Slashdot Mirror
Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data (wsj.com)
WSJ has a major scoop today. From a report: The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool (could be paywalled), according to current and former U.S. officials with knowledge of the matter. The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company's knowledge, the program searched for terms as broad as "top secret," which may be written on classified government documents, as well as the classified code names of U.S. government programs, these people said. The Wall Street Journal reported last week that Russian hackers used Kaspersky's software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program. The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. But the use of the Kaspersky program to spy on the U.S. is broader and more pervasive than the operation against that one individual, whose name hasn't been publicly released, current and former officials said. This link should get you around WSJ's paywall. Also read: Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'
It's the weaponization of something considered a base necessity to the functioning of computers. It's the equivalent of poisoning a city's primary water supply. Yes there are others but this one is well known and been used for so long that many are dependent on it for what it provides.
If running an antivirus is a base necessity, you've chosen your operating system poorly.
Act of war? Spy services spy. That's why they exist and every country has spy services. How this is a shock to anyone is beyond me. Do you think that the NSA hasn't exploited every single A/V provider, hell, every single online anything?
Shocked, I tell you.
I said, oh, 3 or 5 years ago, or maybe it was 10? ...that an obvious vector was the antivirus product itself. Because trust has to start somewhere, and people tend to trust their antivirus software, because otherwise, what do you do? Throw out your computer and go back to books? (Now that I write that, it doesn't sound like a half bad idea.)
And this was even before the useless nagware McAfee Security Scan started being bundled in everything to hell and gone.
So, in a way, I'm glad this happened, because it might cause people (well, some people... well, a few people) to look a little more critically at their antivirus software.
So everyone should convert to Windows Defender. Just kidding.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I wouldn't be surprised if AV made in the USA does the same, just sending copies to a different three letter agency.
...WSJ has a major scoop today.:...
From the WSJ article itself:
...Israel’s spying on Kaspersky, which U.S. officials said provided crucial evidence that Kaspersky Lab was working with the Russian government, and the use of Kaspersky to scan for classified keywords was first reported Tuesday by the New York Times. ...
[my emphasis] The NYTimes may not be my favorite newspaper, but credit where credit isude, eh?
A decent piece by Hacker News (https://thehackernews.com/2017/10/kaspersky-nsa-russian-hackers.html) correctly points out that there is no evidence, just anonymous sources and nation state he said she said. Even if Russian ops did gain access through Kaspersky, Kaspersky might not have allowed access and are victims themselves. US intelligence does this all the time, ask Cisco about the backdoor added to their hardware mid route (thanks Edward Snowden for the revelation).
Blaming a company without any substantial proof at this time is just more fear mongering playing into the current narrative. The fact that it's easy to take previous known code from an intelligence program and re-purpose it/style to frame another country is never mentioned in theses "OMG THE BAD GUY HACKED US!" stories is very disingenuous. But I suppose after weeks of this allegation and congressional hearings, we'll still know nothing and the story will slowly fade away except for the occasional talking point of why we should sanction/hack/declare war with Russia.
Generally, allies don't have missiles pointed at each other, nor do they have missile defense systems to block the other's missiles.
According to the State Department, officially, Russia is not our ally. If you disagree, don't argue with me, take it up with Rex Tillerson and Donald Trump.
You are welcome on my lawn.
Regarding the NSA contractor, it sounds like Kaspersky AV was working as designed. It detected the malware the contractor was working on and sent the file back to Kaspersky Labs for analysis. It sounds to me like the NSA's security policy needs some work if a contractor can download classified files to a non-secure computer.
Now as far as Kaspersky AV scanning for classified documents, that's certainly plausible but where's the evidence? Not running the software on sensitive computers sounds like good policy, but there's a lot of software that shouldn't be run on those types of systems. That being said, how do we know all foreign made computers themselves haven't been compromised at the factory?
Nation A spies on nation B. Nation A tells nation C about what it "found" deep in nation B.
Nation A and C then publish what they found from all their spying on nation B in near real time.
Nation B is then accused of "spying" to cover for what nation A and C really did.
In the real world nation A and C would have kept that a secret and created all kinds of fake litter for nation B to find and believe in.
If fantastic details are in the open media its just something fictional to publish and push national cyber talking points.
Real spy success stories stays secret for decades so a nation B never knew what really happened.
Domestic spying is now "Benign Information Gathering"