'Very High Level of Confidence' Russia Used Kaspersky Software For Devastating NSA Leaks (yahoo.com) 232
bricko shares a report from Yahoo Finance: Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers. In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.) And last week the Wall Street Journal reported that U.S. investigators "now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored." Members of the computer security industry agree with that suspicion. "I think there's a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky ... and it's very much attributable," David Kennedy, CEO of TrustedSec, told Yahoo Finance. "Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it's legitimate."
Kaspersky did their job (Score:5, Insightful)
If Kaspersky are indeed behind this, they are doing what their company is supposed to do: find malware and make it public. Without their help, NSA's malware would be still in the wild.
Re:Kaspersky did their job (Score:5, Insightful)
There's a difference between detecting malware running on the PCs that Kaspersky is protecting, and leveraging its presence on a PC in an intelligence agency's network to exfiltrate their little logic bombs. The first is entirely legitimate. The second... is espionage. I think it was Heinlein that said "Espionage is not immoral; everyone does it. But the cost for getting caught at it is very high." The cost to Kaspersky is likely to be very high indeed, whether someone at the company did it, or some Russian TLA inserted the code without their knowledge.
Kaspersky should have stuck to the first. Still, I wish they had let Stuxnet have its way with Iran's centrifuges for a few more years.
Re:Kaspersky did their job (Score:4, Insightful)
Except modern antivirus products use various algorithms to spot novel malware programs that it doesn't know yet as well as ones it has published signatures for. A program is a program. The antivirus software has no way to know the difference between a malware that has infected a computer and a malware that has been compiled by that computer's user. They were indeed doing their job. The fault lies with the NSA having antivirus software installed on a computer where they were developing viruses.
Re:Kaspersky did their job (Score:5, Informative)
The fault lies with the contractor who stole classified information, took it home, and put it on a personal computer where he had Kaspersky installed. I have a very hard time believing such actions to NOT be deliberate with the intention that the programs be scanned by Kaspersky, and possibly specifically by Kaspersky. I'm not saying Nghia Hoang Pho, 67, was flipped in his soviet client state homeland and sent to the US with specific pro-Russian instructions, but I mean, come on....
Re: (Score:3)
Re:Kaspersky did their job (Score:4, Informative)
Got a sample and reported back to their brand for that brands experts to the look over and warn the world about.
Thats what every good AV brands builds behavioral analysis into their AV products.
Behavioral analysis is what finds the new problems in the wild and protects the global community from new issues deep in an OS, network.
Detecting new malware and protecting the world from new malware is not "espionage"
Re: (Score:1, Insightful)
Russia has also been known to spread FUD over the internet via forums and posts. I think this is one of them. At this point, Kaspersky has been shown to be malicious and should be dropped from use with haste by everyone.
Re: Kaspersky did their job (Score:5, Funny)
Re: (Score:2)
Fine. I still don't want the FSB having access to my computer.
Re: (Score:2)
Everyone has something to hide.
Re: (Score:2)
Re: (Score:3, Insightful)
Yes, he ran against Hillary.
Re:Kaspersky did their job (Score:4, Insightful)
> And was publicly opposed by hundreds of prominent members of the GOP & the American Right, incl both Presidents Bush
That is quite a recommendation. No wonder he won.
Re:Kaspersky did their job (Score:5, Insightful)
Re:Kaspersky did their job (Score:5, Insightful)
Re: (Score:2)
Excellent comment!
If Bush 43, the fake good ole boy, is agin' it then I am for it.
Re:Kaspersky did their job (Score:5, Interesting)
Yet, in spite of the GOP abandoning him, he won the election. I think this can only be explained by some combination of Clinton being so obnoxious a choice that people couldn't bring themselves to case a ballot for her and Trump being quite crafty in his strategy.
Remember, both candidates knew that the popular vote didn't matter and both campaigned to win the EC.
