

121= Strictly assigned for cyber attacks on South Korea

204= Enemy Secret Cyber Psychological Warfare Unit

In total, it is estimated that North Korea has close to 10,000 people assigned the the cyber and hacking operations in country. Additionally, North Korea maintains a force of up to 1000 in China performing cyber warfare.

While it is common for headlines to refer to Kim Jung Un as a nutcase, that is hardly a fitting description for him. While he may be militant and spontaneous, he is well educated. He attended Liebefeld-Steinhölzli Schule, a Swiss state school gaining access to Western culture, but had lousy grades. He has two degrees, one in physics from Kim il Sung University and another as an Army officer obtained from the Kim Il Sung Military University.

He does maintain an asymmetrical military strategy that has astounded the West and countries in the region with his advanced missile systems and launch abilities. All this is funded by cyber theft of currency and information and cooperation with Iran, China and Russia. North Korea does have IP proxy locations for operations that include New Zealand, Malaysia, Indonesia an several others. The ‘darknet’ is full of countries co-opting servers and jump points all doing the same thing.

 

 

 

The Frunze Military Academy Panorama

Rick Perry: Corporate Espionage going by Russia and China

Rick Perry: Russian, Chinese Corporate Espionage ‘Shouldn’t Surprise Anybody’

Russia and China are engaging in underhanded business practices involving American oil and gas companies, according to Energy Secretary Rick Perry.

During an appearance on Fox Business Tuesday morning, Perry said it “shouldn’t surprise anybody that there is corporate espionage going on” in Russia and China, particularly with U.S. companies that are involved in hydraulic fracturing or fracking.

The secretary also addressed a recent column from Fox Business contributor James Freeman, which detailed a congressional investigation into allegations of a Russian effort to undermine and “suppress our domestic oil and gas industry, specifically hydraulic fracking,” according to a statement from House Science Committee Chairman Lamar Smith.

“When you think about Russia and China a lot of the businesses there have direct links back to their government,” Perry said. “So the idea that there are people trying to manipulate, to put propaganda out on a particular type of fuel, that doesn’t surprise me.”

He added that his case highlights the importance of cybersecurity.

“We need to be sophisticated when it comes to how we deal with Russia, how we deal with China,” he said. “Those are our competitors out there and we know that they may play with a different set of rules and we just need to be smart enough to identify.”

***

Rick Perry is more than right.

Primer 2013:

U.S. military operations, the security and the well being of U.S. military personnel, the effectiveness of
equipment, and readiness. China apparently uses these intrusions to fill gaps in its own research
programs, map future targets, gather intelligence on U.S. strategies and plans, enable future military
operations, shorten research and development (R&D) timelines for military technologies, and identify
vulnerabilities in U.S. systems and develop countermeasures.
China’s cyber espionage against U.S. commercial firms poses a significant threat to U.S. business
interests and competiveness in key industries.
General Keith Alexander, Director of the National Security Agency and commander of U.S. Cyber Command, assessed that the financial value of these losses is about $338 billion a year, including intellectual property losses and the down time to respond to penetrations, although not all those losses are to Chinese activity. Chinese entities engaging in cyber and other forms of economic espionage likely conclude that stealing intellectual property and proprietary information is much more cost
effective than investing in lengthy R&D programs.
***

Example/2015: WASHINGTON—Six Chinese citizens, including two professors who trained together at the University of Southern California, stole sensitive wireless technology from U.S. companies and spirited it back to China, the Justice Department charged.

Example/2014: In one of the most notable actions, Dongfan “Greg” Chung, a naturalized American citizen who worked on NASA’s space shuttle program, was convicted in 2009 after investigators found hundreds of thousands of sensitive papers under his California home. Prosecutors said he gave some of the documents to Chinese officials, revealing details of military and space-related technology. Chung, a former Boeing employee, was sentenced to more than 15 years in prison.

