'Very High Level of Confidence' Russia Used Kaspersky Software For Devastating NSA Leaks (yahoo.com) 134
bricko shares a report from Yahoo Finance: Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers. In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.) And last week the Wall Street Journal reported that U.S. investigators "now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored." Members of the computer security industry agree with that suspicion. "I think there's a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky ... and it's very much attributable," David Kennedy, CEO of TrustedSec, told Yahoo Finance. "Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it's legitimate."
There's a difference between detecting malware running on the PCs that Kaspersky is protecting, and leveraging its presence on a PC in an intelligence agency's network to exfiltrate their little logic bombs. The first is entirely legitimate. The second... is espionage. I think it was Heinlein that said "Espionage is not immoral; everyone does it. But the cost for getting caught at it is very high." The cost to Kaspersky is likely to be very high indeed, whether someone at the company did it, or some Russian TLA inserted the code without their knowledge.
Kaspersky should have stuck to the first. Still, I wish they had let Stuxnet have its way with Iran's centrifuges for a few more years.
Except modern antivirus products use various algorithms to spot novel malware programs that it doesn't know yet as well as ones it has published signatures for. A program is a program. The antivirus software has no way to know the difference between a malware that has infected a computer and a malware that has been compiled by that computer's user. They were indeed doing their job. The fault lies with the NSA having antivirus software installed on a computer where they were developing viruses.
The fault lies with the contractor who stole classified information, took it home, and put it on a personal computer where he had Kaspersky installed. I have a very hard time believing such actions to NOT be deliberate with the intention that the programs be scanned by Kaspersky, and possibly specifically by Kaspersky. I'm not saying Nghia Hoang Pho, 67, was flipped in his soviet client state homeland and sent to the US with specific pro-Russian instructions, but I mean, come on....
Got a sample and reported back to their brand for that brands experts to the look over and warn the world about.
Thats what every good AV brands builds behavioral analysis into their AV products.
Behavioral analysis is what finds the new problems in the wild and protects the global community from new issues deep in an OS, network.
Russia has also been known to spread FUD over the internet via forums and posts. I think this is one of them. At this point, Kaspersky has been shown to be malicious and should be dropped from use with haste by everyone.
Fine. I still don't want the FSB having access to my computer.
Yes, he ran against Hillary.
> And was publicly opposed by hundreds of prominent members of the GOP & the American Right, incl both Presidents Bush
That is quite a recommendation. No wonder he won.
Yet, in spite of the GOP abandoning him, he won the election. I think this can only be explained by some combination of Clinton being so obnoxious a choice that people couldn't bring themselves to case a ballot for her and Trump being quite crafty in his strategy.
Remember, both candidates knew that the popular vote didn't matter and both campaigned to win the EC.
Very high level of confidence in TREASON (Score:4, Insightful)
Donald Trump is still shielding Russia from accountability for its multiple attacks on our country.
He won't even admit that Russia hacked into our election equipment!
Where is this evidence? [nytimes.com]
The first attack, on Aug. 24, involved an attack on an American company "evidently to obtain information on elections-related software and hardware solutions."
That attack was most likely successful. The report said the G.R.U. used data most likely obtained from it to conduct the second set of attacks, a "voter registration themed spear-phishing campaign targeting U.S. local government organizations."
Specifically, it said, in late October or early November, the G.R.U. sent to 122 local elections officials emails designed to look as if they were from that company and containing attachments designed to look like an updated system manual and checklist. Opening the attachment would download malicious software from a remote server, the report said.
The report masked the name of the software vendor, referring to it as "U.S. Company 1," in keeping with standard minimization rules for intelligence reports based on surveillance. However, the report contained references to an electronic voter identification system used by poll workers and sold by VR Systems, a Florida company.
VR Systems' website said its products were used by jurisdictions in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia. In a statement, VR acknowledged that there had been a problem, while stressing that none of its products dealt with vote marking or tabulation.
...