For example, Trump didn't spend much time in California because there was no possibility he would win it and, if he did win it, it meant he didn't need it as the election would have been a landslide in his favor even without California's EC votes. Similarly, California voters who may have supported Trump had no reason to even bother to vote. In a liberal state like California, putting a Trump sticker on your car in an urban area was like putting a Goldwater sticker on your car in 1964 (I know, I lived there in Berkeley in 1964 and our family cars had Goldwater stickers on them -- those "tolerant liberals" were only tolerant of their own views - it really sucked being a small child and having your car windows spat on). Thus, most potential Trump voters in California didn't look around and see stickers and yard signs that would motivate them to vote.
Clinton, on the other hand did spend a bit of time in California -- mostly to raise money -- and putting a Clinton yard sign up or a Clinton sticker on your car was perfectly acceptable and wouldn't get you abused, so supporters did so. This inevitably garnered more support as sheeple looked around and saw only Clinton campaign signs and stickers and, being herd animals and tribal in nature, jumped on the bandwagon.
Do you want a President who ran their campaign so terribly that she paid for 3M votes that were obviously useless to her instead of buying a few hundred thousand which would have mattered? Her inability to administer her own campaign effectively and efficiently leaves little doubt that she would have been similarly incompetent as administrator of the country.
On the other hand, Trump is a horrible joke -- but fortunately he's doing a good job at his second most important responsibility - appointing Federal Judges that respect the rule of law and think politicians should make policy, not judges. This judicial legacy will long outlast his term as Federal Judges serve for life, His first most important responsibility is defense -- it's not clear how he will do on that as he's not been tested yet and I hope he's not.
Re: (Score:2, Insightful)
#1 Had no experience in law and could not answer what should be basic questions about legal proceedings
#2 Got America confused for a theocracy and had to be removed from office
So, blatant disrespect and/or ignorance of the law. The kind of people who need to be kept far, far away from positions of power.
Re: Kaspersky did their job (Score:4, Insightful)
Everything was apparently against Trump, yet he won. Just. The margin was so narrow that the Russian help from the stolen documents and massive social media trolling was vital in pushing him over the finish line first. Not that he colluded, no he would have been as oblivious to their help as he is to most things which don't have his name on.
Unfortunately, the Russians are unable to help him now he's president, and try as they might, his supporters are unable to stop everyone seeing his chaotic ignorant incompetence. All of which is great for his opponents, of which there are more and more, appalled at what he's doing to the USA and its reputation. At this rate, the GOP will lose its majority in Congress in November, if Trump lasts that long.
I hope his interview with Mueller is filmed. I want to see him squirm, as for possibly the first time in his life he is forced to tell the truth.
Re: (Score:2)
At this rate, the GOP will lose its majority in Congress in November, if Trump lasts that long.
Trump will remain in office until after January 20th, 2019.
That will allow Pence to run for reelection twice, since Pence will have been president for less than 2 years.
Very high level of confidence in TREASON (Score:3, Insightful)
Donald Trump is still shielding Russia from accountability for its multiple attacks on our country.
He won't even admit that Russia hacked into our election equipment!
Re:Very high level of confidence in TREASON (Score:4, Informative)
Where is this evidence? [nytimes.com]
The first attack, on Aug. 24, involved an attack on an American company "evidently to obtain information on elections-related software and hardware solutions."
That attack was most likely successful. The report said the G.R.U. used data most likely obtained from it to conduct the second set of attacks, a "voter registration themed spear-phishing campaign targeting U.S. local government organizations."
Specifically, it said, in late October or early November, the G.R.U. sent to 122 local elections officials emails designed to look as if they were from that company and containing attachments designed to look like an updated system manual and checklist. Opening the attachment would download malicious software from a remote server, the report said.
The report masked the name of the software vendor, referring to it as "U.S. Company 1," in keeping with standard minimization rules for intelligence reports based on surveillance. However, the report contained references to an electronic voter identification system used by poll workers and sold by VR Systems, a Florida company.
VR Systems' website said its products were used by jurisdictions in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia. In a statement, VR acknowledged that there had been a problem, while stressing that none of its products dealt with vote marking or tabulation. ...
Mr. Trump called for a crackdown in the context of leaks about what surveillance has shown about his own associatesâ(TM) contacts with Russian officials. The report Ms. Winner is accused of leaking, by contrast, focuses on pre-election hacking operations targeting voter registration databases and does not mention the Trump campaign.