***

Chinese Industrial Espionage: Technology Acquisition and Military Modernization provides the most thorough and insightful review to date of the covert and overt mechanisms China uses to acquire foreign technology. Delving into China’s “elaborate, comprehensive system for spotting foreign technologies, acquiring them by every means imaginable and converting them into weapons and competitive goods,” the book concludes that “there is nothing like it in the world.” (2-3) The People’s Republic of China (PRC)  is implementing  “a deliberate, state-sponsored project to circumvent the costs of research, overcome cultural disadvantages and ‘leapfrog’ to the forefront by leveraging the creativity of other nations,” thereby achieving  “the greatest transfer of wealth in history.” (78, 216)

Although PRC espionage is global in scope, the most important target is the United States. Relying primarily on Chinese-language government and non-government sources, the coauthors intend to raise awareness of the threat nationally and alert decisionmakers to the gravity of the problem. Trained as Chinese linguists, with considerable experience dealing with Chinese affairs, they are uniquely qualified for the task. William C. Hannas has a Ph.D. in Asian languages, published two books on Asian orthography and served in various US government posts, including at the Joint Special Operations Command. James Mulvenon is a leading expert on Chinese cyber issues and has published widely on China’s military affairs and communist party-army relations. Senior analyst Anna B. Puglisi studied in Beijing and subsequently was a visiting scholar at Nankai University, where she studied China’s science and technology (S&T) policies and infrastructure development.

Download PDF for complete review. [PDF 264.1KB*]

New G20 Action Plan on Counter-Terrorism

  1. We, the Leaders of the G20, strongly condemn all terrorist attacks worldwide and stand united and firm in the fight against terrorism and its financing. These atrocious acts have strengthened our resolve to cooperate to enhance our security and protect our citizens. Terrorism is a global scourge that must be fought and terrorist safe havens eliminated in every part of the world.
  2. We reaffirm that all measures on countering terrorism need to be implemented in accordance with the UN Charter and all obligations under international law, including international human rights law.

    Implementing international commitments and enhancing cooperation

  3. We call for the implementation of existing international commitments on countering terrorism, including the UN Global Counter-Terrorism Strategy, and compliance with relevant resolutions and targeted sanctions by the UN Security Council relating to terrorism. We commit to continue to support UN efforts to prevent and counter terrorism.
  4. We will address the evolving threat of returning foreign terrorist fighters (FTFs) from conflict zones such as Iraq and Syria and remain committed to preventing FTFs from establishing a foothold in other countries and regions around the world. We recall UN Security Council Resolution 2178 (2014), which requires a range of actions to better tackle the foreign terrorist fighter threat.
  5. We will facilitate swift and targeted exchanges of information between intelligence and law enforcement and judicial authorities on operational information-sharing, preventive measures and criminal justice response, while ensuring the necessary balance between security and data protection aspects, in accordance with national laws. We will ensure that terrorists are brought to justice.
  6. We will work to improve the existing international information architecture in the areas of security, travel and migration, including INTERPOL, ensuring the necessary balance between security and data protection aspects. In particular, we encourage all members to make full use of relevant information sharing mechanisms, in particular INTERPOL’s information sharing functions.
  7. We call upon our border agencies to strengthen cooperation to detect travel for terrorist purposes, including by identifying priority transit and destination countries of terrorists. We will support capacity building efforts in these countries in areas such as border management, information sharing and watch-list capability to manage the threat upstream. We will promote greater use of customs security programs, including where appropriate, the World Customs Organization’s (WCO) Security Programme and Counter-Terrorism Strategy, which focus on strengthening Customs administrations’ capacity to deal with security related issues and managing the cross-border flows of goods, people and means of transport to ensure they comply with the law.
  8. We will address in close coordination the evolving threats and potential vulnerabilities in aviation security systems and exchange information on risk assessments. We recall the UN Security Council’s Resolution 2309 (2016) which urges closer collaboration to ensure security of global air services and the prevention of terrorist attacks. We will promote full implementation of effective and proportionate aviation security measures established by the International Civil Aviation Organization (ICAO) in partnership with all its contracting states as necessary. We call to urgently address vulnerabilities in airport security related measures, such as access control and screening, covered by the Chicago Convention and will act jointly to ensure that international security standards are reviewed, updated, adapted and put in place based on current risks.
  9. We highlight the importance of providing appropriate support to the victims of terrorist acts and will enhance our cooperation and exchange of best practices to this end.