Mr. Trump called for a crackdown in the context of leaks about what surveillance has shown about his own associatesâ(TM) contacts with Russian officials. The report Ms. Winner is accused of leaking, by contrast, focuses on pre-election hacking operations targeting voter registration databases and does not mention the Trump campaign.
If the attack was successful, then it's the American company's fault for not better protecting. If you deal with government secrets, leaving them out in a bar for anyone to see is considered treasonous, not one of the many passer by that could copy and publish it.
How Kaspersky accidentally hacked the NSA (Score:2)
Bringing the thread back on topic, my experience at work shows how Kaspersky would have accidentally "hacked" this material.
For my day job I write software tools which scan networks, checking to see if any computers on the customers' network are vulnerable to any known vulnerabilities. Occasionally the antivirus/anti-malware that is mandated by corporate flags our on tools as likely malware. That makes sense, because our code looks a lot like malware code - we seek out vulnerable hosts, checking each to s
Eugene Kaspersky himself said that happened, and he told them to immediately delete all copies of the files.
Someone perhaps didn't?
Thanks. I probably wouldn't (Score:2)
> Eugene Kaspersky himself said that happened
Ah, thanks - I hadn't seen that. It certainly makes sense though - someone was trying to be safe by using Kaspersky, and Kaspersky was trying to do their job by taking notice of new malware on their customer's computer.
> and he told them to immediately delete all copies of the files.
> Someone perhaps didn't?
I'm not sure I would have deleted *all* copies if I were in that situation.
:)
Found it.
https://www.theguardian.com/te... [theguardian.com]
That is not evidence of Trump trying to shield Russia. That is evidence of Trump trying to enforce the nation's anti-espionage laws, although he still has a long way to go before he equals Obama's record for prosecuting alleged leakers.
Do you have video of Trump talking to Russia's president or prime minister, saying something like "after my election, I have more flexibility", and asking that the message be carried to Vladimir Putin? Did Trump's DOJ hide an investigation into Russian bribes and similar corruption among uranium dealers until after Trump's State Department approved the sale of something like 20% of America's uranium reserves to a Russian company?
If you substitute "Obama" for "Trump" in those questions, the answer to both is "yes".
But that's a narrative that you won't hear from Los Tiempos de Nuevo York.
But dude, they spend $1.97 showing ad for the 'Buff Bernie' coloring book. 848 people saw it!
https://www.politico.com/story... [politico.com]
'Buff Bernie' coloring book
This ad promoted a coloring book called "Buff Bernie," filled with "very attractive doodles of Bernie Sanders in muscle poses." It added that "I've recently heard some hateful comments from the Hillary supporters about Bernie Sanders and his supporters" - language aimed at stirring up the kinds of intra-party divisions that would later flare after the first release of Russian-hacked Democratic Party documents during the summer of 2016.
Posted on: LBGT United group on Facebook
Created: March 2016
Targeted: People ages 18 to 65+ in the United States who like "LGBT United"
Results: 848 impressions, 54 clicks
Ad spend: 111.49 rubles ($1.92)
Oh no! That does it! Russia must go DOWN! On what ever the latest sewn on body part is!
.
Where's the evidence of this?
No. You don't let that pass for accusations against Kaspersky; thus there's not reason to let that pass here.
Who? What? When? How? Be specific.
You can't even name the accounts doing the modding. Instead, it's simply "trust me." Well, having learned from you, I won't. Provide proof.
Re: (Score:2)
Its not that its hard, It is not allowed. The current situation in politics shows clearly. If you think for yourself you are the enemy. And it seems so on both sides. One more than the other by quite a bit. Who needs evidence when you can FEEL it? Because feelings are so much better than thoughts.
The surprise is they're running Windows and not some hardened Linux or an OS written by Canadian hacker Theo de RaaBSD
Been using Kaspersky for years, its gotten worse (Score:5, Interesting)
Had my new Win10 machine, decided to put the latest version on. Kas put a man in the middle SSL scanner so it could scan SSL streams. After I told it not too and even disabled it, it still tried to scan all my SSL traffic and would block my browser. It just would not leave my SSL traffic alone even after specifically disabling web protection. This was the scanner only, i did not install the full protection suite.