Re: Very high level of confidence in TREASON (Score:2)
If the attack was successful, then it's the American company's fault for not better protecting. If you deal with government secrets, leaving them out in a bar for anyone to see is considered treasonous, not one of the many passer by that could copy and publish it.
How Kaspersky accidentally hacked the NSA (Score:3)
Bringing the thread back on topic, my experience at work shows how Kaspersky would have accidentally "hacked" this material.
For my day job I write software tools which scan networks, checking to see if any computers on the customers' network are vulnerable to any known vulnerabilities. Occasionally the antivirus/anti-malware that is mandated by corporate flags our on tools as likely malware. That makes sense, because our code looks a lot like malware code - we seek out vulnerable hosts, checking each to s
Re: (Score:2)
Eugene Kaspersky himself said that happened, and he told them to immediately delete all copies of the files.
Someone perhaps didn't?
Thanks. I probably wouldn't (Score:2)
> Eugene Kaspersky himself said that happened
Ah, thanks - I hadn't seen that. It certainly makes sense though - someone was trying to be safe by using Kaspersky, and Kaspersky was trying to do their job by taking notice of new malware on their customer's computer.
> and he told them to immediately delete all copies of the files.
> Someone perhaps didn't?
I'm not sure I would have deleted *all* copies if I were in that situation. :)
Re: (Score:2)
Found it.
https://www.theguardian.com/te... [theguardian.com]
Re: Thanks. I probably wouldn't (Score:2)
If my customer had multiple zero days, I'd look (Score:2)
If one of my customers' machines were infected with multiple new zero days, I'd expect to find more information about the infection, and maybe another zero-day or two, by looking in that folder. I'd "tell* the client-side agent to send me the entire folder. I'd be thinking "this customer is going to love me for finding this really nasty infection" and I'd get as much information about it as I could.
I've found a LOT of infected machines, mostly web servers, and I've never had a customer complain that I got
Re: (Score:2)
Assuming this was the attack vector...
The policy that would cause this to happen - without any malice by anyone, would be a rule that "all NSA desktops must have anti-malware installed", combined with choosing Kaspersky, a foreign company, as their vendor.
...and allowing the local Kaspersky server to talk to the mothership was a glaring mistake. The likes of the NSA ought be be able to use a virus scanner from any vendor and do so safely. If they're trying to make malware that products don't spot, then they need to run suites of all of the different vendors to try them out. If Kaspersky happened to get lucky, then good on 'em - the NSA sent them the data, they used it. Fair enough.
However, as someone pointed out above, t
Re: (Score:2)
If the attack was successful, then it's the American company's fault for not better protecting.
You sound certain of that. But there is no such thing as perfect security. Without technical details, there is no way to distinguish between a brilliant attack and negligence.
If you deal with government secrets
Be careful with that idea...
leaving them out in a bar for anyone to see is considered treasonous
...because this only applies to classified material.
Also, it's not treason. Things don't automatically become treason because the government is especially inconvenienced.
Finally, I doubt that voting machine designs could even be classified in the first place. There are specific types of information which are
Re: (Score:3)
In computer security, if your security is weak enough it becomes a "public unsecured server". Eg. anything you find through Shodan is imho a "public unsecured server" because a search engine can find it.
Re:Very high level of confidence in TREASON (Score:5, Informative)
That is not evidence of Trump trying to shield Russia. That is evidence of Trump trying to enforce the nation's anti-espionage laws, although he still has a long way to go before he equals Obama's record for prosecuting alleged leakers.
Do you have video of Trump talking to Russia's president or prime minister, saying something like "after my election, I have more flexibility", and asking that the message be carried to Vladimir Putin? Did Trump's DOJ hide an investigation into Russian bribes and similar corruption among uranium dealers until after Trump's State Department approved the sale of something like 20% of America's uranium reserves to a Russian company?
If you substitute "Obama" for "Trump" in those questions, the answer to both is "yes".