    Fighting terrorism finance    

  10. We underline our resolve to make the international financial system entirely hostile to terrorist financing and commit to deepening international cooperation and exchange of information, including working with the private sector, which has a critical role in global efforts to counter terrorism financing. We reaffirm our commitment to tackle all sources, techniques and channels of terrorist financing and our call for swift and effective implementation of UNSCR and the Financial Action Task Force (FATF) standards worldwide. We call for strengthening measures against the financing of international terrorist organisations in particular ISIL/ISIS/Daesh, Al Qaida and their affiliates.
  11. There should be no “safe spaces” for terrorist financing anywhere in the world. However, inconsistent and weak implementation of the UN and FATF standards allows them to persist. In order to eliminate all such “safe spaces”, we commit to intensify capacity building and technical assistance, especially in relation to terrorist financing hot-spots, and we support the FATF in its efforts to strengthen its traction capacity and the effectiveness of FATF and FATF-style regional bodies.
  12. We welcome the reforms agreed by the FATF Plenary in June and support the ongoing work to strengthen the governance of the FATF. We also welcome the FATF intention to further explore its transformation into a legal person, which recognises that the FATF has evolved from a temporary forum to a sustained public and political commitment to tackle AML/CFT threats. We also appreciate FATF commencing the membership process for Indonesia that will broaden its geographic representation and global engagement. We ask the FATF to provide an update by the first G20 Finance Ministers and Central Bank Governors meeting in 2018. We call on all member states to ensure that the FATF has the necessary resources and support to effectively fulfil its mandate.
  13. We welcome that countering terrorist finance remains the highest priority of FATF, and look forward to FATF’s planned outreach to legal authorities, which will contribute to enhanced international cooperation and increased effectiveness in the application of FATF’s standards.
  14. We will advance the effective implementation of the international standards on transparency and beneficial ownership of legal persons and legal arrangements for the purposes of countering financing terrorism.
  15. Low cost attacks by small cells and individuals funded by small amounts of money transferred through a wide range of payment means are an increasing challenge. We call on the private sector to continue to strengthen their efforts to identify and tackle terrorism financing. We ask our Finance Ministers and Central Bank Governors to work with FATF, FSB, the financial sector, Financial Intelligence Units, law enforcement and FinTech firms to develop new tools such as guidance and indicators, to harness new technologies to better track terrorist finance transactions, and to work together with law enforcement authorities to bridge the intelligence gap and improve the use of financial information in counter-terrorism investigations.
  16. We call upon countries to address all alternative sources of financing of terrorism, including dismantling connections, where they exist, between terrorism and transnational organized crime, such as the diversion of weapons including weapons of mass destruction, looting and smuggling of antiquities, kidnapping for ransom, drugs and human trafficking.

    Countering radicalization conducive to terrorism and the use of internet for terrorist purposes

