Slashdot Mirror

← Back to Stories (view on slashdot.org)

Officials Fear Russia Could Try To Target United States Through Kaspersky AV (go.com)

Posted by msmash on from the growing-fear dept.

Russia's growing aggression toward the United States has deepened concerns among U.S. officials that Russian spies might try to exploit one of the world's most respected cybersecurity firms to snoop on Americans or sabotage key U.S. systems, according to an ABC News investigation. From the report: Products from the company, Kaspersky Lab, based in Moscow, are widely used in homes, businesses and government agencies throughout the United States, including the Bureau of Prisons. Kaspersky Lab's products are stocked on the shelves of Target and Best Buy, which also sells laptops loaded by manufacturers with the firm's anti-virus software. But in a secret memorandum sent last month to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions, the Senate Intelligence Committee raised possible red flags about Kaspersky Lab and urged the intelligence community to address potential risks posed by the company's powerful market position. "This [is an] important national security issue," declared the bipartisan memorandum, described to ABC News by congressional sources.

28 of 173 comments (clear)

  1. What makes you think they aren't already doing it? by Anonymous Coward · · Score: 5, Interesting

    LOL,wait, there are people who think Kasperesky isn't compromised? ROFL. Using a respected and renowned cybersecurity first to as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

  2. "Russia's growing aggression toward the USA..." by Archtech · · Score: 4, Insightful

    https://socioecohistory.files....

    --
    I am sure that there are many other solipsists out there.
    1. Re:"Russia's growing aggression toward the USA..." by LordWabbit2 · · Score: 2, Interesting

      Remember, he controls the Russian media.

      And your media is all squeaky clean and above board?
      I would hold Russia Today in higher regard than ANY of the USA propaganda... I mean media outlets, thank your very much.

      That being said I think they are all tools of their respective governments, and they ALL lie!
      The days of honest reporting are long gone.

      --
      There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    2. Re:"Russia's growing aggression toward the USA..." by Archtech · · Score: 2

      That's cute, but have you heard about Russian propaganda about the US?

      Could you supply any specific examples? Preferably with URLs.

      --
      I am sure that there are many other solipsists out there.
  3. They're really pushing the Russia narrative HARD. by sethstorm · · Score: 2

    Russia this, Russia that - seems like the left really fears them for something despite being Soviet themselves.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
  4. Does this mean that the US has compromised US AV? by ESarge · · Score: 2

    I remember when much the same concerns were raised about Chinese networking equipment. (If memory serves, being supplied into a large project in Australia).
    This was before the Snowden revelations.

    So, we now know that really what they were doing was preserving the supply of US networking equipment that could be pwned.

    Thus, one wonders if the same thing is happening here?

  5. McCarthy AV by lactose99 · · Score: 5, Funny

    Are you now or have you ever been a member of Kapersky Lab?

    --
    Fully licensed blockchain psychiatrist
    1. Re: McCarthy AV by geek · · Score: 2

      Most of Kaspersky labs work out if the U.K. Anyway. But OMGZ DA RUSSIANS

  6. American companies in Russia? by Anonymous Coward · · Score: 5, Insightful

    And what about Microsoft, Apple, Google? Should Russia fear all these companies as well and ban them?

  7. Re:What makes you think they aren't already doing by Anonymous Coward · · Score: 5, Insightful

    LOL,wait, there are people who think Kasperesky isn't compromised? ROFL. Using a respected and renowned cybersecurity first to as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

    Also, are there people who think Microsoft isn't compromised? ROFL. Using an operating system with the highest market share as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

  8. Re:Like our Cisco network equipment by TWX · · Score: 3, Informative

    Chips?

    Most of the Catalyst switches are made in China. The 2960 series, 3560 series, 3600 series, 3750 series, and 3800 series are all made in China. The 4500 series are made in Mexico. You'd be hard-pressed to find a conventional L3 switch not manufactured outside of the United States, and I would be amazed if any L2 switches are made in the US.

    --
    Do not look into laser with remaining eye.
  9. Re:Kapersky? Most respected cybersecurity firms? by Killall+-9+Bash · · Score: 4, Insightful

    Wasn't it kaspersky that identified an NSA rootkit a few months back? Yep, they sure are a threat.