But that's a narrative that you won't hear from Los Tiempos de Nuevo York.
Re: (Score:2)
So your answer to my question -- do you have evidence that Trump offered things to the Russian government, or that his administration actually did things to shield Russia from sanctions or prosecution -- is apparently "no". I gave those as examples of things that I would accept as clear evidence of improper "collusion", not as "whataboutism".
Re: (Score:1)
But dude, they spend $1.97 showing ad for the 'Buff Bernie' coloring book. 848 people saw it!
https://www.politico.com/story... [politico.com]
'Buff Bernie' coloring book
This ad promoted a coloring book called "Buff Bernie," filled with "very attractive doodles of Bernie Sanders in muscle poses." It added that "I've recently heard some hateful comments from the Hillary supporters about Bernie Sanders and his supporters" - language aimed at stirring up the kinds of intra-party divisions that would later flare after the first release of Russian-hacked Democratic Party documents during the summer of 2016.
Posted on: LBGT United group on Facebook
Created: March 2016
Targeted: People ages 18 to 65+ in the United States who like "LGBT United"
Results: 848 impressions, 54 clicks
Ad spend: 111.49 rubles ($1.92)
Re: (Score:2)
Oh no! That does it! Russia must go DOWN! On what ever the latest sewn on body part is!
Re: (Score:2)
There's a definite smell of vodka about you, Hal_Porter
Whatever makes you think that?
https://slashdot.org/comments.... [slashdot.org]
Re: (Score:2)
Interesting you should pick the lowest amount reported, $1.97. What about all the rest? Of course Facebook and Twitter haven't finished their reluctant search for secret Russian spending.
I highly doubt they will until Trumps term has expired. Unless there isn't one if theirs elected.
Re: (Score:3, Interesting)
.
Peek-a-boo - I see you, paid "intelligence community trolls with mod points". A big FU to lying t
Re:Very high level of confidence in TREASON (Score:5, Funny)
Where's the evidence of this?
Re: (Score:2)
Re: (Score:2)
No. You don't let that pass for accusations against Kaspersky; thus there's not reason to let that pass here.
Who? What? When? How? Be specific.
You can't even name the accounts doing the modding. Instead, it's simply "trust me." Well, having learned from you, I won't. Provide proof.
Re: (Score:2)
TLA's are here and are "controlling the narrative" - but failing. We know there's no other reason to call a legit request for "how you know what you claim" as trolling.
I'm not particularly surprised by the lack of public evidence. Classified computer systems aren't going to be passed around for inspection. Do you really expect to see logs or forensic results from a classified system? You're demanding something that will never be forthcoming, and, in fact, may be illegal to release. From day one, the entire Kaspersky investigation was destined to land in "trust us" territory. There is no other way it could play out.
You think the Russians are doing all the badware on earth?
Since the article is about leaked NSA malware, I don't eve
Re: (Score:2)
Re: (Score:3)
Its not that its hard, It is not allowed. The current situation in politics shows clearly. If you think for yourself you are the enemy. And it seems so on both sides. One more than the other by quite a bit. Who needs evidence when you can FEEL it? Because feelings are so much better than thoughts.
Been using Kaspersky for years, its gotten worse (Score:5, Interesting)
Had my new Win10 machine, decided to put the latest version on. Kas put a man in the middle SSL scanner so it could scan SSL streams. After I told it not too and even disabled it, it still tried to scan all my SSL traffic and would block my browser. It just would not leave my SSL traffic alone even after specifically disabling web protection. This was the scanner only, i did not install the full protection suite.
So I uninstalled it. Rebooted, and it still left the SSL middleware installed. WTF is this amateur behavior at Kaspersky.
No idea wtf is going over there at Kaspersky, but its gone to hell. I don't care if one of the fastest, very low cpu usage, and great anti-virus detection. These stupid games like MITM SSL without my permission is downright unforgivable.
Re: (Score:2)
Oh fuck off (Score:2, Insightful)
Stop smearing Kaspersky, it's the only company not in bed with the NSA.
Shit probably got stolen by one of the 50 Intel backdoors anyway.
