Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Admits To Reaping Hacking Tools From NSA Employee PC (zdnet.com)

Posted by msmash on from the he-said-she-said dept.

Kaspersky has acknowledged that code belonging to the US National Security Agency (NSA) was lifted from a PC for analysis but insists the theft was not intentional. From a report: In October, a report from the Wall Street Journal claimed that in 2015, the Russian firm targeted an employee of the NSA known for working on the intelligence agency's hacking tools and software. The story suggested that the unnamed employee took classified materials home and operated on their PC, which was running Kaspersky's antivirus software. Once these secretive files were identified -- through an avenue carved by the antivirus -- the Russian government was then able to obtain this information. Kaspersky has denied any wrongdoing, but the allegation that the firm was working covertly with the Russian government was enough to ensure Kaspersky products were banned on federal networks. There was a number of theories relating to what actually took place -- was Kaspersky deliberately targeting NSA employees on behalf of the Kremlin, did an external threat actor exploit a zero-day vulnerability in Kaspersky's antivirus, or were the files detected and pulled by accident? According to Kaspersky, the latter is true. On Wednesday, the Moscow-based firm said in a statement that the results of a preliminary investigation have produced a rough timeline of how the incident took place. It was actually a year earlier than the WSJ believed, in 2014, that code belonging to the NSA's Equation Group was taken.

70 of 139 comments (clear)

  1. I call BullSh!t by Anonymous Coward · · Score: 1

    WSJ, MSM,..... WMD anyone?

    Smear, smear, smear, its the russian!!! Oh wait its the DNC!!!! Squirrel with Tits just ran behind that tree!!!

  2. Beleivable by AmiMoJo · · Score: 5, Insightful

    Their version of events is much more believable than the others offers so far. Guy takes home the NSA malware, disables Kaspersky to install some warez and then realizes his machine has been p0wned, so does multiple full scans. The NSA malware is picked up during those scans and automatically submitted for analysis (the default behaviour). During this time his machine had an open backdoor.

    What really worries me here is that Kaspersky apparently deleted the NSA malware and source code once they realized what it was. They should have analyzed it, generated signatures and published details. Failure to do so is far worse than simply sharing it with the Russian government, who I'd assume already had copies anyway given how leaky the NSA is.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re: Beleivable by Anonymous Coward · · Score: 1

      Quite. I wouldn't trust Kapersky at this point - not because muh Russia, but because it's clear they're hands off when removing malware from state actors.

      Not that I care if the NSA figures out my porn preferences - the idea that state sponsored malware will remain solely in the hands of states is pretty daft.

    2. Re: Beleivable by Baron_Yam · · Score: 5, Insightful

      >Not that I care if the NSA figures out my porn preferences

      You should, so long as there are people out there who would punish you for them. There's a seemingly unending supply of sanctimonious people out there who will outright ruin your life if they find something about you personally distasteful.

      Even though you and I are likely so unimportant to the state and they're unlikely to use what they find against you, just on general principles you should want privacy from the government as a general rule whenever it is practical.

      When the three letter agencies have access to everyone's secrets, they're no longer serving the public since they have the power to control those who are supposed to be in power.

    3. Re:Beleivable by mangastudent · · Score: 4, Interesting

      What really worries me here is that Kaspersky apparently deleted the NSA malware and source code once they realized what it was. They should have analyzed it, generated signatures and published details.

      Doing that with Officially Classified materials has legal consequences. For example, I assume employees of Kaspersky want to be able to travel outside of Russia without getting arrested and imprisoned. And to be able to travel to the US for security conferences.

    4. Re:Beleivable by Train0987 · · Score: 3, Funny

      Doing that with Officially Classified materials has legal consequences. .

      Unless you're Hillary Clinton, of course.

    5. Re:Beleivable by Anonymous Coward · · Score: 1

      AFAIK Individuals without security clearance have no legal obligations around classified material.

    6. Re: Beleivable by Ol+Olsoc · · Score: 2

      >Not that I care if the NSA figures out my porn preferences

      You should, so long as there are people out there who would punish you for them. There's a seemingly unending supply of sanctimonious people out there who will outright ruin your life if they find something about you personally distasteful.

      In a twist of irony, those selfsame people will as likely as not have much more interesting porn records than anything a normal person has. Its projection, and we see it time and time again, from Jimmy Swaggert's television set top wanking while a hooker does God knows what, to that creep preacher in Colorado who railed on about them thar homos, but enjoyed screwing his male masseuse, to better than the rest of us Josh Duggar who has some very interesting and illegal preferences. Brings new meaning to family values.

