Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dodging Russian Spies, Customers Are Ripping Out Kaspersky (thedailybeast.com)

Posted by msmash on from the tussle-continues dept.

From a report: Multiple U.S. security consultants and other industry sources tell The Daily Beast customers are dropping their use of Kaspersky software all together, particularly in the financial sector, likely concerned that Russian spies can rummage through their files. Some security companies are being told to only provide U.S. products. And former Kaspersky employees describe the firm as reeling, with department closures and anticipation that researchers will jump ship soon. "We are under great pressure to only use American products no matter the technical or performance consequences," said a source in a cybersecurity firm which uses Kaspersky's anti-virus engine in its own services. The Daily Beast granted anonymity to some of the industry sources to discuss internal deliberations, as well as the former Kaspersky employees to talk candidly about recent events.

6 of 366 comments (clear)

  1. unintended consequence by goose-incarnated · · Score: 4, Interesting

    Unintended consequences of the "wrong" candidate winning. The media's bitterness is not because the wrong candidate won, but because they were shown via the election results that they had less power than they thought they did.

    --
    I'm a minority race. Save your vitriol for white people.
  2. Is Kaspersky Software on Voting machines? by Anonymous Coward · · Score: 5, Interesting

    Given Putin kills, imprisons, arrests people and businesses who oppose him, and given Russia's cyber attacks on the USA, you have to consider that Kaspersky may not have a choice in the matter. With so many KGB people involved there, it's probably better to be safe than sorry here and remove their software. There is actual evidence (see link below citing an Israeli hack into Kaspersky).

    I wonder how many of those voting machines in the USA have Kaspersky anti virus installed on them, how many computers dealing with election rolls, and absentee ballots and vote counting. Can you really risk Russian software on voting systems when you know Russia has attacked the elections?

    https://www.theguardian.com/technology/2017/oct/11/israel-hack-uncovered-russian-spies-use-kaspersky-lab-2015-report-us-software-federal-government

    "While the Israeli spies were inside Kaspersky’s systems, they observed Russian spies in turn using the company’s tools to spy on American spies, the New York Times reports. That information, handed to the US, led to the decision in September to end the use of the company’s software across the federal government by December."

    "But it still leaves many further questions unanswered. Crucially for Kaspersky, the Israeli hack apparently failed to provide enough information to determine whether it was a willing, or even knowing, participant in the Russian espionage."

    "The Russian government exercises tight control over domestic and foreign high-tech industries operating within its borders. In June 2017, it began demanding the source code for certain software imported, ostensibly to search for “backdoors” inserted by foreign intelligence agencies. In practice, it’s widely believed that the Russian security agency scans the source code for undisclosed vulnerabilities it can use to improve its own hacking prowess."

    1. Re:Is Kaspersky Software on Voting machines? by Boutzev · · Score: 5, Interesting

      This is ridiculous. The whole world uses US software that provides full access to US three letter agencies, but now it is a big issue that Kaspersky happens to be a Russian company.

      The only proof I have seen is talk about a security vulnerability discovered by Israeli intelligence in Kaspersky, which they reported to the US government. There is absolutely no proof of it being intentionally put there. Considering that Kaspersky does provide their source code to US based agencies, it is not very likely they would place anything intentionally and risking loosing their business. It doesn't make sense.

      For common people in the US, it is probably safer to use Kaspersky rather than any US based software. Though it won't stop the three letter agencies from spying on you - they can do this through your OS, your smartphone, your TV set, through your ISP or your email provider ... Kaspersky won't help you much.

  3. Re:All together? by arglebargle_xiv · · Score: 3, Interesting

    Some security companies are being told to only provide U.S. products

    Given the choice between Kaspersky and the FSB vs Symantec Endpoint Security, I'd feel better protected by Kaspersky + FSB.

  4. Re:All together? by Anonymous Coward · · Score: 5, Interesting

    Exactly. Given the choice, I'd rather be spied on by a government that has no power over me than by the government-friendly US based companies.

    It's sad that threat modeling has to be done with something as mundane as AV software, but it's rather true. If you're someone with unpopular opinions, the last thing you want is your own government seeing what you're up to. If you're doing R&D work that some cheap third world country is going to copy and sell here thanks to crappy treasonous trade deals then it's best to not be spied on by foreigners because industrial espionage is a very real thing.

    BTW, industrial espionage is also a reason to avoid "cloud computing" at all costs for any data you actually care about, especially business plans and product research, unless it's encrypted with a key only you control and that key has never seen a Windows 10 machine.

  5. Re:All together? by scumdamn · · Score: 2, Interesting

    I really hate it when I see a story about Russia on Slashdot because all the apologists come out and remind me what a dumpster fire Slashdot has become. I remember back when it was actually a tech site that mattered rather than two day old stories and comments that are basically "I can't hear you la la la la la!"