"High level of confidence" means "We got nothing but we'll smear someone anyway"
Re: (Score:2)
However, Kaspersky was in bed with Sony, not detecting their rootkit.
Re: (Score:2)
The OP specifically turned off the "web protection" (which should have stopped the program scanning web traffic, encrypted or otherwise)
Re: (Score:2)
So, you installed just the web protection and then disabled the SSL traffic scanner? Even though 50% of traffic is encrypted now?
Financial and health data is among the SSL-encrypted traffic. If you don't want something seeing those things, then you either need to exempt your bank/healthcare sites or disable the SSL scanner entirely. Enterprise proxies usually offer this out of the box---most US organizations will not decrypt traffic to these destinations.
And besides, it's up to him as to whether he wants SSL decryption at all. The feature should be configurable.
Odds are good that you disabling the SSL middleware means the uninstaller didn't realize it was there and didn't uninstall it.
Shit application, shit installer. There is no reason an application canno
I believe it and so should you (Score:2, Insightful)
Re: I believe it and so should you (Score:1)
Trust is earned, not owed.
Re: I believe it and so should you (Score:2)
Re: (Score:2)
There is no reason to doubt our esteemed intelligence community. When they implore us to trust them because the evidence is too dangerous to show to the public, it is every patriotic citizen's duty to trust them. Spies are lurking in every corner, even on our beloved Slashdot, so we must remain vigilant against efforts to undermine faith in government. Faith keeps us strong, strength crushes enemies. Have faith.
That's a very valid concern.
But also consider the other side. A few months ago Trump bragged to the Russian Ambassador about getting intelligence about a laptop bombing plot out of a specific city in Syria [independent.co.uk]. That initial leak basically led to the entire operation being exposed (and the Israeli bug being useless).
Now consider the NSA. How do they know about the Russian's using Kaspersky? Is it a mole in Kaspersky? A mole in Russian intelligence? A backdoor into Kaspersky or Russian intelligence? They hacked s
Re: I believe it and so should you (Score:3)
In computer security any lack of "intelligence" makes the issue at hand usable by anyone from a 10 year old in their moms basement to any government, friendly or not and it also affects everyone.
Hence why we WANT the FBI/NSA to publish these issues because today it's some low level NSA rent-a-coder being hacked, tomorrow it's the nuclear arsenal or the economy or some other government agency because even other parts of the government doesn't get to know these details, there is no "secret patch list".
Re: I believe it and so should you (Score:2)
"Israel was later named as the source of the intelligence in US media reports."
I bet it was Fox News because they love Russia. Your article also presents evidence that H.R. McMaster is one of those Russian moles you memtioned:
At the time, US National Security Adviser H R McMaster said the President âoewasnâ(TM)t even aware where this information came fromâ and âoewasnâ(TM)t briefed on the sources and methodsâ. âoeAt no time were intelligence sources or methods discussed,â he said. âoeThe President did not disclose any military operations that were not already publicly known... I was in the room. It didnâ(TM)t happen.â
There are some guys in the intelligence community we absolutely must trust, but this guy isn't one of them.
Zero evidence = No case (Score:2, Insightful)
Mic drop.
Re: Zero evidence = No case (Score:2)
Re: (Score:2)
Re: (Score:2)
lolz... exactly. :)
Re: (Score:2)
Because intelligence agencies are famous for publishing their sources and methods.
Re: (Score:2)
So, you then believe anything else unconfirmed sources in the CIA have said.
What is more, the evidence for this should be in the AV. There should be private IT establishments that should know as well.
What you're asking is for people to listen and believe despite there being no evidence of anything. At the very least you should concede that you don't have anything anyone can really rely on and that you have to have empathy for people that don't find it credible.
To say I must believe this despite really no ev
Re: (Score:3)
Cite it. If it is so obvious and so abundant... Cite it.
If you had a case, they'd go to court with it. No one is taking them to court... because there is no evidence.
Prove me wrong or you'll prove me right... right now.
Re: (Score:3)
Re: (Score:2)
He's all talk. There are loads of these guys. They all repeat the same garbage, know nothing, read nothing, have no integrity... they're trash.