      I just say something about Shemale midget scat porn and watch their eyes light up.......

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    7. Re:Beleivable by NicknameUnavailable · · Score: 1

      Malware is malware.

    8. Re:Beleivable by mangastudent · · Score: 2, Informative
      More generally a member of our Ruling Class. See for example John Deutch per Wikipedia:

      Soon after Deutch's departure from the CIA [as Director] in 1996 it was revealed that classified materials had been kept on several of Deutch's laptop computers designated as unclassified. In January 1997, the CIA began a formal security investigation of the matter. Senior management members at the CIA declined to fully pursue the security breach. More than two years after his departure, the matter was referred to the Department of Justice, where Attorney General Janet Reno declined to prosecute. She did, however, recommend an investigation to determine whether Deutch should retain his security clearance. President Clinton issued a Presidential pardon on his last day in office.

      Very specifically, according to local newspaper reports (I was living in the D.C. area at the time), he took materials out of a Sensitive Compartmented Information Facility, the sort of thing that you swear each time you enter one not to do, and did the above with one or more computers he used at home that were attached to the Internet, as I recall, even emailed stuff based on this Top Secret material.

      More recently, many of Hillary's retinue did the same or worse, e.g. with raw NSA intercepts, and of course nothing happened to them.

    9. Re:Beleivable by mangastudent · · Score: 1

      Do you think that would matter for a political prosecution? A concept we know Russians are very aware of.

    10. Re:Beleivable by Anonymous Coward · · Score: 1

      ...and can't forget Sandy Berger being caught with classified documents down his pants: Unauthorized Removal and destruction of classified material

    11. Re:Beleivable by mangastudent · · Score: 3

      Sandy Berger as a Clinton insider who actually got some real punishments, albeit wrist slaps aside from losing his law license, doesn't do a good job of making my greater point that there's a Ruling Class that's essentially not subject to the Rule of Law we peons in theory live under.

      On the other hand, he's a good example of how this crosses nominal party lines, this particular crime of his was done while Team Bush was at least nominally running the Executive, they should have nailed him to the wall.

    12. Re:Beleivable by barbariccow · · Score: 1

      "if we accidentally get some of your files, we delete them immediately-- any files of any type, no matter what they are or what they do."

      But if it got malware, how are they supposed to know if YOU wrote the malware (and thus the policy would be to delete it) or if you just downloaded it (and thus their policy should be to catalogue and hash)?

    13. Re:Beleivable by AmiMoJo · · Score: 1

      That's why security conferences need to move out of the US.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re:Beleivable by LeftCoastThinker · · Score: 1

      Or this is how the NSA malware was obtained and leaked in the first place. There is already a lot of evidence that Kaspersky is in bed with the FSB, there is no way in the real world that those hacking tools were just deleted before copies were made and sent to the FSB, AKA the Shadow Broker. Those hacking tools represented millions if not billions of dollars of investment and were active and potent cyber weapons. The jackass who took them home would have been executed for treason a few decades ago, and Kaspersky would have had all of their assets frozen everywhere outside of Russia, but the world has become a p&$$y whipped version of it'self, to coin a phrase.

      If you think Kaspersky just deleted those NSA tools then I have some real estate to sell you...

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    15. Re:Beleivable by mangastudent · · Score: 1

      Does the nsa literally slap a 'Classified' or 'Top Secret' sticker on the malware they spread?

      They might on the source code, which is what this incident is primarily about.

    16. Re:Beleivable by LeftCoastThinker · · Score: 2, Interesting

      Both parties cover for each other in the hope that when out of power they will be protected as a courtesy from the other party. This is the textbook reason why special prosecutors should always be used when there is evidence of criminal activity (as opposed to the Trump Russia investigation, where there is a lot of innuendo, but no actual allegation or evidence of criminal activity, ask a real prosecutor, they will tell you).

      As far as Sandy Berger, the guy was on camera stuffing classified documents into his pants the day before Clinton left office... That is what is known as evidence.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    17. Re:Beleivable by mysidia · · Score: 1

      Guy takes home the NSA malware, disables Kaspersky to install some warez and then realizes his machine has been p0wned, so does multiple full scans. The NSA malware is picked up during those scans and automatically submitted for analysis (the default behaviour).

      In other words, the Antimalware software did exactly what it should do and is disclosed to its users of doing ---- SAMPLING SUSPICIOUS RUNNING PROGRAM FILES

      There's nothing shady about that..... Indeed failing to develop signatures for NSA malware and treat it just like other malware is the greatest concern.

