Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data

WSJ has a major scoop today. From a report: The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool (could be paywalled), according to current and former U.S. officials with knowledge of the matter. The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company's knowledge, the program searched for terms as broad as "top secret," which may be written on classified government documents, as well as the classified code names of U.S. government programs, these people said. The Wall Street Journal reported last week that Russian hackers used Kaspersky's software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program. The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. But the use of the Kaspersky program to spy on the U.S. is broader and more pervasive than the operation against that one individual, whose name hasn't been publicly released, current and former officials said. This link should get you around WSJ's paywall. Also read: Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'

I told you so!

I've been telling you people that Kaspersky is nothing more than a tool to send the KGB (now FSB) your files for over a year.

You won't have seen my warning unless you brows at -1 because Slashdot is infested with Russian sock-puppets, idiots, and traitors.

Re:I told you so!

I wouldn't be surprised if AV made in the USA does the same, just sending copies to a different three letter agency.

Re:That's an act of war, right?

[Mordaximus]

It's the weaponization of something considered a base necessity to the functioning of computers. It's the equivalent of poisoning a city's primary water supply. Yes there are others but this one is well known and been used for so long that many are dependent on it for what it provides.

If running an antivirus is a base necessity, you've chosen your operating system poorly.

Re:That's an act of war, right?

[Train0987]

Act of war? Spy services spy. That's why they exist and every country has spy services. How this is a shock to anyone is beyond me. Do you think that the NSA hasn't exploited every single A/V provider, hell, every single online anything?

Same song and dance.

WSJ has a major scoop today.

From a report

according to current and former U.S. officials

How many times are we going to let this go? Every week there is something else.

Shocking news to grab your attention by a series of reputable outlets that have changed ownership or management in the last few years. From a report, sounds so official. With vague anonymous sources that are official in some way.

I am not saying this is entirely "fake news". That rarely exists whole-cloth, but just look into it a little closer when it looks like a duck and quacks like a duck.

The US government, and by extension the media sources that make their money by having cooperative contacts within it, got pissed off at Kaspersky for exposing their dirty Stuxnet secrets. Double points for Kaspersy being Russian at a time when anything remotely critical of Trump is made of ad impression gold.

So now they set the hounds against Kaspersky and we have to put up with a media blitz. Story after story with no real proof other than "trust us, we are the media and government" when we should be doing the opposite for the same reason.

Re:I'm shocked.

[ctilsie242]

Since AV software requires kernel level access, or as close to it as possible, having AV software be a Trojan or a spying tool isn't surprising.

I just wonder why we even have AV in the first place. Scanning for signatures is a pointless task. The two biggest entry points for infection are Trojans (that invoice that was E-mailed with the CEO's name, even though the return header is from a Lower Elbonian site), and malvertising/weaknesses in the Web browser.

The browser issues are addressed by virtual machines (with their completely separate file system) and ad blocking, where signatures actually do work and are relevant.

Trojan executables will always be a threat, but what would help mitigate this are multiple signed repositories for programs. Not one, so there can't be a monopoly, but several big players to obtain programs from, and who actively curate what is offered there. Of course, the Dancing Bunnies attack can get a user to add a malicious repository, but outside of locking an OS down like iOS, there is little an OS maker can do to prevent that, other than having a stern warning about non mainstream repos.

AV software scanning can be useful, but it needs to be based around hash signatures and large databases similar to VirusTotal that can throw a lot of heuristic scanning at an executable, rather than just a single database.

As proof of this, I an point to AIX, Solaris, BSD, and Linux... all of which have never needed AV software, other than to make legal eagles happy.

Problem with WSJ article

A decent piece by Hacker News (https://thehackernews.com/2017/10/kaspersky-nsa-russian-hackers.html) correctly points out that there is no evidence, just anonymous sources and nation state he said she said. Even if Russian ops did gain access through Kaspersky, Kaspersky might not have allowed access and are victims themselves. US intelligence does this all the time, ask Cisco about the backdoor added to their hardware mid route (thanks Edward Snowden for the revelation).

Blaming a company without any substantial proof at this time is just more fear mongering playing into the current narrative. The fact that it's easy to take previous known code from an intelligence program and re-purpose it/style to frame another country is never mentioned in theses "OMG THE BAD GUY HACKED US!" stories is very disingenuous. But I suppose after weeks of this allegation and congressional hearings, we'll still know nothing and the story will slowly fade away except for the occasional talking point of why we should sanction/hack/declare war with Russia.

Re:Amazing

SlashdotMedia has turned Slashdot into the democrats' mouthpiece. You all are starting to make Trump look like a rational human being.

It used to be republicans were the ones who hated the Russians the most. Were do you get that Democrats like Russians? Russia doesn't care about republican vs. democrat, they want to do whatever they can, no matter the avenue to make America weaker.

Re: good job for AV software

I'd prefer simplier reason.
AV scans for some unusual call patterns.
In this case it was debug versions of NSA malware.
Of course it was man-analysed and, as soon as the source (i. e. NSA) was identified russian government authorities were in play hacking further in that gaping hole.
I cannot blame Kaspersky for this. Malware makers are same kin as drug dealers or terrorists - no difference IMO.

Re:This is why I use Windows Defender

[tattood]

Which sends data to Microsoft. Is that safer?

As long as it's not going to Russia, then yes!

Re:How do we know that the US Government...

Alternative reading of this: The NSA and CIA have found that the Kaspersky AV does a good job of keeping their spyware off computers, so they spread FUD to persuade users to switch to less effective AV that doesn't keep out NSA/CIA spyware.

Re:That's an act of war, right?

[93+Escort+Wagon]

Kellyanne isn't much more reliable than her boss. Her boss lies like a rug.

He lies; she's mainly just an idiot.

Re:do people actually believe this stuff?

[AHuxley]

Nation A spies on nation B. Nation A tells nation C about what it "found" deep in nation B.
Nation A and C then publish what they found from all their spying on nation B in near real time.
Nation B is then accused of "spying" to cover for what nation A and C really did.
In the real world nation A and C would have kept that a secret and created all kinds of fake litter for nation B to find and believe in.

If fantastic details are in the open media its just something fictional to publish and push national cyber talking points.
Real spy success stories stays secret for decades so a nation B never knew what really happened.

Re:That's an act of war, right?

[rtb61]

Keep in mind the reality of the story. The Israeli spy agency whilst commuting criminals acts reports that Kaspersky is harvesting 'spy tools', not harvesting the target computer of it's data but harvesting the tools ie getting a copy of that virus and it settings, plus the type of data it sends and where it sends it and hopefully where it came from. Isn't this what they are meant to do, get those hacking tools, analyse them and break them but then no story like an old story https://www.youtube.com/watch?... and now twisted to attack Kaspersky why, because they were doing to good a job perhaps and exposing NSA and CIA activities and are being punished for it. This is not even a Russia propaganda thing, this is punishing a security company for exposing NSA/CIA/MOSSAD criminal activities.

As for Israel claims of hacking, well, the spy vss spy crowd is always obvious, they always lie, it is their nature. They claim online hacking, than it is a lie, Kaspersky you have for profit Mossad moles with offshore tax haven bank accounts, want to find them, track where they went for holidays, tax haven stays are a pretty solid indicator of criminal activity. In fact any security company, any where in the world, should advise it's staff that stays in tax havens will be considered a sign of criminal intent, it is, just the way it is.