Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Lab Denies Involvement in Russian Hack of NSA Contractor (theguardian.com)

Posted by msmash on from the denial-denial-denial dept.

Moscow-based cybersecurity firm Kaspersky Lab has hit back at a report in the Wall Street Journal which accused it of being involved in a Russian government hack of an NSA contractor in 2015. From a report: The paper reported on Thursday that the NSA contractor, a Vietnamese national who was working to create replacements for the hacking tools leaked by Edward Snowden, was hacked on his personal computer after he took his work home. There, the report says, the contractor's use of Kaspersky's antivirus software "alerted Russian hackers to the presence of files that may have been taken from the NSA." Once the machine was in their sights, the Russian hackers infiltrated it and obtained a significant amount of data, according to the paper. Calling the allegations "like the script of a C movie," Eugene Kaspersky, the infosec firm's founder, gave his own explanation of what might have happened. Mr Kaspersky vehemently denied that his company had played any active role in the breach, noting: "We never betray the trust that our users put into our hands. If we would do that a single time that would be immediately spotted by the industry and our business would be done." Instead, he implied that the root of the problem was that Kaspersky Lab had correctly identified the hacking tools the contractor was working on as malware -- perhaps through Kaspersky Lab's own research into the Equation Group, a "sophisticated cyber espionage platform" believed to be linked to the NSA.

37 of 76 comments (clear)

  1. My suspicion by Anonymous Coward · · Score: 1

    The Kapersky Labs campus has a mysterious building that is off limits to all employees except a select few with very close government ties and high security clearances. All products must be approved by the black building for release to the public. Nobody knows what exactly goes on in that building, just that it is where the products must be reviewed before their release and that there are a lot of black SUV's that come and go.

    1. Re: My suspicion by NettiWelho · · Score: 5, Insightful

      In the US if you refuse to sabotage your product the worst they can do is maybe find out you cheated on your taxes and/or publicly shame you somehow.

      Nope, your business gets destroyed by the government if you refuse. See: Lavabit

      In Russia you fall down elevator shaft, after shooting self in back of head 4 times.

      Where as in US you can get shot by government in clear daylight with everything caught on video and murderers escape all punishment.. Apples and oranges.

    2. Re: My suspicion by gtall · · Score: 1

      C'mon, in the U.S. we let the public shoot anyone in the public. Hell, there's even a bill in Congress to allow silencers on guns. And you are worried about the government?

    3. Re: My suspicion by Anonymous Coward · · Score: 1

      Technically, he destroyed the business rather than comply with the government.

      Lavabit is back, by the way.

    4. Re: My suspicion by bestweasel · · Score: 1

      Henry Ford's famous speech still resonates.

      "I have a dream that my four little vehicles will one day live in a nation where they will not be judged by the color of their skin, but by what's under the hood."

    5. Re: My suspicion by Anonymous Coward · · Score: 1

      Silencers are already available in much of the US after payment of a tax; the bill would simplify that and allow those who wish to save their hearing while shooting to save some money. With the exception of a few short-range, low-velocity loads silencers do not make guns come anywhere close to 'silent'. In almost all cases it is still dangerous to fire a gun with a silencer without hearing protection (even one shot) because it is still that loud.

      If your education on silencers is Hollywood, I'm sorry to inform you that you've been lied to.

  2. It's an interesting subject by burtosis · · Score: 1

    I'm honestly torn between a corporations invasion of personal privacy on one hand, and the anger from the NSA that it identifies thier hacking tools as malware and helps remove thier backdoors. You can't really win as anti virus software is never good and you can be certain no one really has your best interests in mind.

  3. He actually said that? by hyades1 · · Score: 4, Insightful

    "Instead, [Kaspersky] implied that the root of the problem was that Kaspersky Lab had correctly identified the hacking tools the contractor was working on as malware..."

    Given the circumstances, this may be the best unintentionally ironic example ever of the well-worn meme, "It's not a bug, it's a feature."

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  4. Re:Calling Captain Renault by jellomizer · · Score: 1, Insightful

    Not necessary evil but insidious is a better term for the Russian Government. After the chaos after the Soviet Union dissolved, there population in general has accepted a strong man government to keep order. Russia is a major world player and with its strong man government in charge, it isn't happy with just controlling it local populous but also the rest of the world. They realize that the military would suffer losses if they try to openly attack NATO countries, or China and its allies.
    However after generations of being a master in the propaganda engine under the USSR, they can use these skill sets with modern technology to manipulate other countries.

    Being that it is strong man government with a lot of control, a company based in Russia, wouldn't be free from government influence and if the company had built up some good will with rival nations, that could be used for Russia's advantage.