    18. Re:Beleivable by JHDrexler · · Score: 1

      What I don't understand is how did they know that the source code was from a government's classified project and therefore should be deleted? The way that i see it is that if they happen to get their hands on malware source code then why wouldn't they assume that it is illegal and process the heck out of it? So if I was a bad buy and wanted to protect from my source code from analysis then I should mark it "Top Secret" and "Classified" and post it my github account and no one will mess with it?

    19. Re: Beleivable by Anonymous Coward · · Score: 1

      People would be wise to remember how sociopathic the masses can be when lead by psychopaths. Most people are crude, cruel, egotistical and short-sighted when pushed in certain directions by certain demagoges. In such a world, anything will be punishable, to meet quite different goals than what is said.

    20. Re:Beleivable by Aighearach · · Score: 1

      Their version of events is much more believable than the others offers so far. ...

      What really worries me here is that Kaspersky apparently deleted the NSA malware and source code once they realized what it was. They should have analyzed it, generated signatures and published details.

      You sound like have some bias of some sort interfering with your analysis, as your conclusion contradicts the details.

      It seems that parts of their story are more believable simply by being more specific, but it also includes some very not-believable but important details. To me they look less trustworthy from their story; they want me to believe they're incompetent, not malicious, and I'm just not convinced that I should believe them, or that the specific incompetence involved is even different than being malicious.

    21. Re:Beleivable by Aighearach · · Score: 1

      Wait, your thesis is that Russian companies who do lots of business outside of Russia should be scared of the USA based on the way that political prosecutions happen in Russia? So they should just be basically stupid idiots who can't do a business analysis, because they're so damaged by their national civics?

      It doesn't seem like a very good argument. It seems that the businesses who do a lot of business in the rest of the world would be the most aware of how the world works, not the most absurdly fearful.

      And if they were that fearful of government, there goes all the arguments their fanbois are making about how why they should be trusted. ;)

    22. Re:Beleivable by Aighearach · · Score: 1

      That's why security conferences need to move out of the US.

      Or, why they will continue to prefer having them here. ;)

    23. Re:Beleivable by AmiMoJo · · Score: 1

      They have seen a lot of NSA malware before, and been monitoring them for years. They regularly inform US authorities when infections are found in the US, because the NSA isn't supposed to do domestic spying.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    24. Re:Beleivable by mangastudent · · Score: 1

      As far as Sandy Berger, the guy was on camera stuffing classified documents into his pants the day before Clinton left office...

      Nit, he did that in late 2003, to destroy evidence pertaining to the Clinton Administration's handling of al-Qaeda's plots in 2000, before that was considered by the 9/11 Commission. Which continuing this theme of the parties covering for each other, included Jamie Gorelick, who should have been on the dock instead of in the commission, she had created the formerly notorious "wall", "unwarranted appearance[s]" of our Ruling Class are obviously much more important than the lives of 3,000+ peons, or the hundreds of thousands lost in the still ongoing "Global War on Terror".

    25. Re:Beleivable by Meski · · Score: 1

      What really worries me here is that Kaspersky apparently deleted the NSA malware and source code once they realized what it was. They should have analyzed it, generated signatures and published details.

      Doing that with Officially Classified materials has legal consequences. For example, I assume employees of Kaspersky want to be able to travel outside of Russia without getting arrested and imprisoned. And to be able to travel to the US for security conferences.

      Does the NSA know Kaspersky's signature algorithm, and do they check the signatures 'their' code produces in Kaspersky's malware signature list?

  3. The AV software was configured as such by Anonymous Coward · · Score: 5, Insightful

    No surprise here,
    Source: https://arstechnica.com/information-technology/2017/10/worker-who-snuck-nsa-secrets-home-had-a-backdoor-on-his-pc-kaspersky-says/?comments=1

    Direct quote:
    The NSA worker's computer ran a home version of Kaspersky AV that had enabled a voluntary service known as Kaspersky Security Network. When turned on, KSN automatically uploads new and previously unknown malware to company Kaspersky Lab servers. The setting eventually caused the previously undetected NSA malware to be uploaded to Kaspersky Lab servers, where it was then reviewed by a company analyst.

    1. Re:The AV software was configured as such by LeftCoastThinker · · Score: 1

      Alternatively, the FSB has an agent in the NSA, and they figured out a way to steal cyber weapons without getting caught (or so they thought). He illegally, under penalty of jail time or worse, brings home a trove of cyber weapons. He then turns on his home Kaspersky AV and infects himself and begins making AV scans, uploading all of the cyber weapons to Kaspersky in Russia, where his FSB counterpart makes copies to later leak as the Shadow Broker costing the US billions and destroying a decades worth of cyber weapons.