So I uninstalled it. Rebooted, and it still left the SSL middleware installed. WTF is this amateur behavior at Kaspersky.
No idea wtf is going over there at Kaspersky, but its gone to hell. I don't care if one of the fastest, very low cpu usage, and great anti-virus detection. These stupid games like MITM SSL without my permission is downright unforgivable.
Oh fuck off (Score:1)
Stop smearing Kaspersky, it's the only company not in bed with the NSA.
Shit probably got stolen by one of the 50 Intel backdoors anyway.
"High level of confidence" means "We got nothing but we'll smear someone anyway"
There is no reason to doubt our esteemed intelligence community. When they implore us to trust them because the evidence is too dangerous to show to the public, it is every patriotic citizen's duty to trust them. Spies are lurking in every corner, even on our beloved Slashdot, so we must remain vigilant against efforts to undermine faith in government. Faith keeps us strong, strength crushes enemies. Have faith.
That's a very valid concern.
But also consider the other side. A few months ago Trump bragged to the Russian Ambassador about getting intelligence about a laptop bombing plot out of a specific city in Syria [independent.co.uk]. That initial leak basically led to the entire operation being exposed (and the Israeli bug being useless).
Now consider the NSA. How do they know about the Russian's using Kaspersky? Is it a mole in Kaspersky? A mole in Russian intelligence? A backdoor into Kaspersky or Russian intelligence? They hacked s
In computer security any lack of "intelligence" makes the issue at hand usable by anyone from a 10 year old in their moms basement to any government, friendly or not and it also affects everyone.
Hence why we WANT the FBI/NSA to publish these issues because today it's some low level NSA rent-a-coder being hacked, tomorrow it's the nuclear arsenal or the economy or some other government agency because even other parts of the government doesn't get to know these details, there is no "secret patch list".
"Israel was later named as the source of the intelligence in US media reports."
I bet it was Fox News because they love Russia. Your article also presents evidence that H.R. McMaster is one of those Russian moles you memtioned:
At the time, US National Security Adviser H R McMaster said the President âoewasnâ(TM)t even aware where this information came fromâ and âoewasnâ(TM)t briefed on the sources and methodsâ. âoeAt no time were intelligence sources or methods discussed,â he said. âoeThe President did not disclose any military operations that were not already publicly known... I was in the room. It didnâ(TM)t happen.â
There are some guys in the intelligence community we absolutely must trust, but this guy isn't one of them.
Cite it. If it is so obvious and so abundant... Cite it.
If you had a case, they'd go to court with it. No one is taking them to court... because there is no evidence.
Prove me wrong or you'll prove me right... right now.
Re: (Score:2)
lolz... exactly.
:)
Amazing (Score:5, Insightful)
The amazing part is that someone actually runs a closed source virus suite....
You could have stopped right there, and we would have been in complete agreement.
... and if I knew that the NSA was using some spyware brand to spy on me I wouldn't buy that either. I don't understand the point of your post. Even if you think the NSA is more likely to be damaging to you than the FSB, that doesn't mean I want the FSB to have access to my computer. One criminal organization may be more likely to cause me damage than another, but that doesn't mean I want the second one in my house.
Except the Russian AV software doesn't mind catching NSA spyware. The American AV doesn't mind catching FSB spyware. People who live within the FSB's jurisdiction should use American AV software.
If you have to give one of them six lines written by you, give them to the one that doesn't have jurisdiction over you.
I have no doubt that US AV software does the same thing, I know that the NSA is spying on me, being in one of the 5 eyes countries I assume all my data is being shared with my government. I'd rather have Russia spying on my personal info at home rather than my own government. My own government can use it against me - the Russians not so much.
A good AV product would have then uploaded it to its brand. The company of global experts in a nation like the USA, Japan, Czech Republic, Germany, Romania, Slovakia, Spain would have seen the new code too?
What happened to all the code detected by other really new, advance and quality AV brands?
