Slashdot Mirror

← Back to Stories (view on slashdot.org)

Officials Fear Russia Could Try To Target United States Through Kaspersky AV (go.com)

Posted by msmash on from the growing-fear dept.

Russia's growing aggression toward the United States has deepened concerns among U.S. officials that Russian spies might try to exploit one of the world's most respected cybersecurity firms to snoop on Americans or sabotage key U.S. systems, according to an ABC News investigation. From the report: Products from the company, Kaspersky Lab, based in Moscow, are widely used in homes, businesses and government agencies throughout the United States, including the Bureau of Prisons. Kaspersky Lab's products are stocked on the shelves of Target and Best Buy, which also sells laptops loaded by manufacturers with the firm's anti-virus software. But in a secret memorandum sent last month to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions, the Senate Intelligence Committee raised possible red flags about Kaspersky Lab and urged the intelligence community to address potential risks posed by the company's powerful market position. "This [is an] important national security issue," declared the bipartisan memorandum, described to ABC News by congressional sources.

14 of 173 comments (clear)

  1. What makes you think they aren't already doing it? by Anonymous Coward · · Score: 5, Interesting

    LOL,wait, there are people who think Kasperesky isn't compromised? ROFL. Using a respected and renowned cybersecurity first to as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

  2. "Russia's growing aggression toward the USA..." by Archtech · · Score: 4, Insightful

    https://socioecohistory.files....

    --
    I am sure that there are many other solipsists out there.
  3. McCarthy AV by lactose99 · · Score: 5, Funny

    Are you now or have you ever been a member of Kapersky Lab?

    --
    Fully licensed blockchain psychiatrist
  4. American companies in Russia? by Anonymous Coward · · Score: 5, Insightful

    And what about Microsoft, Apple, Google? Should Russia fear all these companies as well and ban them?

  5. Re:What makes you think they aren't already doing by Anonymous Coward · · Score: 5, Insightful

    LOL,wait, there are people who think Kasperesky isn't compromised? ROFL. Using a respected and renowned cybersecurity first to as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

    Also, are there people who think Microsoft isn't compromised? ROFL. Using an operating system with the highest market share as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

  6. Re:Like our Cisco network equipment by TWX · · Score: 3, Informative

    Chips?

    Most of the Catalyst switches are made in China. The 2960 series, 3560 series, 3600 series, 3750 series, and 3800 series are all made in China. The 4500 series are made in Mexico. You'd be hard-pressed to find a conventional L3 switch not manufactured outside of the United States, and I would be amazed if any L2 switches are made in the US.

    --
    Do not look into laser with remaining eye.
  7. Re:Kapersky? Most respected cybersecurity firms? by Killall+-9+Bash · · Score: 4, Insightful

    Wasn't it kaspersky that identified an NSA rootkit a few months back? Yep, they sure are a threat.

    --
    "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  8. Isn't this the NSA's job? by Cyberpunk+Reality · · Score: 4, Insightful

    Spying jokes aside, if the NSA (and the greater intelligence community) had pushed for good security practices from the beginning instead of cultivating an environment that made their spying easier, we wouldn't have to worry about this. The US government needs to realize that it cannot have it's cake and eat it too.

    --
    Rule 35 of the internet: "If it can be hacked, it will be". - Charles Stross
    1. Re:Isn't this the NSA's job? by StormReaver · · Score: 4, Informative

      Along those lines: I'm far more worried about being targeted by our own Government than by the Russians. The U.S. Federal government has shown itself time and again to be, at best, no better than the Russians where our rights and freedoms are concerned:

      1) Continual erosion of the Constitution.
      2) Ignoring the Constitution when following the law becomes inconvenient.
      3) Spying on American citizens.
      4) Systematic molestation by Federal officials at airports.
      5) Lying to the American public as a matter of standard policy (though that is implied in the other four).

      The Russians are WAY down on the list of things we Americans have to worry about at home.

  9. The bath salts MUST FLOW by Thud457 · · Score: 5, Funny

    This is exactly why I said we needed to draft John McAfee during the 2016 election.
    But NOOOOO... you all said he's too erratic, and temperamentally unsuited to be President.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  10. Re: It's okay by geek · · Score: 3

    No it was Obama when running against Romney and you all laughed when Romney said they were a threat. Now that Hitlery lost you're all freaking out about Russians. It's fucking hilarious

  11. Aww come on! by Applehu+Akbar · · Score: 3, Insightful

    Why don't the Democrats have done with it and just re-convene the House Un-American Activities Committee? Given today's political alignment, this could even include restarting the old John Birch Society campaign against dental fluoride. What was old is new again.

  12. US software by manu0601 · · Score: 3, Insightful

    This is a stupid move from US, with its world-dominating software industry. Following the same logic, most countries in the world should ban Windows.

  13. Lights Out management. by DrYak · · Score: 5, Informative

    Also, I know it sounds ridiculous, but there is a back door in Intel chips that allows you to access them, even when the OS is not installed

    Technically:

    1 - it's not in the Intel *CPU*, it's in the Intel *Server Motherboard Chipsets*.
    By design, Intel ME (Management Engine) is a useful tool so sys-admin can remotely access and checks servers (or enterprise workstation) whose OS won't even respond anymore. (e.g.: to diagnose early boot process steps, oversee a firmware update, etc.)
    It' basically a small embed CPU core running a micro embed Linux and featuring a web server for the interface and a sort of VNC server and port forwarder/remote device mapper.
    In practice, this service is done very sloppily and bugs are constantly found that enable exploit and un authorized acces.

    2 - Intel ME has equivalent in other manufacturer called IPMI. e.g.: most of the AMD server motherboard features that one.
    Again, like with Intel ME, cirtical exploitable bug are regularily found in IPMI, meaning it similarly easy to circumvent access control.

    A big chunk of these exploitable bugs in both Intel ME and IPMI are very probably due to sloppy programming for product rushed to the marker.

    But given how many bugs are discovered, and how juicy light-out-management is as a target, there bound to be a few "not so honest mistakes" among these bugs.
    But these not-quite-accidental bugs aren't only to be blamed on US agencies.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]