      When the NSA finally tracks down the leak, it finds the employee who pleads incompetence... I don't buy it for a minute. Taking home all those cyber weapons was deliberate and an act of treason, and the guy should be executed just like the Rosenbergs. If nothing else, no other NSA/CIA/etc. analyst will be bringing home unsanctioned classified code from the NSA.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    2. Re:The AV software was configured as such by Trax3001BBS · · Score: 1

      No surprise here.

      No, not at all.

      Many AV are set up that way, it was just bad luck for kaspersky, it was being run.

      I use Comodo firewall, it's deliberately hard to configure for the on-line support. I've used it for so long I've got it down and have disabled sending suspicious files it's way.

  4. Here comes the "but, but, but!!" squad by Anonymous Coward · · Score: 1

    Some bullshit about the product working only as intended. Hackers have been practicing obfuscated, "looks good but has a malicious side-channel" code since forever, and you'd be an utter dimwit (or vatnik!) to think that Mr. Kaspersky himself of the KGB's technical school doesn't know how to put these ideas into practice both programmatically AND socially.

    But guess what? Even if Kaspersky has the most honest intentions in the world, which they don't, that still doesn't prevent SORM from capturing everything, or from the business from being coerced into providing those telemetry, binaries, and incidentally collected files. Same reason Russia wisely banned Pokemon GO from their country: it's not Niantic you worry about hoovering up all that telemetry and incidental data. It's the government who inspect and grab that traffic over top of them for mass collection and analysis to map out a country's signals with useful idiots.

  5. Data trail by YrWrstNtmr · · Score: 3, Insightful

    NSA->employee->Home system->Kaspersky AV->Kaspersky Lab servers --------> Russian Govt?

    If Kaspersky isn't working with the Russian govt, how did their Lab data end up with the Russian govt?

    Oh, and the NSA dude needs some jail time as well.

    1. Re: Data trail by guruevi · · Score: 5, Insightful

      Nobody has ever said the Russians had the malware. Russian government involvement is a red herring spun to distract you from the Russia-Clinton-Obama inconvenience.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re: Data trail by Solandri · · Score: 2, Informative

      That's the problem with you conspiracy kooks. Occams razor tells us otherwise.

      I see people making this mistake a lot. Occam's razor isn't a law. It doesn't "tell us" anything. It doesn't say "The simplest explanation is the correct one."

      It actually goes: "The simplest explanation tends to be the correct one." Occam's razor merely suggests what is the most probable answer. It doesn't prove or tell us anything, it simply lets you organize hypotheses into, lacking any other evidence, the most likely order of plausibility. You still have to prove the most-likely hypothesis is correct. And a less-likely (more complicated) hypothesis can still turn out to be the correct one.

    3. Re:Data trail by ljw1004 · · Score: 1

      NSA->employee->Home system->Kaspersky AV->Kaspersky Lab servers --------> Russian Govt?
      If Kaspersky isn't working with the Russian govt, how did their Lab data end up with the Russian govt?

      Your "missing link" was already reported two weeks ago: https://politics.slashdot.org/...

      Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'
      Israeli spies looked on as Russian hackers breached Kaspersky cyber-security software two years ago, according to reports. The Russians were allegedly attempting to gather data on US intelligence programs, according to the New York Times and Washington Post. Israeli agents made the discovery after breaching the software themselves. Kaspersky has said it was neither involved in nor aware of the situation and denies collusion with authorities.

    4. Re:Data trail by Distan · · Score: 1

      If Kaspersky isn't working with the Russian govt, how did their Lab data end up with the Russian govt?

      We don't know that the data ended up with the government.

      Here is what is claimed:

      Reports published in the United States are that Israeli government hackers broke into Kaspersky and saw the NSA data. While the Israelis were there they witnessed Russian government hackers also break into Kaspersky and access the NSA data. Kaspersky claims the only people who hacked them were the Israelis and they were never hacked by the Russians.

      So if the Israelis are wrong the Russian government doesn't have the data. If the Israelis are right the Russian government only has the data because they hacked in from Kaspersky.

      I don't understand where any evidence comes from that Kaspersky colluded with the Russian government. Maybe I'm just missing that.

    5. Re:Data trail by DCFusor · · Score: 1

      If you aren't working for equifax, how is it that they have your data (or had, more to the point)? Your inference is highly flawed.

      --
      Why guess when you can know? Measure!
    6. Re:Data trail by LeftCoastThinker · · Score: 1

      Exactly so.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    7. Re: Data trail by LeftCoastThinker · · Score: 1

      "And a less-likely (more complicated) hypothesis can still turn out to be the correct one."

