Slashdot Mirror
Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data (wsj.com)
WSJ has a major scoop today. From a report: The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool (could be paywalled), according to current and former U.S. officials with knowledge of the matter. The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company's knowledge, the program searched for terms as broad as "top secret," which may be written on classified government documents, as well as the classified code names of U.S. government programs, these people said. The Wall Street Journal reported last week that Russian hackers used Kaspersky's software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program. The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. But the use of the Kaspersky program to spy on the U.S. is broader and more pervasive than the operation against that one individual, whose name hasn't been publicly released, current and former officials said. This link should get you around WSJ's paywall. Also read: Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'
https://hardenedlinux.github.i...
00 ME: Management Engine
First introduced in Intel’s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can’t be ignored.
...WSJ has a major scoop today.:...
From the WSJ article itself:
...Israel’s spying on Kaspersky, which U.S. officials said provided crucial evidence that Kaspersky Lab was working with the Russian government, and the use of Kaspersky to scan for classified keywords was first reported Tuesday by the New York Times. ...
[my emphasis] The NYTimes may not be my favorite newspaper, but credit where credit isude, eh?
Generally, allies don't have missiles pointed at each other, nor do they have missile defense systems to block the other's missiles.
According to the State Department, officially, Russia is not our ally. If you disagree, don't argue with me, take it up with Rex Tillerson and Donald Trump.
You are welcome on my lawn.
The _NSAKEY was discovered in Windows NT 4 in August 1999 by Andrew Fernandes of Cryptonym. It could be confirmed and reset by any hacker with a copy of NT. I did cleared mine and most of my tech colleagues did the same
https://en.wikipedia.org/wiki/...
Gates was interviews by BBC news and flout out denied its existence.
https://cryptome.org/nsakey-ms...
Regarding the NSA contractor, it sounds like Kaspersky AV was working as designed. It detected the malware the contractor was working on and sent the file back to Kaspersky Labs for analysis. It sounds to me like the NSA's security policy needs some work if a contractor can download classified files to a non-secure computer.
Now as far as Kaspersky AV scanning for classified documents, that's certainly plausible but where's the evidence? Not running the software on sensitive computers sounds like good policy, but there's a lot of software that shouldn't be run on those types of systems. That being said, how do we know all foreign made computers themselves haven't been compromised at the factory?