Amazing (Score:5, Insightful)
Re: (Score:1)
The amazing part is that someone actually runs a closed source virus suite....
You could have stopped right there, and we would have been in complete agreement.
Re: (Score:3)
Did you send a patch ? (Score:2)
grep for operations that copy memory, then laugh at their complete failure when doing what should be simple arithmetic. mem corruption and memory leaks everwhere (read: code execution).
Fine, and did you send them a patch to fix the problems ? or at least submit an issue on their tracker ?
Re:Amazing (Score:5, Insightful)
Re: (Score:3)
... and if I knew that the NSA was using some spyware brand to spy on me I wouldn't buy that either. I don't understand the point of your post. Even if you think the NSA is more likely to be damaging to you than the FSB, that doesn't mean I want the FSB to have access to my computer. One criminal organization may be more likely to cause me damage than another, but that doesn't mean I want the second one in my house.
Re: (Score:3)
Except the Russian AV software doesn't mind catching NSA spyware. The American AV doesn't mind catching FSB spyware. People who live within the FSB's jurisdiction should use American AV software.
If you have to give one of them six lines written by you, give them to the one that doesn't have jurisdiction over you.
Re: (Score:2)
That's a very strange argument you're putting forward there. You're saying that you are okay with allowing security holes in your computer because you trust one government less than another one.
Fine, but what about the fact that you are allowing known security holes to remain active on your computer? Are you really so confident that (a) the Russians will never use them [rferl.org] to e.g. drain your bank/credit card accounts, and (b) no other parties will ever exploit them to do the same, with or without the Russians
Re: (Score:1)
I have no doubt that US AV software does the same thing, I know that the NSA is spying on me, being in one of the 5 eyes countries I assume all my data is being shared with my government. I'd rather have Russia spying on my personal info at home rather than my own government. My own government can use it against me - the Russians not so much.
Re: (Score:2)
A good AV product would have then uploaded it to its brand. The company of global experts in a nation like the USA, Japan, Czech Republic, Germany, Romania, Slovakia, Spain would have seen the new code too?
What happened to all the code detected by other really new, advance and quality AV brands?
They do well in behavioral analysis review and tests over the years too... ?
Did they not have the OS skill needed t
Re: (Score:3)
Re: (Score:2)
Who should I be more afraid of, a foreign government, or the one that could kick in my door?
Never Mind All That... (Score:3, Insightful)
...What I want to know are the names of the people responsible for running a foreign COTS A/V on 'net-connected PCs and placing Classified/Top Secret data on those computers and what legal actions/charges are pending against them, and if no legal actions/charges are pending and/or they refuse to identify who they are, why not.
*THOSE* are the questions we should be asking very, very loudly and demanding and the people who should be spending time at Club Fed. Given that level of cavalier handling of such highly-classified and top-secret data, Kaspersky/Putin/FSB et al were likely the very LAST bad-actors to get the data.
How about we figure out how to plug the hole in the lifeboat first before we start holding hearings on where to place the blame?
Strat
Re: (Score:3)
Re: (Score:2)
It was an NSA guy who illegally took stuff home. Since "no intent" is currently a defense in the just-us system, no one wants to talk about it or prosecute the guy.
I believe they won't prosecute this guy because it will bring to light the fact that the leaks didn't occur through him and that this is another REEEE!!! Russia!!! REEEE!!! propaganda story.
Strat
Re: (Score:2)
Are you saying that the classified material wound up on his computer by accident? He had intent to put the classified stuff on an unsecured system, and therefore will be prosecuted.if he doesn't plead guilty first.
Re: (Score:2)
motivation ? (Score:2, Offtopic)
Looking only at motivation, one must note that Kaspersky was a financially successful company with a bright future in an increasingly critical industry. They owed that to a growing reputation (and a lowered reputation for some competitors). What incentive would motivate them to sell out to any government? The only thing I can think of is (1) A death threat, or (2) a greater amount of money than their expected future profits. I doubt either 1 or 2 and I think it illogical for Kaspersky to break trust that wa
Re: (Score:2)
You think that (1) or (2) is unlikely? Both seem highly plausible. I mean, Putin kills people in Britain and elsewhere. I think he can make a Russian programmer one building over disappear. And Russia has a fuckton of money. More than enough to have a programmer or two retire early and it to be a rounding error's rounding error.