  17. Our counterterrorism actions must continue to be part of a comprehensive approach, including  combatting radicalization and recruitment, hampering terrorist movements and countering terrorist propaganda. We will exchange best practices on preventing and countering terrorism and violent extremism conducive to terrorism, national strategies and deradicalisation and disengagement programmes, and the promotion of strategic communications as well as robust and positive narratives to counter terrorist propaganda.
  18. We stress that countering terrorism requires comprehensively addressing underlying conditions that terrorists exploit. It is therefore crucial to promote political and religious tolerance, economic development and social cohesion and inclusiveness, to resolve armed conflicts, and to facilitate reintegration. We acknowledge that regional and national action plans can contribute to countering radicalisation conducive to terrorism.
  19. We will share knowledge on concrete measures to address threats from returning foreign terrorist fighters and home-grown radicalised individuals. We will also share best practices on deradicalisation and reintegration programmes including with respect to prisoners.
  20. We will work with the private sector, in particular communication service providers and administrators of relevant applications, to fight exploitation of the internet and social media for terrorist purposes such as propaganda, funding and planning of terrorist acts, inciting terrorism, radicalizing and recruiting to commit acts of terrorism, while fully respecting human rights. Appropriate filtering, detecting and removing of content that incites terrorist acts is crucial in this respect. We encourage industry to continue investing in technology and human capital to aid in the detection as well as swift and permanent removal of terrorist content. In line with the expectations of our peoples we also encourage collaboration with industry to provide lawful and non-arbitrary access to available information where access is necessary for the protection of national security against terrorist threats. We affirm that the rule of law applies online as well as it does offline.
  21. We also stress the important role of the media, civil society, religious groups, the business community and educational institutions in fostering an environment which is conducive to the prevention of radicalisation and terrorism.

C’mon White House, NEVER Trust China

Primer: Moscow hired thousands of North Koreans to build the infrastructure for the Sochi Olympics. Russia still uses North Korean slaves for mining and forestry. The North Koreans are hired slaves that have to send their pay checks back the the Kim regime. Not to be outdone, Qatar is doing the same with slaves from the DPRK, as they are hired to build the stadium for the FIFA World Cup Soccer games in 2020.

North Koreans are hired out to foreign corrupt governments to work 20 hours a day with a pay rate of $100 per month (US$) and 70% of that goes back to Pyongyang as a loyalty payment.

By the way, China, Kuwait, Libya, Africa, Oman and several other countries hire the slaves and their living conditions don’t even qualify as slums, they are much worse.

So, while there is much worry about the missile and nuclear program at the hands of North Korea, China is a major culprit in full assistance and cooperation in that regard. Further, China has aided North Korea and other terror regimes in skirting not only United States sanctions, but those from applied by other nations.

Over the last eight years, the Obama administration has hardly taken any aggressive stance with regard to North Korea and consequences except to shut off humanitarian exports to the country. President Trump meanwhile is trusting Russia and China to deal with North Korea? Worse mistake yet.

Deeper dive…

The Global Web That Keeps North Korea Running

Pyongyang’s ties with 164 countries help it amass money and know-how to develop nuclear weapons

WSJ: North Korea may be one of the world’s most isolated countries, but the tightening sanctions regime it has lived under for the past two decades is anything but impermeable.

An examination of North Korea’s global connections reveals that even as it becomes increasingly dependent on China, Pyongyang maintains economic and diplomatic ties with many nations. Those links—from commercial and banking relationships to scientific training, arms sales, monument-building and restaurants—have helped it amass the money and technical know-how to develop nuclear weapons and missiles.

The nature and extent of North Korea’s global ties comes from current and formal officials, researchers, North Korean defectors, U.N. decisions, NGO’s and an analysis of economic statistics.

North Korea: What Comes After the ICBM Test?

In some cases, North Korea leans on old allies, particularly those like Cuba from the former Communist bloc, or those like Syria that are similarly hostile to the U.S. In others, notably in Africa, it has more transactional relationships to supply items such as cheap weaponry or military training. In the Middle East, it supplies laborers for construction work and pockets almost all their earnings.

Sanctions against North Korea haven’t been as broad as those applied to Iran over its nuclear program, nor as rigidly enforced.

David S. Cohen, undersecretary of the Treasury for terrorism and financial intelligence during the Obama administration, wrote in an op-ed in April that “North Korea has gotten off relatively easy, especially as compared with Iran.”

Trying to crack down on North Korean business activities is like a game of Whac-A-Mole. North Korean defectors have detailed how the regime uses front companies to conceal its commercial activities in foreign countries, or adopts business names that obscure their identity by avoiding using North Korea’s full name, thereby benefiting from confusion over whether the entity is North or South Korean.

