Slashdot Mirror

← Back to Stories (view on slashdot.org)

Israeli Spies 'Watched Russian Agents Breach Kaspersky Software' (bbc.com)

Posted by msmash on from the security-woes dept.

Israeli spies looked on as Russian hackers breached Kaspersky cyber-security software two years ago, according to reports. From a report: The Russians were allegedly attempting to gather data on US intelligence programs, according to the New York Times and Washington Post. Israeli agents made the discovery after breaching the software themselves. Kaspersky has said it was neither involved in nor aware of the situation and denies collusion with authorities. Last month, the US government decided to stop using the Russian firm's software on its computers. The Israelis are said to have notified the US, which led to the ban on Kaspersky programs. The New York Times said that the situation had been described by "multiple people who have been briefed on the matter."

15 of 194 comments (clear)

  1. I don't know who's spying who by Anonymous Coward · · Score: 5, Insightful

    So Israel was spying on the US and saw that Russia was spying on the US.
    Great. Wish they'd both die in a fire.

    1. Re:I don't know who's spying who by VocationalZero · · Score: 4, Insightful

      The Israelis notified the US that they were able to breach Kaspersky on their systems. The Russians did not. Speaks a lot about the intent. Not sure how you missed that.

    2. Re:I don't know who's spying who by Anonymous Coward · · Score: 1, Insightful

      The Israelis notified the US that they were able to breach Kaspersky on their systems. The Russians did not. Speaks a lot about the intent. Not sure how you missed that.

      Yeah, like that time I told my friend that I fucked his wife when he wasn't around.
      He was super upset and then I'm all like, "Well, at least I told you, unlike your brother."
      See, it's all about intent with these things.

    3. Re:I don't know who's spying who by nagora · · Score: 5, Insightful

      We need more traitors like him to protect us from assholes like you who would sell us all down the river for any bastard wrapped in a flag.

      --
      "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
    4. Re: I don't know who's spying who by F.Ultra · · Score: 4, Insightful

      Which of course is not what happened. He was in Russia only to transit further when the US revoced his passport which effectively stranded him in Russia. So he is only in Russia due to the US government.

    5. Re:I don't know who's spying who by eaglesrule · · Score: 4, Insightful

      Snowden is a hero. He proved without a doubt we were being lied to.

      There is plenty documenting the events leading up to his residing in Russia, including the timing of his passport being revoked, so perhaps you should rethink that. Do you really believe that bravery means waiving your right to a fair trial and letting yourself be shipped off to a CIA blacksite to be tortured?

  2. Any AV vendor by xxxJonBoyxxx · · Score: 4, Insightful

    Part of the reason I've always felt nervous installing AV or anything else that wanted to run at or near kernel is exactly this: at least one third party is "in" my system...and if that third party goes sideways then the rest of my defenses aren't worth much. (e.g. is your IDS really going to flag a 10% traffic increase to your AV vendor from your AV software?)

  3. Occam's Razor by chill · · Score: 5, Insightful

    Kaspersky's AV solutions scan files, and transmit data back to their servers if found to be malware. If nothing else, they can send back lists of files on machines that are scanned, etc.

    The transmission is done thru TLS-encrypted channels.

    The Russian Government, like most major governments, do their best to monitor all of the traffic they can. See the recent Wikileaks documents on "Peter-Service" for some details.

    If the Russian gov't has obtained, one way or another, copies of Kaspersky's TLS keys, then they really don't need cooperation to see everything that's coming down the pipe. They can also probably MITM the connection and take control of the AV application, without Kaspersky's knowledge.

    It is called "plausible deniability" for Kaspersky and fairly trivial in a country where the use of strong encryption requires a license from the gov't.

    There are numerous current news articles about our (American) Justice Department is salivating over the possibility of that being possible in the U.S.

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re: Occam's Razor by Anonymous Coward · · Score: 2, Insightful

      Tell that to LavaBit!

  4. Re:Inb4 Russian apologists by Anonymous Coward · · Score: 3, Insightful

    Brace yourself for the hysterics, e tu quoque, and false equivalences. Get ready for more demands of absolute proof, and probably some ad hom attacks while they're at it.

  5. Well, then... by lhowaf · · Score: 5, Insightful

    I trust(ed) Kaspersky more than the Senators bad-mouthing them. They look pretty bad in this light, though. Not because of collusion with the KGB but because their software can't, apparently, protect their own systems. So who can we trust, then? Symantec? McAfee? Windows Defender? Please. It looks like we either have to swallow the fact we're going to be entertaining uninvited guests or we'll have to try to live without our security blankets. It isn't so bad for /. readers but what about those friends and family who are more-and-more at risk? What a stinkhole we've made of the Internet.

    1. Re:Well, then... by Gravis+Zero · · Score: 3, Insightful

      So who can we trust, then? Symantec? McAfee? Windows Defender? Please. It looks like we either have to swallow the fact we're going to be entertaining uninvited guests or we'll have to try to live without our security blankets.

      You can't trust Microsoft to start with, so stop using their products. Linux or one of the BSDs are far more trustworthy.

      Windows is your "security blanket", not the AV product.

      --
      Anons need not reply. Questions end with a question mark.
  6. No silver lining for Kaspersky by lbmouse · · Score: 5, Insightful

    No matter how you spin this there is no way for Kapersky to come out of this whole mess OK.

  7. Re:With friends like this, who needs enemies by VocationalZero · · Score: 3, Insightful

    I can't say I'm a fan of arguments using heavy-handed, over-simplified analogies, this one included. Seems more like a false equivalence.

    Your timeline is wrong, and you are basically stating that the Israelis were only there to steal information from the US. Do you actually know this, or is this just pessimistic conjecture?

    Even if they were only there initially to steal data (big if), we live in a world where everyone spies on everyone. It is what spy agencies do, it is their entire purpose. It makes no sense to expect not to be spied on, but it does make sense that allied agencies would inform you if non-allied agencies are successfully intruding into your systems.

  8. Size != Power ... on the Net by rbrander · · Score: 4, Insightful

    Man, if you`re a nation of 350 million people who invented the Internet and have a larger security budget than the rest of the world put together, it must totally burn you to be hacked by a half-starved, half-drunk nation of 150 million.

    But not as much as being told about it by a nation of 8 million.

    Guys, we don`t agree with all your foreign adventurism and neo-colonialism, but if you`re going to run around the planet just making enemies hand-over-mailed-fist, you really need to up your cybersecurity game. You have WAY too many of your human IT resources trying to figure out how to out-snapchat SnapChat.

    And hire Snowden back. That guy could run a computer.