    --
    "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  10. Re:Never heard of them... by geek · · Score: 2, Informative

    I haven't used anti-virus software in years. I only have Windows Defender and Malwarebytes installed on my Windows PCs.

    Read the first sentence you wrote. Then read the second one. You now have my permission to feel stupid.

  11. Isn't this the NSA's job? by Cyberpunk+Reality · · Score: 4, Insightful

    Spying jokes aside, if the NSA (and the greater intelligence community) had pushed for good security practices from the beginning instead of cultivating an environment that made their spying easier, we wouldn't have to worry about this. The US government needs to realize that it cannot have it's cake and eat it too.

    --
    Rule 35 of the internet: "If it can be hacked, it will be". - Charles Stross
    1. Re:Isn't this the NSA's job? by StormReaver · · Score: 4, Informative

      Along those lines: I'm far more worried about being targeted by our own Government than by the Russians. The U.S. Federal government has shown itself time and again to be, at best, no better than the Russians where our rights and freedoms are concerned:

      1) Continual erosion of the Constitution.
      2) Ignoring the Constitution when following the law becomes inconvenient.
      3) Spying on American citizens.
      4) Systematic molestation by Federal officials at airports.
      5) Lying to the American public as a matter of standard policy (though that is implied in the other four).

      The Russians are WAY down on the list of things we Americans have to worry about at home.

  12. Re:All AV Compromised? by Anonymous Coward · · Score: 2, Interesting

    The Snowden leaks* already showed that malware signatures are submitted to AV companies so that they purposefully do not flag the files.
    Frankly, kaspersky, eset, and a handful of others are part of the handful of AVs I trust because they are NOT headquartered in 5 eyes countries.

    The Canadian CSES have a slide with a box clearly labeled with EXACTLY this:
    "
    Commercial/Industry/Relationships
    Influence Technology
    (provide signature to AV)
    "

  13. The bath salts MUST FLOW by Thud457 · · Score: 5, Funny

    This is exactly why I said we needed to draft John McAfee during the 2016 election.
    But NOOOOO... you all said he's too erratic, and temperamentally unsuited to be President.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  14. Who is the enemy? by mi · · Score: 2

    So you prefer to use antivirus that lets NSA/CIA/etc viruses and spyware in instead, right?

    Of course! Even if we stipulate, that NSA/CIA routinely access our computers, I'd certainly prefer that, however unpleasant, to a foreign power doing the same. And not just any foreign power, but Russia...

    But, hey, do I understand you right, that you voted for Trump because he was beholden to Russia, rather than for Clinton, who was beholden to NSA/CIA?

    --
    In Soviet Washington the swamp drains you.
    1. Re:Who is the enemy? by mi · · Score: 2

      Name one American the Russians drone murdered.

      I hope, you don't insist on it being done by drones, which Russia does not really have — and what it does have, it uses for intelligence-gathering and artillery-coordination only. But, here, I'll list a few:

      You can also safely chalk up a sizeable fraction of American deaths in the Middle East to Russians — but we may not know the exact details of their coordinating ISIS and other terrorists against the US for decades...

      Now, why is it indicative of anything? Why don't you list the Americans killed by American government — and we'll compare that to the Russians killed by Russia... Ah, you are an American — protected by these people you despise — and not worrying about what Russians do to others? Ok, do you suppose, all an enemy can do is kill? How about spying — on your country? How about lying online with millions of "voices" through hijacked accounts?

      GTMO like prisons

      Darling, GITMO is a tropical paradise compared to the installations run by the enterprise formerly known as GULAG.

      Tell me about the Russian detention without charges + torture program.

      What exactly would you like to know?

      Now explain why would you rather have the CIA on your stuff?

      Because whatever abuse you may accuse CIA of was aimed at the sworn enemies of the US and our allies, not US citizens, however politically active and oppositiony...