Pyongyang maintains diplomatic ties with 164 countries and has embassies in 47, according to the National Committee on North Korea, a Washington-based nongovernmental organization, and the Honolulu-based East-West Center.

Although it lags far behind China, India has been North Korea’s second biggest trade partner in the past couple of years, buying commodities including silver and selling it chemicals among other goods. Russia has exported petroleum products to North Korea and imported items such as garments and frozen fish. Last year, North Korea attempted to export military communications equipment to Eritrea via front companies in Malaysia, according to a recent U.N. report.

Most North Koreans abroad are involved in providing funds for the state, defectors say. One of the primary roles of North Korean diplomats is to help develop and maintain cash flows for the regime, according to former embassy officials. North Korea missions typically have to be self-financed to maximize revenue for the state, these people say.

In recent months, under pressure from the Trump administration, there are signs more countries have begun to clamp down on North Korea. In February, Bulgaria had Pyongyang send home two diplomats in its embassy in Sofia, in line with U.N. Security Council resolutions passed in September calling on countries to reduce the number of North Korean diplomats abroad.

Italy this year moved four North Koreans studying at the International Center for Theoretical Physics in Trieste to switch to less-sensitive majors in line with a Security Council resolution calling for member nations not to provide education that could aid Pyongyang’s weapons program.

In March, Senegal said it suspended issuing visas for artisans from North Korea’s Mansudae Art Studio, a state-run organization that has erected monumental sculptures across Africa.

This image, from North Korea's KRT, shows what it said was the launch of a Hwasong-14 intercontinental ballistic missile.

This image, from North Korea’s KRT, shows what it said was the launch of a Hwasong-14 intercontinental ballistic missile. Photo: /Associated Press

More than 50,000 North Korean workers are employed abroad, according to the Asan Institute for Policy Studies, a Seoul-based think tank, many in construction or factory jobs. For these workers, wages are paid directly to North Korean officials, raising hundreds of millions of dollars a year for the state, human-rights groups say.

These ties are under scrutiny as Pyongyang’s success at launching a missile that could reach Alaska is escalating the crisis over its weapons program. This week’s missile test took place on the back of a Chinese truck imported to North Korea for logging purposes, according to analysts.

U.N. sanctions are primarily intended to block North Korea’s illegitimate trade and revenue streams that have a suspected link to its weapons programs. The U.N. doesn’t target all of Pyongyang’s business activities abroad, such as the chain of restaurants it operates in Asia and the Middle East, or its dispatch of laborers.

U.S. sanctions go further in trying to disrupt North Korea’s trade and revenue, including a recent move to block access to the U.S. financial system for a bank in China on which Pyongyang relied. The U.S. has sanctioned North Korean leader Kim Jong Un, a move that would freeze any of his assets in America.

Secretary of State Rex Tillerson on Tuesday called on the global community to stop doing business with Pyongyang.

Video from a North Korean state news bulletin Tuesday was said to show leader Kim Jong Un applauding after the launch.

Video from a North Korean state news bulletin Tuesday was said to show leader Kim Jong Un applauding after the launch. Photo: Yonhap News/Zuma Press

This week, Sen. Cory Gardner (R., Colo.), chairman of the Senate Foreign Relations Committee’s subpanel on East Asia, said he was drafting legislation that he says would create a “global embargo” on North Korea.

“We need to shut off North Korea’s access to oil, to trade, to currency, to financial institutions,” he said in an interview Thursday, calling for “Iran-style” sanctions. “They are far from being ‘sanctioned out.’ They are certainly isolated, but they have to recognize they ain’t seen nothing yet.”

China has had close ties to North Korea since the 1950s when it sent troops to fight U.S.-led forces backing the South in the Korean War.

In 2001, China accounted for around 18% of North Korea’s exports and 20% of its imports, ranking behind Japan on both measures, according to customs figures compiled by Harvard University’s Atlas of Economic Complexity.

