Slashdot Mirror
The US Congress Is Investigating Government Use Of Kaspersky Software (reuters.com)
An anonymous reader quotes Reuters:
A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out "nefarious activities against the United States," according to letters seen by Reuters. The requests made on Thursday by the U.S. House of Representatives Committee on Science, Space and Technology are the latest blow to the antivirus company, which has been countering accusations by U.S. officials that it may be vulnerable to Russian government influence... The committee "is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States," wrote the panel's Republican chairman, Lamar Smith, in the letters... A committee aide told Reuters the survey was a "first step" designed to canvas the U.S. government and that more action may follow depending on the results.
Agencies contacted include both the Deparatment of Homeland Security and NASA. The committee wants to see internal risk assessments, plus a list of all systems using Kaspersky products and the names of government contractors using the software.
Agencies contacted include both the Deparatment of Homeland Security and NASA. The committee wants to see internal risk assessments, plus a list of all systems using Kaspersky products and the names of government contractors using the software.
Should I get anti-virus software that's pwned by Russia, or anti-virus software that's pwned by the US?
The best part of all this is that it tells the rest of the world how much we should trust software produced by US based companies.
it's in my head
Given the Russian Government's utter reliance on subversive means, and their absolute control over the activities of every business, I cannot have confidence that Kaspersky has been granted any exception from those totalitarian rules. I would NEVER trust a product from a Russian business, and even abandoned Acronis (backup} for the same reasons some years ago. There IS no integrity in the service of customers in other nations that is safe from corruption in service to malevolant forces at play in the USSR government.
You can bet that this is for show. The government simply doesn't "get" software development. The understanding has been shifting over the last 10-20 years, but it is a very slow process which is partly frustrated by the loads of laws and regulations that affect government acquisition.
That said, I can share some anecdotes from my own experience dealing with government projects.
One was a while back (03-05 timeframe) and the place where I was at had was pretty small but was important enough that they had their own "computer security" guy on staff. I had a requirement to be able to SSH out to access a research system in a university lab. Of course, this outfit had everyone on Windows 2000 or XP, so I suggested PuTTY since nobody else there was using SSH and I figured it would be easier. As soon as the "computer security" guy found out that you had to download from some server in the UK, he gets all skittish. I tell him that it's fine, I had previously used it on personal, school, and work computers and that it was open source to boot. Well, at that point he about loses it. "Oh No! We can't have open source, plus it is developed in a foreign country!" I explained to him that not all of Microsoft's employees that develop Windows, Office, and whatever other MS software that was in use were located in the US and that even all those in the US were not necessarily US citizens. He was not that interested in the argument, and I might as well have been speaking to him in gibberish. I then explained to him that if he used the Internet that even Windows' network stack was based on open source components. I thought his head might explode.
After going through all that nonsense, that took way more effort than I thought it should, I came across some websites that experienced "difficulty" with rendering in IE. I requested Firefox (it may have still been Firebird or Phoenix at that time) and I thought the "computer security" guy was going to come across his desk at me for even asking. I gave up that fight relatively quickly and just did some of the browsing from my home machine.
Another time I was responsible for managing a network of RHEL servers and workstations that were not connected to the Internet. I had to make sure that when advisories and package updates came out that they were deployed in a timely manner. I would typically do this by downloading them from an Internet connected machine by going to RedHat's FTP site, burning them to CD/DVD and moving them via sneaker net. At some point along the way, they implemented a policy that blocked all FTP sites (including over HTTP if FTP was in the URL; dumb, I know). So, I walked to the helpdesk and requested that they unblock RedHat's FTP server so I could get the updates. They said that the policy was managed by headquarters and that I would have to submit a request listing each URL I would need unblocked (how was I supposed to get that information if they were blocked?). When I asked how long it would take, I was told around 90 days. I asked the guy if there were any other alternatives. He said (and I really wish that this were a joke and not the truth) that I could download them at home, burn them to a CD/DVD there and carry the disk into the building. I pointed out that the public Internet connection in the building had all manner of IDS, virus scanning, etc., while they had no idea what sort of security was on my home Internet connection. Still, he said that the policy allowed for media to be carried in as long as the person doing so initialed a form indicating that it had been properly scanned for viruses. I asked him if he realized how utterly nonsensical the policy was, and he said he did but that he could not do anything about it. So, I started downloading and burning at home then bringing in the CDs/DVDs.
Things are getting better in isolated pockets. Some folks in the government do understand the realities of how software gets developed now, the value of open source, etc. However, it is really an uphill battle and lots of stakeholders (especially contractors that make big $$$$ charging the government for custom development of everything) are threatened by it.
This has got to be the dumbest tempest in a teapot ever conceived. The funny thing is that it's based on projection - it's the sort of short-term idiocy that American politicians and bureaucrats endlessly engage in. Putin may be a cold, ultranationalistic tyrant, but he's an extremely smart cold, ultranationalistic tyrant who is going to be in power for either as long as he wants to be or until somebody assassinates him. This gives him the luxury of taking the long view on issues.
To use Kaspersky's software against a foreign superpower is only a smart move as an opening shot in a hot war. This is because any spying or other mischief done through their product will almost certainly be caught. It's a (pardon the expression) trump card - you only get to play this card once and it's burnt forever. The only reason to worry about Kaspersky's software is if you're worried about a hot war with Russia, which is a mind-blowingly dumb move on either side. There are plenty of US politicians that are dumb enough to go there - they "need" to keep that military-industrial complex gravy train rolling, and people riled up about furr'ners tend are easy to make sign on to any asshat agenda.
Help save the critically endangered Blue Iguana
And the Russian government will stop all their government offices from using microsoft and apple, google products because those us government corporations ARE susceptible to the NSA,FBI,CIA. the hidden US court and whatever other spying network we are unaware of as of yet.
Jack of all trades,master of none
Since the bigger security threat comes from inside America rather than out, Kaspersky is probably safer than 3rd party American anti-malware. The NSA has easy access to the local companies and can influence them. The NSA can't so easily influence Kaspersky to do its bidding.
(||) Nehmo (||)
Why don't we have the IT Gurus who were handling 80 congressional offices investigate it? You know, Imran Awan and family. Oh right...one fled to Pakistan, the leader was arrested this week and barred from the Congressional Network by the police in FEBRUARY along with his family (but Debbie Wasserman Shultz gave him a laptop and made him 'Advisor') and asking about them is ISLAMOPHOBIA. Oh wait -- none of you heard about this? Right...that's cuz the Mainstream Media is in active collusion. Vote me down. Just wait. Easy to remember -- the name rhymes "Imran Awan" or google a few articles from Politico, Daily Caller, Gateway Pundit...for Video Good Mark Steyn summaries on Fox News "Debbie Does Dulles" but for those few following the link below has a SUPER DETAILED roundup. Drunk driving, kidnap threats, fraud, deathbed coercions...all factual. Oh yeah, Imran Awan was photographed with Seth Rich a few hours before the assassination. https://youtu.be/ZKzzyOsvajc But hey -- let's ignore a Pakistani spy/criminal ring OPERATING IN THE HOUSE & DNC FOR A DECADE THEN BUSTED NOT LONG AFTER THE DNC LEAKS. Cuz you know.....RUSSIAN DRESSING!!!!