      --
      In Soviet Washington the swamp drains you.
  15. Re: It's okay by geek · · Score: 3

    No it was Obama when running against Romney and you all laughed when Romney said they were a threat. Now that Hitlery lost you're all freaking out about Russians. It's fucking hilarious

  16. Aww come on! by Applehu+Akbar · · Score: 3, Insightful

    Why don't the Democrats have done with it and just re-convene the House Un-American Activities Committee? Given today's political alignment, this could even include restarting the old John Birch Society campaign against dental fluoride. What was old is new again.

  17. Re:What makes you think they aren't already doing by phantomfive · · Score: 2

    Also, are there people who think Microsoft isn't compromised?

    Probably somewhere, but there have been indications that Microsoft has been working with the NSA for a looooong time. Also, I know it sounds ridiculous, but there is a back door in Intel chips that allows you to access them, even when the OS is not installed. I know that sounds crazy, I thought so too, at first.

    Also, Google secretly hands your emails over to the NSA without telling you.

    --
    "First they came for the slanderers and i said nothing."
  18. Re:Kapersky? Most respected cybersecurity firms? by Cmdln+Daco · · Score: 2

    Tinfoil is damned expensive these daysl. You have to order it from scientific or industrial supply houses. All the consumer level stuff is aluminum now.

    The meme needs an update.

  19. US software by manu0601 · · Score: 3, Insightful

    This is a stupid move from US, with its world-dominating software industry. Following the same logic, most countries in the world should ban Windows.

  20. Re:Kapersky? Most respected cybersecurity firms? by AHuxley · · Score: 2

    +1 for using AV products that work and that have the skills to track groups like the Equation Group https://en.wikipedia.org/wiki/....
    Why risk a US antivirus vendor cooperation https://en.wikipedia.org/wiki/... in any US product or OS?
    The PRISM https://en.wikipedia.org/wiki/... list showed what US brands and OS makers would do or "allow" to happen.

    --
    Domestic spying is now "Benign Information Gathering"
  21. McCarthy by Tom · · Score: 2

    McCarthy called, we wants his paranoia back.

    Funny how nobody noticed how very suddenly everything from elections not going the favorite way to bad weather is Putins fault. Let's conveniently ignore that he's been running Russia one way or the other for twenty years.

    Assuming that much of this stuff is either fabricated or wasn't important some years ago and is dragged up now - the question is why? For what purpose is the public fed the old "Russia is evil" meme again? What are we being prepared for?

    --
    Assorted stuff I do sometimes: Lemuria.org
    1. Re:McCarthy by ebvwfbw · · Score: 2

      It's the Democrat's birther joke. The joke's on them. No evidence at all... yet they keep saying there was Russian involvement, etc. Even Dianne Feinstein said recently there is no evidence. So if you see someone saying the russins are coming.. they're a really good mark. They're really gullible.

  22. Lights Out management. by DrYak · · Score: 5, Informative

    Also, I know it sounds ridiculous, but there is a back door in Intel chips that allows you to access them, even when the OS is not installed

    Technically:

    1 - it's not in the Intel *CPU*, it's in the Intel *Server Motherboard Chipsets*.
    By design, Intel ME (Management Engine) is a useful tool so sys-admin can remotely access and checks servers (or enterprise workstation) whose OS won't even respond anymore. (e.g.: to diagnose early boot process steps, oversee a firmware update, etc.)
    It' basically a small embed CPU core running a micro embed Linux and featuring a web server for the interface and a sort of VNC server and port forwarder/remote device mapper.
    In practice, this service is done very sloppily and bugs are constantly found that enable exploit and un authorized acces.

    2 - Intel ME has equivalent in other manufacturer called IPMI. e.g.: most of the AMD server motherboard features that one.
    Again, like with Intel ME, cirtical exploitable bug are regularily found in IPMI, meaning it similarly easy to circumvent access control.

    A big chunk of these exploitable bugs in both Intel ME and IPMI are very probably due to sloppy programming for product rushed to the marker.

    But given how many bugs are discovered, and how juicy light-out-management is as a target, there bound to be a few "not so honest mistakes" among these bugs.
    But these not-quite-accidental bugs aren't only to be blamed on US agencies.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]