    Trump became president due to Russian influence in our election, If Trump and his team was involved with the Russians is a different question, but with the Russians spamming Facebook with fake news, raising the ideas of divisions where they were more or less settled in the past, and create chaos in the systems. Allowed for people be afraid of the establishment and vote for the Simple Fix.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  5. The story smells by guruevi · · Score: 3, Insightful

    a) A contractor was allowed to take his work home on an unencrypted, unsecured laptop
    b) The contractor was a foreign national (hint: you can't get top secret clearance unless you're a US citizen)
    c) The contractor created viruses and malware directly in his "core" work environment, where I suppose he also keeps his e-mail and other stuff, not in a VM
    d) The NSA then also installed Kaspersky even though the NSA has quite publicly said Kaspersky is all sorts of bad (unsubstantiated)

    So the crux of the story:
    1) NSA is lying
    2) NSA is incompetent
    3) Both

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:The story smells by will_die · · Score: 2

      The software was on his personal computer.
      So a, does not apply; b, don't know; c, not the case, he stole copies of the software and installed on personal computer; d, personal computer so he installed kasperksy.
      So none of the cruxes apply.

    2. Re:The story smells by chill · · Score: 2

      Wow. You're either:

      A) illiterate
      B) lying sack of shit
      C) didn't read the story
      D) All of the above

      Because...

      a) The contractor was NOT allowed to take the work home. The story states it was both a violation of NSA rules and a possible criminal action and is being investigated.
      b) The story doesn't say anything about the nationality of the contractor.
      c) The story doesn't say anything of the sort.
      d) No, the story says EXACTLY THE OPPOSITE.

      NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against these employees or contractors using it at home, they were advised not to before the 2015 incident, said people with knowledge of the guidance the agency gave.

      The name of the NSA contractor in the Kaspersky-related incident and the company he worked for arenâ(TM)t publicly known. People familiar with the matter said he is thought to have purposely taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

      The man isnâ(TM)t believed to have wittingly aided a foreign government, but knew that removing classified information without authorization is a violation of NSA policies and potentially a criminal act, said people with knowledge of the breach. It is unclear whether he has been dismissed from his job or faces charges. The incident remains under federal investigation, said people familiar with the matter.

      --
      Learning HOW to think is more important than learning WHAT to think.
    3. Re:The story smells by guruevi · · Score: 2

      I read the following:

      The paper reported on Thursday that the NSA contractor, a Vietnamese national who was working to create replacements for the hacking tools leaked by Edward Snowden, was hacked on his personal computer after he took his work home.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    4. Re:The story smells by guruevi · · Score: 1

      a still applies because after Snowden they still allow people to take stuff on personal devices
      b is in the summary
      c is in the summary, again, a contractor that creates hacking tools conveniently doesn't know that carrying around malware in your hypervisor environment is bad?

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    5. Re:The story smells by guruevi · · Score: 1

      How moronic can you be, first you claim that it was his personal laptop, now you claim that they don't even allow personal devices in the same room. The story doesn't match up with reality.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    6. Re:The story smells by guruevi · · Score: 1

      No, all of it is in the summary.

      a) Look at your own answer: If he's not allowed to do it, how did it end up on his computer? Snowden supposedly did this a few years ago, they either haven't changed the rules or they still don't enforce them. If he knows it wasn't allowed, then why would he alert his supervisors when the antivirus went full-tilt and how would the NSA know that the malware exited the computer at all? The story doesn't add up - either it's an NSA-controlled computer and they monitor it's ins-and-outs or it's a personal computer and the contractor screwed up but you can't have full knowledge of what happened without having full control over the machine.

      b) Either way, you cannot get TS security clearance if there is even a remote possibility that you have an attachment to a country outside the US. In theory you can but I've worked with DOE-Q clearances, no investigation would clear anyone that has even resided outside the US for a few years, let alone have a heritage.

      c) It made clear that Kaspersky antivirus was installed and that the malware traveled over the Internet - what sane security researcher/programmer would install an antivirus with access to the Internet when you develop "cyberweapons"? Any mistake and you take down half the Internet in a matter of hours.

      d) Well that's what the story is insinuating. If they didn't know about the computer, then it makes no sense that they knew what happened. If they knew what happened, it makes no sense to still consider it a 'personal computer'.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  6. Re:Calling Captain Renault by cascadingstylesheet · · Score: 2, Insightful

    Trump became president due to Russian influence in our election

    No, that's not why he became president, but it's a wonderful ego-saving belief for a segment of the country.