Since U.N. sanctions on North Korea were tightened in 2009, Japan and other countries have curtailed commercial ties with Pyongyang, leaving China as by far its biggest trade partner.

For the past five years, China has accounted for more than 80% of North Korea’s imports and exports, providing an economic lifeline even as political relations between Beijing and Pyongyang have deteriorated.

During that period, China has imported mostly industrial raw materials from North Korea, especially coal, but also seafood and clothing such as men’s suits and overcoats.

In recent days, President Donald Trump has expressed frustration with China for expanding trade with North Korea despite U.S. appeals to exert more pressure.

China says it enforces U.N. sanctions and since February it has banned imports of North Korean coal—one of Pyongyang’s main sources of hard currency.

However, U.N. sanctions still allow trade that isn’t deemed to benefit North Korea’s nuclear and missile programs, and China’s customs figures show that its exports to North Korea have increased this year. Crucially, China continues to be North Korea’s biggest source of crude oil, according to diplomats and experts on the region.

Much of North Korea’s trade takes place over the 880-mile land border with China, which is porous and sparsely guarded. Small Chinese and North Korean companies quietly ferry coal, iron ore and other resources over the border, far from checkpoints.

U.N. sanctions introduced in March 2016 banned exports of North Korean iron ore unless they were exclusively for “livelihood purposes”—a loophole China continues to exploit.

While North Korea gained notoriety in the early 2000s for state-backed exports of illegal drugs and counterfeit U.S. dollars, Pyongyang has mostly shifted its strategy to allow private North Korean enterprises to take the lead, with the regime collecting bribes from these enterprises in a primitive system of taxation, says Justin Hastings, a lecturer at the University of Sydney who has researched North Korea’s overseas smuggling networks.

The shift in strategy means that North Korea can outsource some of the risk involved in the trade while continuing to fill its coffers.

“North Korea is not infinitely adaptable, but it’s far more adaptable than people have thought and its ability to adapt to sanctions has not been reached yet,” Mr. Hastings said.

One informal Chinese trader that Mr. Hastings interviewed for a soon-to-be-published academic paper was importing truckloads and boatloads of North Korean iron ore and other minerals across the river into China for resale as recently as a year ago, when the interview took place.

 

 

Allowing Kaspersky Labs in the U.S. Defies Logic

Germany next:Germany big target of cyber espionage and attacks: government report

Barack Obama’s sanction and executive order hardly went far enough on Russia. For Russian Laws and Regulations and Implications for Kaspersky Labs and certificates, go here.

Documents link Russian cybersecurity firm to spy agency

WASHINGTON — U.S. intelligence agencies have turned up the heat on Kaspersky Lab, the Moscow-based cybersecurity giant long suspected of ties to Russia’s spying apparatus.

Now, official Kremlin documents reviewed by McClatchy could further inflame the debate about whether the company’s relationship with Russian intelligence is more than rumor.

The documents are certifications issued to the company by the Russian Security Service, the spy agency known as the FSB.

Unlike the stamped approvals the FSB routinely issues to companies seeking to operate in Russia, Kaspersky’s include an unusual feature: a military intelligence unit number matching that of an FSB program.

“That strikes me as much more persuasive public evidence,” said Paul Rosenzweig, a former deputy secretary for policy at the Department of Homeland Security. “It makes it far more likely that much of the rumor and uncertainty about Kaspersky are true.”

For years, suspicions that Kaspersky is connected to Russia’s spying network have dogged the company, a leading global seller of anti-virus programs. Founder and CEO Eugene Kaspersky studied cryptography, programming and mathematics at an academy operated by the KGB, the FSB’s Soviet-era predecessor, and then worked for the Ministry of Defense.

Since he established the company, it has grown to serve more than 400 million users worldwide, according to its website, and is the largest software vendor in Europe. Its security software is also widely available in the United States.

U.S. agencies also use it, with Kaspersky a subcontractor on federal software contracts. The Democratic National Committee has also used the software, even after its emails were breached last summer by Russian hackers.

