The spy who loved Windows

Suspected Russian spy at Microsoft probably not the only one

Headline writers the world over received an early Christmas present from Russia this summer with the spy scandal inviting them to use Bond film titles like “From Russia With Love” and “The Spy Who Loved Me” to tell the story. I couldn’t resist either.

With the latest news that a 12th spy was reported to be scheming, this time inside a cubicle at Microsoft, I reached out to Ira Winkler, an expert on cybercrime and its role in corporate espionage, for perspective. Winkler, the president of Internet Security Advisors Group, was the source for an earlier post titled “Black duck eggs and other secrets of Chinese hackers,” in which he posited that the presence of the delicacy on the menu of a Chinese restaurant nearby a Fortune 50 company’s R&D facility mean it was a front for a spying operation.

Today, Winkler said Microsoft is a likely a target of either government and/or corporate espionage from a number of countries, including China, Russia and Israel, among others, and that the company, as well as other companies, need to remain vigilant about the possible spy in the file room.

Alexey Karetnikov, who worked at Microsoft in Redmond for nine months as a software tester, was deported to Russia Tuesday. While not accused of espionage, he was deported for violating immigration laws, and some news reports said his name came up during the investigation of the 10 alleged Russian spies arrested on the East Coast and sent back to Russia in a spy swap with the U.S. and U.K. The 11th suspect in the spy ring remains at large.

Winkler has no direct knowledge of what Karetnikov might have been up to at Microsoft, but given his knowledge of corporate espionage, he suspects he was a “sleeper agent.” Karetnikov wasn’t likely there to steal software code or to unravel what the heck Microsoft was thinking with Kin, but was probably there to identify others within Microsoft who would be good recruiting prospects.

“The more likely thing is that he was there to try to identify other people who have access to information who could steal things on behalf of Russia in the future,” Winkler said.

Placing an agent like Karetnikov inside a company like Microsoft to steal information or intellectual property is unlikely because of the risk of being caught. Their presence is probably going to be more subtle, said Winkler.

“There is a very well established intelligence process to put people forward in a country to do nothing but establish a legitimate identity completely independent of their sponsoring agency,” he said.

And even if Karetnikov’s threat to Microsoft was, at least on the surface, benign, a company the size and influence of Microsoft probably has other sleeper agents as yet undiscovered, Winkler added. Depending on how sophisticated they are, agents could discover, or even create, zero-day vulnerabilities in Microsoft software, which could be exploited by Russian intelligence before they are discovered. In addition, agents could conduct industrial espionage to obtain information on coming Microsoft products before they are released.

The Karetnikov case underscores the need to maintain best practices in securing the IT systems and the organization in general from nefarious infiltration.

“They should have intrusion detection, data classification software, compartmentalization of data,” said Winkler. “Pretty much giving employees access [to information] on only a need-to-know basis.”

To borrow a phrase from America’s last Cold War president -- Ronald Reagan -- at an arms control summit with the last Soviet leader Mikhail Gorbachev, “Trust ... but verify.”

• Microsoft
• Ira Winkler
• Microsoft
• Russia
• spying
• Windows
• zero-day vulnerabilities