Slashdot Mirror
Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data (wsj.com)
WSJ has a major scoop today. From a report: The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool (could be paywalled), according to current and former U.S. officials with knowledge of the matter. The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company's knowledge, the program searched for terms as broad as "top secret," which may be written on classified government documents, as well as the classified code names of U.S. government programs, these people said. The Wall Street Journal reported last week that Russian hackers used Kaspersky's software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program. The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. But the use of the Kaspersky program to spy on the U.S. is broader and more pervasive than the operation against that one individual, whose name hasn't been publicly released, current and former officials said. This link should get you around WSJ's paywall. Also read: Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'
It's the weaponization of something considered a base necessity to the functioning of computers. It's the equivalent of poisoning a city's primary water supply. Yes there are others but this one is well known and been used for so long that many are dependent on it for what it provides.
If running an antivirus is a base necessity, you've chosen your operating system poorly.
Act of war? Spy services spy. That's why they exist and every country has spy services. How this is a shock to anyone is beyond me. Do you think that the NSA hasn't exploited every single A/V provider, hell, every single online anything?
WSJ has a major scoop today.
From a report
according to current and former U.S. officials
How many times are we going to let this go? Every week there is something else.
Shocking news to grab your attention by a series of reputable outlets that have changed ownership or management in the last few years. From a report, sounds so official. With vague anonymous sources that are official in some way.
I am not saying this is entirely "fake news". That rarely exists whole-cloth, but just look into it a little closer when it looks like a duck and quacks like a duck.
The US government, and by extension the media sources that make their money by having cooperative contacts within it, got pissed off at Kaspersky for exposing their dirty Stuxnet secrets. Double points for Kaspersy being Russian at a time when anything remotely critical of Trump is made of ad impression gold.
So now they set the hounds against Kaspersky and we have to put up with a media blitz. Story after story with no real proof other than "trust us, we are the media and government" when we should be doing the opposite for the same reason.
Shocked, I tell you.
I said, oh, 3 or 5 years ago, or maybe it was 10? ...that an obvious vector was the antivirus product itself. Because trust has to start somewhere, and people tend to trust their antivirus software, because otherwise, what do you do? Throw out your computer and go back to books? (Now that I write that, it doesn't sound like a half bad idea.)
And this was even before the useless nagware McAfee Security Scan started being bundled in everything to hell and gone.
So, in a way, I'm glad this happened, because it might cause people (well, some people... well, a few people) to look a little more critically at their antivirus software.
So everyone should convert to Windows Defender. Just kidding.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I wouldn't be surprised if AV made in the USA does the same, just sending copies to a different three letter agency.
https://hardenedlinux.github.i...
00 ME: Management Engine
First introduced in Intel’s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can’t be ignored.
...WSJ has a major scoop today.:...
From the WSJ article itself:
...Israel’s spying on Kaspersky, which U.S. officials said provided crucial evidence that Kaspersky Lab was working with the Russian government, and the use of Kaspersky to scan for classified keywords was first reported Tuesday by the New York Times. ...
[my emphasis] The NYTimes may not be my favorite newspaper, but credit where credit isude, eh?
AV is not necessary to the base functioning of a computer. It is poorly designed OS architectures and architectures brought forward from antediluvian hardware which made AV a need in the first place. In reality, you are far better off with a signed executable mechanism, an ad blocker, and your web browser in a VM or container than you ever will be with AV software. Mainly because AV doesn't catch the latest stuff.
Yes, AV sells, but it is more of a legal checkbox than something useful for an active defense.
I wouldn't be surprised if AV made in the USA does the same, just sending copies to a different three letter agency.
Windows 10 Defender absolutely does this. The description however promises that if the file is a "personal document" it asks for your permission first.. Upon asked what count as personal document microsoft has anwsered it means a file created with "default windows 10 apps".
This isn't a zero sum game, it doesn't matter to this particular story what the US government did. Maybe other things are similarly compromised, maybe not. It would be useful to expose each one that is without trying to distract by talking about unrelated products.
I'm sure that it won't be long before they will have the ability to listen to every home with a Amazon echo in it.
It's cute that you think they don't have that ability now. If we've learned one thing from commercial software (which goes for cell phones, "smart" TVs, etc), it's that security is often an afterthought. Hell, even the military decided to just drop the encryption on the video streams from Predator/Reaper drones because of the negative performance impact of the encryption. I don't know if they've gotten better hardware to fix that at this point, hopefully they have, but security is often one of the things that gets axed first unless the product is specifically a security product. I doubt that Echo or the Google devices are bullet-proof in any way, and expect that significant resources have been spent by multiple countries to find a way to compromise them. The same goes for cell phone microphones and cameras.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
A decent piece by Hacker News (https://thehackernews.com/2017/10/kaspersky-nsa-russian-hackers.html) correctly points out that there is no evidence, just anonymous sources and nation state he said she said. Even if Russian ops did gain access through Kaspersky, Kaspersky might not have allowed access and are victims themselves. US intelligence does this all the time, ask Cisco about the backdoor added to their hardware mid route (thanks Edward Snowden for the revelation).
Blaming a company without any substantial proof at this time is just more fear mongering playing into the current narrative. The fact that it's easy to take previous known code from an intelligence program and re-purpose it/style to frame another country is never mentioned in theses "OMG THE BAD GUY HACKED US!" stories is very disingenuous. But I suppose after weeks of this allegation and congressional hearings, we'll still know nothing and the story will slowly fade away except for the occasional talking point of why we should sanction/hack/declare war with Russia.
Over here we say "boy who cried wolf." That "peter and the wolf" thing is pretty much strictly a Russian idiom. Just so you know, going forward.
Shill disinformation vector 3: doubt fork of FUD activated!
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
That wasn't a sci-fi story, it was one of the Snowden leaks.