  7. not the whole story by guygo · · Score: 2

    OK, so if - as Gene says - there was just a flag that malware existed on a given computer, and that flag made it all the way back to Kaspersky Central's servers, how did that flag then get to the people who entered the computer and copied the files? That step seems to indicate some kind of inside job and/or collusion between Kaspersky and the black hatters, n'ext-ce pas? So even if Gene and what he thinks is his company were totally sincere (something I doubt is confirmable for any KGB-trained human) in his denials, that log that contained that flag got into the hands of the bad-actors, and Kaspersky IS responsible for THAT.

  8. Putting on my tinfoil hat by ChoGGi · · Score: 1

    Damn, looks like the U.S. gov really wants to discredit Kaspersky.

    1. Re:Putting on my tinfoil hat by ChoGGi · · Score: 1

      Been going on for some time; I think you are correct, and I can't figure out why.

      No? I assumed it was a combination of the FBI "investigating" them for Russian gov connections, and/or for detecting NSA mal/spyware.

  9. Assume it is true by houghi · · Score: 1

    Assume that it is true and they did not where used by the Russians (with or without their consent), why would the NSA say so?

    Hold on to your tinfoil hats, here we go.

    The NSA has hacked the persons PC. The NSA has given the person the files to put on his PC. The NSA has put a NSA version on the persons PC that looks hacked. The NSA now blames the Russians to have hacked it. People stop using said software and start using software that the NSA has actually hacked.

    So now the NSA gets access to people who previously used software that was actually safe and did not have a backdoor.
    This so some senators and/or others that they want to have access to stop using it, putting the rest of the world in harms way.

    With what the NSA already has pulled of in the past, it somehow does not eve look that weird of a plan and it wil actually work.

    The real question is now: do you want the Chinese, the Russians or the Americans read your stuff. I go with the Russians, because the Chinese get the data over my phone (Huawei) and Americans already get data via several other means, like the transatlantic lines. I just don't want the Russians to be left outside the loop.

    --
    Don't fight for your country, if your country does not fight for you.
  10. Re:Calling Captain Renault by ohnocitizen · · Score: 5, Insightful

    I wonder if, when Mueller's report comes out showing collusion, the shrinking minority of Republicans who still support Trump will eat their words? Or if they'll act like Fox News analysts caught in a lie, and just move onto the next hot topic with their credibility among other conservatives mysteriously intact?

    But you're right to a tiny degree, Trump didn't become president due to Russian influence alone. Voter suppression, moving from dog whistles to overt racism and sexism that appeal to a segment of the country, and the Democrats refusing to acknowledge how weak a candidate they chose... All of these things played a role.

    I'm curious to see if Republicans will switch from ignoring the evidence of foreign influence to excusing it. It'll be fascinating to watch that play out, even as we figure out what to do with the court appointments and other fruit of the poison tree of an illegitimate president.

  11. Re:Calling Captain Renault by allcoolnameswheretak · · Score: 1, Informative

    Trump became president due to Russian influence in our election

    No, that's not why he became president, but it's a wonderful ego-saving belief for a segment of the country

    There are a number of high-profile investigations going on that are starting to provide results and evidence of how a foreign actor (Russia) tried to influence the election in favor of Trump.
    And Russia has a history of manipulating public opinion and interfering with elections in other countries.

    Do you think all of this is "fake news" and all the agents, secret services, politicians and other actors that are involved in these investigations are part of a liberal conspiracy?

    I guess that's a wonderful ego-saving belief for a segment of the country.

  12. Re:Calling Captain Renault by PolygamousRanchKid+ · · Score: 2

    Trump became president due to Russian influence in our election,

    Nope. Trump became president because a lot of folks detest Hillary Clinton. She still hasn't realize this. It reminds me of celebrity who cries:

    "What?!?! There are people who don't like me!?!?! I'm so great that everyone must absolutely love me!"

    In the election folk did not vote for the better candidate. They voted for the least worse.

    A lot of folks held their noses while voting.

    It's quite sad actually.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  13. Re: Calling Captain Renault by Anonymous Coward · · Score: 1

    Burr said the committee had come to a conclusion on at least one issue: that it had faith in the conclusions of the intelligence community assessment (ICA) presented by the CIA, FBI and NSA to Barack Obama and Donald Trump in January.

    That assessment found that Vladimir Putin and the Russian government had intervened extensively in the presidential election and âoeaspired to help president-elect Trumpâ(TM)s election chances when possible by discrediting secretary Clinton and publicly contrasting her unfavorably to himâ.

  14. How did NSA close the loop? by tomhath · · Score: 3, Interesting

    The story is that Russian hackers stole documents from the contractor's laptop, which he had stolen from NSA.