They do well in behavioral analysis review and tests over the years too... ?
Never Mind All That... (Score:2, Offtopic)
...What I want to know are the names of the people responsible for running a foreign COTS A/V on 'net-connected PCs and placing Classified/Top Secret data on those computers and what legal actions/charges are pending against them, and if no legal actions/charges are pending and/or they refuse to identify who they are, why not.
*THOSE* are the questions we should be asking very, very loudly and demanding and the people who should be spending time at Club Fed. Given that level of cavalier handling of such high
It was an NSA guy who illegally took stuff home. Since "no intent" is currently a defense in the just-us system, no one wants to talk about it or prosecute the guy.
I believe they won't prosecute this guy because it will bring to light the fact that the leaks didn't occur through him and that this is another REEEE!!! Russia!!! REEEE!!! propaganda story.
motivation ? (Score:2, Offtopic)
Looking only at motivation, one must note that Kaspersky was a financially successful company with a bright future in an increasingly critical industry. They owed that to a growing reputation (and a lowered reputation for some competitors). What incentive would motivate them to sell out to any government? The only thing I can think of is (1) A death threat, or (2) a greater amount of money than their expected future profits. I doubt either 1 or 2 and I think it illogical for Kaspersky to break trust that wa
You think that (1) or (2) is unlikely? Both seem highly plausible. I mean, Putin kills people in Britain and elsewhere. I think he can make a Russian programmer one building over disappear. And Russia has a fuckton of money. More than enough to have a programmer or two retire early and it to be a rounding error's rounding error.
So, what steps? (Score:4, Interesting)
.
Not only were there the usual viruses associated with stolen code from MS, but also this stuff from NSA which was picked up as it had the signature of a nasty - because it IS. If the Russians got ahold of it because they had already penetrated Kaspersky...then Kaspersky didn't actually do this - they were an unwitting "useful idiot" at most.
But we have to hate them? Want to bet that's because they refused to back down about putting bugs into their code to "not notice" TLA code, when all other AV's agreed to do that?
.
OK Occam's razor - find another reason that makes sense all around. GoodLuckWithThat. I've yet to see reasonable evidence that the shadow brokers are even russian - they might be, but who knows? Attribution is hard. CIA's leaked tools show their tricks for leaving a false trail, for example (and this is yet another reason not to give any of these guys an encryption backdoor they promise to keep safe - they can't even keep their own stuff safe).
* Security through obscurity doesn't work * (Score:1)
I refuse to install more propitiatory crapware on my computers. I've got enough of it as it is at low levels. We need to cut the crap out and move away from Intel/AMD and other chipsets from companies that won't provide a *complete* set of source code. None of this "open source" non-sense where you only provide half the code or some code wrapped around a proprietary blob. No. I want a *COMPLETE* set of source code that is needed to operate the device. It blows my mind countries don't mandate in law that a
Problem (Score:1)
Here's the problem with almost all of these accusations:
You can't just copy secret material to your home laptop and take it to a bar to work on it. There are strict controls in place, including what software can be installed on the machine. Kaspersky is not on that list, and has never been as far as i'm aware.
So how can Russia use software that isn't supposed to be exposed to secret information, to steal secret information?
Who knows what NSA work looks like when its still been created?
Good behavioral analysis by any quality AV would see a change to the OS, new code, strange code in a new place and report it as it would any new malware.
Are you sure? (y/N) (Score:2)
Are these the same sources that attributed the Mirai botnet to Russia-sponsored actors?
We don't have a good track record of attributing these actions of late.
Fixed it for you... (Score:2)
Are you sure? (y/Y)
Fake News (Score:1)
Very embarrassing for Obama and the Democrats.
Haha.
Is it fair to hold your CEO accountable for every action you or even your team takes at your job? Sure, sometimes you do something because of a policy or general culture set by upper management, but sometimes you take a course of action because that simply what you wanted to do.
Not everything that a Federal Government does during an administration is the direct responsibility of the administration and/or ruling party.
Unless that thing supports a particular narrative, in which case it "starts at the top".