But during investigations into Russia’s meddling in last year’s U.S. elections, concerns have grown that Kaspersky software could somehow be used to launch a cyberattack on the U.S. electric grid or other critical infrastructure, such as railroads, airlines or water utilities. ABC News reported in May that the FBI warned industry leaders about those risks last year at a meeting confirmed by McClatchy.

One of Kaspersky’s certificates that carries a military intelligence unit number.
GREG GORDON/MCCLATCHY/TNS

In recent days, two events kept Kaspersky in the news: FBI agents fanned out to interview Russian Kaspersky employees based in the United States, and a Senate committee approved legislation to curb federal use of the company’s products.

Even so, no proof has ever been made public to refute the company’s denials that it has connections to Russian intelligence.

The documents obtained by McClatchy, however, could provide additional evidence that the clandestine FSB has a tight relationship with Kaspersky.

In a statement to McClatchy, the company did not directly address the reference to an FSB military unit number in several of its certificates dating to 2007. The certificates are posted on Kaspersky’s website.

Kaspersky said the FSB’s certification review “is quite similar to that of many countries,” including those of the European Union and the United States. It includes an analysis of the company’s source code “to ensure that undeclared functionality and security issues — like backdoors — do not exist,” the company said.

However, Russia’s certification reviews do not require the company to divulge “the necessary information to permit those (spy) organizations to bypass products’ security mechanisms,” Kaspersky said.

After this story was initially published, the company said it and other high-tech companies that seek to sell products to the Russian government receive their certifications from the Center for Information Protection and Special Communications, known by the FSB military unit number on Kaspersky’s certificates.

A former Western intelligence official who examined the documents for McClatchy described as “very unusual” the assignment of a military intelligence number on Kaspersky’s certificates.

In Russia’s closed society, the FSB retains the right to access any company’s data transmissions, and no firm is allowed to use encryption to block the intelligence agency’s intrusions, the former Western spy said.

Kenneth Geers, a former NATO expert who is a fellow at the Washington-based Atlantic Council, also reviewed the company’s FSB certificate.

Geers said he could not say with certainty the degree to which the documents show a connection between Kaspersky and the FSB.

But “the suggestion is that this is a government op (operation), a unit with a direct government affiliation,” he said.

“No one should be surprised if there are closer relationships between IT vendors and law enforcement, worldwide, than the public imagines,” Geers said.

Case in point: Whistleblower Edward Snowden revealed that American telecommunications companies shared vast amounts of personal data with the U.S. National Security Agency, where Geers once worked.

It’s possible, Geers said, that Kaspersky’s software contains a secret “backdoor” to allow Russian special services access for law enforcement and counterintelligence purposes.

“If such a secret backdoor exists, I would not be shocked,” Geers said. “A worldwide deployment of sensors may be too great a temptation for any country’s intelligence services to ignore.

“Kaspersky may also have been required by Russian authorities to participate in a quiet business partnership with the government,” he said.

A former CIA station chief in Moscow agreed that Kaspersky may have had little choice.

“These guys’ families, their well-being, everything they have is in Russia,” said Steve Hall, who later headed the agency’s Russian operations before retiring in 2015.

Kaspersky is “a Russian company,” Hall said. “Any time (Russian President Vladimir Putin) wants Kaspersky to do something — anything — he’ll remind them that’s where their families are and where their bank accounts are. There’s no doubt in my mind it could be, if it’s not already, under the control of Putin.”

Kaspersky has rejected any notion that it might be an intelligence front, citing its years of delivering quality products.

“As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts,” Eugene Kaspersky said in May during an “Ask Me Anything” session on the website Reddit.

Many cyber experts, including those with federal government backgrounds, have praised the quality of Kaspersky software. The company also has a record of exposing cyberattacks, including the U.S. government’s Stuxnet attack that disabled Iran’s nuclear weapons development even though the Iranian equipment wasn’t connected to the Internet.