    What I haven't seen is how NSA learned that the Russians obtained that information, and how do they know it came from a compromised Kaspersky installation on that particular guy's laptop?

    It sounds like all the spooks are hacking each other.

    1. Re:How did NSA close the loop? by MobyDisk · · Score: 1

      Or it was a setup. The NSA created a fake virus, then planted it on a laptop that ran Kaspersky. Then they listened to the underground to see if someone reported finding a new NSA developed virus.

    2. Re:How did NSA close the loop? by AHuxley · · Score: 1

      Re "What I haven't seen is how NSA learned that the Russians obtained that information"
      The US gov created some new file that acts like malware in the wild when lost or activated at home.
      All part of the digital contractor buddy system upgrades. Files that report if they get taken outside of any secure US mil/gov location.
      Such prepared file actions would have been detected by any good AV app as new malware in the wild.
      The AV app reports a new sample of unexpected malware code in the OS.
      The US gov notes their new contractor tracking malware got detected in the wild.
      The NSA is tracking all its contractors and their internet connections.
      AV detecting new US malware is presented as US gov files floating around the internet.
      Re " hackers stole documents from the contractor's laptop"
      If Russia had never seen the "documents" how did they know what to look for?
      AV thats not cloud based would not be uploading users random large documents from all over the world randomly.
      People would notice the up bandwidth clogged and note all their documents got AV uploaded on capped bandwidth consumer networks.
      Did the NSA activate its malware into the wild again and see AV detecting US malware actions in the wild in real time?
      Thats what any good AV product would do. AV would report new, strange malware trying to get networking or hide deeper into an OS.

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:How did NSA close the loop? by MobyDisk · · Score: 1

      And now we know how they closed the loop: The Israelis hacked Kaspersky. https://arstechnica.com/information-technology/2017/10/russian-hackers-reportedly-used-kaspersky-av-to-search-for-nsa-secrets/

  15. And the takeaway is... by jasonma84 · · Score: 1

    A.) If you aren't a US government employee you should probably have Kaspersky installed on your machine for security reasons. B.) The government has started recruiting foreign nationals to develop cyber espionage software. Not surprising since they have many more options available for silencing recruits that decide they want to go public and since they aren't protected by the US Constitution they can pretty much do whatever they want with them; in secret of course. Yikes!

  16. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  17. hint: look at their malware discoveries by hlee · · Score: 1

    I use Kaspersky at home. During my research, I looked up what malware Kaspersky Labs had discovered and wanted to see if they'd be bold enough to uncover any Russian state sponsored malware - there weren't any, while they did discover several with links back to NSA and Israel - interesting, but didn't think much more of it.

    Best case scenario is that Kaspersky do not have ties to government, but they're not stupid enough to reveal Russian state sponsored malware either (if they did so publically, I can't imagine them being allowed to operate in Russia). What this means is you cannot count on Kaspersky to protect you from malware developed by Russian authorities (at least not until they're public knowledge), but then again, it is unlikely any commercial product would either.

  18. Another theory: NSA set this up by MobyDisk · · Score: 2

    Another theory: The NSA suspected a Russian agent. They suspected someone at Kaspersky. So they setup a test: Put Kaspersky on a laptop, put something valuable on the laptop that would be found by Kaspersky AntiVirus, then wait and see what happens.
    The result is they successfully baited out the hacker.

    Alternative theory: The NSA wanted to discredit Kaspersky, so they put something on the laptop that they new Kaspersky antivirus would find. Maybe Kaspersky automatically downloaded that file, and now the NSA can say "look, Kaspersky is a front for Russian hackers! They used it to download our secret stuff!"

    1. Re:Another theory: NSA set this up by MobyDisk · · Score: 1

      Ha! It is looking more like my first theory was right. And now we know how the NSA knew that Kaspersky had the files in question. https://arstechnica.com/information-technology/2017/10/russian-hackers-reportedly-used-kaspersky-av-to-search-for-nsa-secrets/

  19. Re:Calling Captain Renault by ohnocitizen · · Score: 1

    Of course you'd reply as AC. You're still at the denial stage of grief. https://www.reuters.com/articl...

    The British intelligence are our ALLIES, and have been for decades. Can't you tell the difference anymore, or more likely, will you just say anything that seems to support your point in the moment?

  20. Re: NSA trying to leak ? by Brockmire · · Score: 1

    Contractors typically work from home, especially if they don't live in the US.

  21. Re:Calling Captain Renault by Hognoxious · · Score: 1

    I'm shocked to see them denying it. Russians are honourable people. If they'd done it, they'd admit it.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."