So, what steps? (Score:5, Insightful)
.
Not only were there the usual viruses associated with stolen code from MS, but also this stuff from NSA which was picked up as it had the signature of a nasty - because it IS. If the Russians got ahold of it because they had already penetrated Kaspersky...then Kaspersky didn't actually do this - they were an unwitting "useful idiot" at most.
But we have to hate them? Want to bet that's because they refused to back down about putting bugs into their code to "not notice" TLA code, when all other AV's agreed to do that?
.
OK Occam's razor - find another reason that makes sense all around. GoodLuckWithThat. I've yet to see reasonable evidence that the shadow brokers are even russian - they might be, but who knows? Attribution is hard. CIA's leaked tools show their tricks for leaving a false trail, for example (and this is yet another reason not to give any of these guys an encryption backdoor they promise to keep safe - they can't even keep their own stuff safe).
Re: So, what steps? (Score:4, Funny)
* Security through obscurity doesn't work * (Score:1)
I refuse to install more propitiatory crapware on my computers. I've got enough of it as it is at low levels. We need to cut the crap out and move away from Intel/AMD and other chipsets from companies that won't provide a *complete* set of source code. None of this "open source" non-sense where you only provide half the code or some code wrapped around a proprietary blob. No. I want a *COMPLETE* set of source code that is needed to operate the device. It blows my mind countries don't mandate in law that a
Are you sure? (y/N) (Score:3)
Are these the same sources that attributed the Mirai botnet to Russia-sponsored actors?
We don't have a good track record of attributing these actions of late.
Fixed it for you... (Score:2)
Are you sure? (y/Y)
It's possible and not very surprising (Score:2)
Levels of confidence (Score:2)
I remember a militaristic superpower lying to its own citizens about hidden weapons, metal tubes, babies being pulled from incubators, etc all to start a $1T+ war. Same guys.
Show me proof or fuck off.
"exfiltrate classified documents?" (Score:3)
In a properly run secure computing facility, classified materials are NEVER, EVER allowed to exist on computers connected to insecure networks. That's not a suggestion, that's a formal requirement, at least for the programs I used to work on. OS updates, antivirus software, everything was air-gapped from the Internet. No exceptions. For the exfiltration to happen as described, the NSA must be routinely violating basic infosec procedures in ways that would get any contractor fired, fined, and possibly imprisoned.
Re: (Score:2)
Re: (Score:2)
Very embarrassing for Obama and the Democrats.
Haha.
Is it fair to hold your CEO accountable for every action you or even your team takes at your job? Sure, sometimes you do something because of a policy or general culture set by upper management, but sometimes you take a course of action because that simply what you wanted to do.
Not everything that a Federal Government does during an administration is the direct responsibility of the administration and/or ruling party.
Re: (Score:2)
Unless that thing supports a particular narrative, in which case it "starts at the top".
Re: (Score:3)
The surprise is they're running Windows and not some hardened Linux or an OS written by Canadian hacker Theo de RaaBSD
Re: (Score:2)
Who knows what NSA work looks like when its still been created?
Good behavioral analysis by any quality AV would see a change to the OS, new code, strange code in a new place and report it as it would any new malware.
Re: (Score:2)
You can't just copy secret material to your home laptop and take it to a bar to work on it. There are strict controls in place
Those controls are enacted by humans, who can either accidentally or intentionally work around the controls.
"Don't copy this to a CD and walk out of the SCIF" is such a control. That control is not infallible. [wikipedia.org]
Re: (Score:2)
Pho is facing 10 years for copying that information. Yes, there are rules and procedures---and he broke them. No sympathy, really.
So how can Russia use software that isn't supposed to be exposed to secret information, to steal secret information?
Did you miss the part where a dumbass contractor copied the files and then put them on his computer at home? It was a courier delivery by Air Retard.