But several other experts said they were “not shocked” by the disclosure of the language in Kaspersky’s FSB certificate.

“It is common view around the intelligence community that (Kaspersky) is treated (by the Kremlin) like an arm of the Russian government,” said a former Obama administration cyber official, who asked for anonymity because of the sensitivity of the matter.

Kaspersky has attracted an unwanted spotlight lately in the Justice Department’s investigation headed by special counsel Robert Mueller into whether the Kremlin colluded with President Donald Trump’s 2016 campaign.

At a Senate Intelligence Committee hearing in May, Sens. Marco Rubio, R-Fla., and Joe Manchin, D-W.Va., raised concerns about Kaspersky.

Rubio asked of intelligence agency chiefs, “Would any of you be comfortable with the Kaspersky Lab software on your computers?”

Before him were, among others, the leaders of the FBI, CIA and the National Security Agency.

Each said “no.”

The FBI interviews of Kaspersky employees were conducted June 27, after disclosures that the company paid retired Army Lt. Gen. Michael Flynn more than $11,000 in consulting fees last fall before he began a short-lived stint as Trump’s national security adviser.

The day after the interviews, the Senate Armed Service Committee approved legislation that would bar the Pentagon from buying Kaspersky products.

“The ties between Kaspersky Lab and the Kremlin are very alarming,” said Sen. Jeanne Shaheen, D-N.H. “This has led to a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure, particularly computer systems vital to our nation’s security.”

Her amendment to the defense authorization bill prohibiting Pentagon purchase of the software as of October 2018 won overwhelming approval.

If the amendment becomes law, there could be consequences, a Russian news agency reported. It quoted a top Kremlin communications official, Nikolai Nikiforov, as warning that if the United States freezes out Kaspersky, Putin’s government could not rule out retaliation.

The FBI declined to comment. But the bureau has long suspected that some of Kaspersky’s American-based employees were engaging in intelligence activities, said a U.S. government official, who declined to be identified because of the sensitivity of the matter.

Federal agencies have at least 20 contracts in which Kaspersky products are used. The General Services Administration makes them available on an approved product list for much of the government.

CDW, a top government tech contractor that has provided Kaspersky software and maintenance through four contracts with the Consumer Safety Product Commission (as recently as May 23), declined to say whether it plans to continue offering Kaspersky software.

Dell, the giant computer manufacturer, offers Kaspersky in many of its products. The company did not respond to a request for comment.

So why do federal agencies still use Kaspersky software if there has been such uneasiness about it inside national security circles?

“Under acquisition rules, it is very difficult for an agency to rely on classified information in order to make purchasing decisions,” said J. Michael Daniel, White House cybersecurity coordinator during the Obama administration.

“A lot of acquisition officers didn’t seek out that information because they couldn’t use it in the decision-making process,” said Daniel, now president of the Cyber Threat Alliance, a group committed to improving cyber defenses.

The U.S. intelligence community’s conclusion that Russian cyber operatives pirated thousands of emails from the Democratic National Committee beginning in 2015 helped trigger the inquiries into possible Kremlin interference in the election.

But two months after the DNC disclosed that its servers had been hacked — in an apparent attempt to help prevent further intrusions — the party purchased Kaspersky software on Aug. 25, 2016, for $137.46, according to Federal Election Commission records. It was the only federal political committee that reported buying Kaspersky software in the 2016 cycle, according to FEC records.

A DNC spokesman did not respond to a request for comment.

For its part, the company publishes a blog that advises consumers about computer viruses. The U.S. government official said, though, that in the past Kaspersky has aroused suspicions as to why it warns about some computer bugs but not others.

The firm’s presence has become so embedded in the U.S. economy that the company sponsors a Ferrari Formula One racing team, robotic competitions for children and is among the corporate sponsors of an upcoming conference of the National Conference of State Legislatures.

“They have a big public relations wing,” said the U.S. government official who spoke on condition of anonymity. “They’re fully aware they’re under the microscope.”