Deported Russian (Spy?) Worked At Microsoft 162
subtropolis writes "KOMO News in Seattle is reporting that a recently-deported 23-yr-old Russian man 'appears to have ties to the recently-exposed Russian counterintelligence' (according to unnamed Feds). The article states that he admitted to unspecified immigration violations and was promptly shown the door on Tuesday. It also says that 'Microsoft confirms Karetnikov worked as an entry-level software tester for less than a year.' So, I'm thinking that MS had better take a really good at their logs for that time. He may have got in at 'entry-level' but his abilities may have been a fair bit beyond that. ... Interestingly, his admission to mere 'violations' and swift departure would be right in line with how this swap has gone down. The four Russians who were flown to Britain and the US had to first sign a confession before President Medvedev granted them pardons." The same news is at CBS News, too.
I'd worry a lot more about employees in China (Score:1, Insightful)
Aurora, anyone?
why do the russians need to spy on microsoft? (Score:5, Insightful)
microsoft has freely given its source code to the kgb (rolls eyes):
http://tech.slashdot.org/story/10/07/09/0042238/Microsoft-Opens-Source-Code-To-KGBs-Successor-Agency [slashdot.org]
Modern Spying (Score:3, Insightful)
Re:why do the russians need to spy on microsoft? (Score:5, Insightful)
It's pretty easy to look at the public details of these ops from today's vantage point and go "that's stupid," but remember when these ops were first started the world was different. Dramatically different in the case of the spies which had been here 10 or 20 years, although not so much in this case. It's only been a year. But a year ago, the FSB didn't have a contract with Microsoft for the source code, and so access to that was worth a little more.
When some of the 10 spies that were deported recently were originally placed here, we didn't live with the constant flood of information that we do today. It wasn't as easy as going to washingtonpost.com or reading someone's blog to find out what was going on in the debate on certain issues. You had to wait, for news broadcasts or to get hold of a copy of a paper. Having someone get to know an individual who was an insider and to innocently ask some questions every now and then could actually pay dividends. And once an agency has already invested time and money training operatives, creating their legends and getting them into place, they're not going to just pull them out. They might be useful for something else later. This is type of work is like a marathon, not a sprint.
Re:why do the russians need to spy on microsoft? (Score:2, Insightful)
Absolutely. But SQL Server, Exchange Server, ConnectPoint, IIS, etc., would all be considered not part of the Windows 7 source code, yes?
Re:The reason this is an issue (Score:1, Insightful)
They won't be able to slip much past the massive peer review.
You mean the same "massive peer review" that stopped the OpenSSL bug that was committed by a Debian developer or the same review process that spotted the trojan in UnrealIRCD? Oh wait, it missed both of those things.
Re:why do the russians need to spy on microsoft? (Score:5, Insightful)
Speaking of paying attention, has he actually been formally accused of anything beyond immigration violations?
The story seems awfully speculative. Good on the feds for doing their diligence, but as far as I can tell, there's no hard evidence linking him to anything.
Re:Modern Spying (Score:3, Insightful)
i've seen news specials about this 20 years ago after the wall first fell. as soon as the warsaw pact fell apart the french and some of our allies started spying on us
Did they ever stop?
I've always assumed that every country spies on every other country, at least to some minimal extent.
Obviously, if you're the US, you don't commit a *lot* of resources to spying on, say, Canada. But there'd be at least a small team responsible. And in that Canadian Bacon movie, all the dirt they dug up on Canada came in handy.
It'd only be a matter of time anyhow though... apk (Score:1, Insightful)
"microsoft has freely given its source code to the kgb (rolls eyes):" - by circletimessquare (444983) > on Wednesday July 14, @02:51PM (#32904620) Homepage
Per my subject-line above: IF the Russians wanted to know the "ins-N-outs" of Windows code, in ANY version, they would do the same as guys like Dr. Mark Russinovich did prior to his actually working for Microsoft (while he was the co-coder for SysInternals/Winternals, alongside Bryce Cogswell) - they'd disassemble/debug it, & have their answers. From what I understand, Mark Russinovich did all he did figuring out the "Native Mode NT code" via this method and using what's provided in the Microsoft DDK (Device Driver Kit).
Sure, this'd take more time than having actual sourcecode in the language it's written in (for kernel level stuff, that'd be C &/or Assembly language (which is what the debug trace dumps would yield in the latter anyhow), & the rest of the OS in usermode would most likely be a lot of C++)), but the results would be the same anyhow...
Guys - it's NOT like the russians don't have the kind of coding talent necessary (far from it) for that to happen... & again, it'd only be a matter of time is all.
APK
P.S.=> I used to try to "obfuscate" code I wrote, & also use executable compressors too, to make this harder on others attempting to do this, but I soon found out "what's the point"? See, those same "reverse engineers" developed unpackers to stop that method of trying to "slow down" those trying to get at what your code's doing (e.g.-> Shrinker is now broken & can be "unshrunk", as a single example thereof, & it only took about 1.5 yrs. for such a tool like UnShrink to appear publicly online) too!
PLUS, you can always peer into that app's memory space via it's hWnd address in RAM, & see what's going on as well rather than toying with the .exe file on disk to get your answers also (Dr. Mark Russinovich's "Process Explorer" will do this very thing for you in fact as one of its options, for example)... apk