SlashdotMedia has turned Slashdot into the democrats' mouthpiece. You all are starting to make Trump look like a rational human being.
It used to be republicans were the ones who hated the Russians the most. Were do you get that Democrats like Russians? Russia doesn't care about republican vs. democrat, they want to do whatever they can, no matter the avenue to make America weaker.
Generally, allies don't have missiles pointed at each other, nor do they have missile defense systems to block the other's missiles.
According to the State Department, officially, Russia is not our ally. If you disagree, don't argue with me, take it up with Rex Tillerson and Donald Trump.
You are welcome on my lawn.
The _NSAKEY was discovered in Windows NT 4 in August 1999 by Andrew Fernandes of Cryptonym. It could be confirmed and reset by any hacker with a copy of NT. I did cleared mine and most of my tech colleagues did the same
https://en.wikipedia.org/wiki/...
Gates was interviews by BBC news and flout out denied its existence.
https://cryptome.org/nsakey-ms...
Alternative reading of this: The NSA and CIA have found that the Kaspersky AV does a good job of keeping their spyware off computers, so they spread FUD to persuade users to switch to less effective AV that doesn't keep out NSA/CIA spyware.
Kellyanne isn't much more reliable than her boss. Her boss lies like a rug.
He lies; she's mainly just an idiot.
#DeleteChrome
Why would Microsoft bother with Defender to do this when they already own your whole computer with Windows?
Regarding the NSA contractor, it sounds like Kaspersky AV was working as designed. It detected the malware the contractor was working on and sent the file back to Kaspersky Labs for analysis. It sounds to me like the NSA's security policy needs some work if a contractor can download classified files to a non-secure computer.
Now as far as Kaspersky AV scanning for classified documents, that's certainly plausible but where's the evidence? Not running the software on sensitive computers sounds like good policy, but there's a lot of software that shouldn't be run on those types of systems. That being said, how do we know all foreign made computers themselves haven't been compromised at the factory?
Nation A spies on nation B. Nation A tells nation C about what it "found" deep in nation B.
Nation A and C then publish what they found from all their spying on nation B in near real time.
Nation B is then accused of "spying" to cover for what nation A and C really did.
In the real world nation A and C would have kept that a secret and created all kinds of fake litter for nation B to find and believe in.
If fantastic details are in the open media its just something fictional to publish and push national cyber talking points.
Real spy success stories stays secret for decades so a nation B never knew what really happened.
Domestic spying is now "Benign Information Gathering"
But still, the reason why there is no way I would go back to windows after having switched to linux 15 years ago is this : antiviruses. Having a program constantly using your CPU and hard-drive is a nonsense.
And no, I don't buy the "if 99% of people would use linux there would be viruses on Linux too" argument. Many Android phones out there and no one runs an anti-virus (security updates, on the other hand, would be welcome).
Tear up a "Made in USA" computer and look at the country of origin of the chips in there, shithead.
It little behooves the best of us to comment on the rest of us.
Keep in mind the reality of the story. The Israeli spy agency whilst commuting criminals acts reports that Kaspersky is harvesting 'spy tools', not harvesting the target computer of it's data but harvesting the tools ie getting a copy of that virus and it settings, plus the type of data it sends and where it sends it and hopefully where it came from. Isn't this what they are meant to do, get those hacking tools, analyse them and break them but then no story like an old story https://www.youtube.com/watch?... and now twisted to attack Kaspersky why, because they were doing to good a job perhaps and exposing NSA and CIA activities and are being punished for it. This is not even a Russia propaganda thing, this is punishing a security company for exposing NSA/CIA/MOSSAD criminal activities.
As for Israel claims of hacking, well, the spy vss spy crowd is always obvious, they always lie, it is their nature. They claim online hacking, than it is a lie, Kaspersky you have for profit Mossad moles with offshore tax haven bank accounts, want to find them, track where they went for holidays, tax haven stays are a pretty solid indicator of criminal activity. In fact any security company, any where in the world, should advise it's staff that stays in tax havens will be considered a sign of criminal intent, it is, just the way it is.
Chaos - everything, everywhere, everywhen
It's not clear that it's exactly sending it to the Kremlin directly, nor would it have to. If they have anything like what we have, they simply tap the internet traffic. Our government almost certainly does something similar. Kaspersky told us back in 2015 that they caught a Stuxnet-like malware invading them, so there's some credibility to this one, though there's not a lot of info other than anonymous rumors repeated by the press.
It's fair to criticize both spying apparatuses for that, mind you. I don't know how to stop either one, though. They have some pretty crazy tools at their disposal, if you've ever seen the TAO catalog.
This can only be good news. The world is sick of a 'strong America' striding the globe arrogantly, visiting war, mayhem, regime change and murderous interventions with impunity. The legacy, still continuing since WWII has been a global holocaust of peoples who've died, been injured as a result of the US's cult of impunity, acting as a rogue state outside international law. Many have got so used to US global behaviour they accept the rogue state to act as it wants, without constraint or recourse to international law.
A 'weak America' is good news NOT bad news. We can only hope that its aggressive foreign policy, and murderous military will one day diminish, and the US ceases to run amok, murder and maim, treating the rest of the world as its deadly playground.
The US is largely a corrupt and regressive backwater these days. Let's hope that the backwardness of US policies, both domestic and foreign, will face some credible opposition from more progressive countries. America is increasingly becoming a particularly ugly example of a corrupt and totalitarian nightmare. One only has to look at who the 'choices' for president were, to realise that the system of government there has long since ceased to function in any moderately representative way, let alone democratic.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Since the data sent between Windows and Microsoft HQ is encrypted no researched can know if what it sends are hashed files or any other data. And since Windows both phones home for updates as well as telemetry this could just as easily be handled there.