      And often it is the correct one when you are dealing with espionage, hostile foreign governments and treason.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    8. Re:Data trail by LeftCoastThinker · · Score: 1

      There is "hacking" and then there is tacit approval:

      Potential Kaspersky employee: "Hey, I will be leaving this backdoor open at 1am, here are the passwords you need and here is the location of the files you are looking for, please don't hurt my family"

      While technically hacking (unauthorized access) it may not have left any traces if it was an inside job, but either way, the FSB got in to Kaspersky's files and lifted all the NSA cyber weapons.

      I trust the Israelis (an actual democracy with similar values to America) a lot more than the Russians (dictatorship who would start a war tomorrow if they thought they could take over the world).

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    9. Re: Data trail by Anonymous Coward · · Score: 1

      This will never get modded because it's buried, but one does not prove hypotheses, generally speaking. One fails to falsify them. Thus occam's razor permits one to consider the most likely hypothesis, consider/test methods of failure, and allows you to consider the simplest hypothesis as probable until and unless you find a way to falsify it. (Or, yes, prove it's true. Which is hard to do in most cases.)

    10. Re: Data trail by Ol+Olsoc · · Score: 1

      "And a less-likely (more complicated) hypothesis can still turn out to be the correct one."

      And often it is the correct one when you are dealing with espionage, hostile foreign governments and treason.

      Give us the citations to support your thesis. Surely you have an example or two in support of that.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    11. Re: Data trail by guruevi · · Score: 1

      I'm not sure if you're just stupid or trolling, the Clinton "conspiracy" is pretty well covered these days on national and international media. I watch BBC, CNN doesn't make much of a mention of it but obviously Fox would.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    12. Re: Data trail by LeftCoastThinker · · Score: 1

      I pity your failed public school education...

      Here are a few:

      The Rosenbergs and how they stole US nuclear bomb technology and sold it to the Russians.

      John Walker and his family and how they managed to steal US Navy secrets for over 15 years and sell it to the Russians.

      CIA double agent Aldrich Ames penetration of the CIA on behalf of the Russians.

      NSA agent James Hall III spying for the Russians.

      Wikipedia is your friend. There is a list as long as my arm of individuals in the US who were turned or used by the Russians to steal classified US intel, weapons and designs and nearly every one of the cases involves unique, innovative and unexpected methods, people, and activities to get the job done. If investigators had used Occam's razor, they would have found none of these people, instead assuming the more mundane cover explanations which were more plausible.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    13. Re: Data trail by Ol+Olsoc · · Score: 1

      I pity your failed public school education...

      Here are a few:

      You aren't making sense. Those are not complicated conspiracies.

      Those are people who were enriched or bribed by Russians, not the convoluted moon landing type conspiracies you seem to be claiming they are.

      Certainly no more complicated than an Israeli agency discovering an AV software manufacturer scanning and stealing information it had access to and passing it up the line to people who would be interested in it. And said intelligence agency who after discovering it, passed that information along to the ally whose information was stolen. That's pretty simple As well, all of those people in your attempt to present as a great and complicated conspiracy were obviously caught. Good conspiracies are seldom discovered until way long after they happen.

      You need to produce actual complicated conspiracy as claimed.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    14. Re: Data trail by LeftCoastThinker · · Score: 1

      Um, John walker spied on the US Navy for like 16 years and only got caught because his ex wife turned him in...

      The Rosenbergs stole secrets from the Manhattan project from 1942 until they were caught in 1950 (8 years).

      These acts only seem simple or easily understandable after decades of investigation and perspective. You have no clue what the motivation was of the NSA guy who brought home cyber weapons and loaded them on his personal machine, and until we have dug through that guy's life and associates with a fine toot comb, you have no clue about what actually transpired, only a cover story put out by Kaspersky to try and prevent the US from sanctioning them and seizing their assets and blocking them from any US ISP as a malware vector. I'd say that Kaspersky has a lot of motive to obfuscate the truth, as does the NSA traitor who could be facing treason charges...

      Don't foolishly believe everything you read without inserting an overlay of the basic knowledge of how the world works and the human condition. To do otherwise is to fall for every fake news story out there.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    15. Re: Data trail by Ol+Olsoc · · Score: 1

      Um, John walker spied on the US Navy for like 16 years and only got caught because his ex wife turned him in....

      Umm yourself, muchacho. Seriously, you aren't even arguing the same thing I am. I said that Occam's razor was in effect, that A group with Kremlin ties that had root level access to a computer that some dumfuk illegally stored classified data on would be interested in that data, and would send that data up the line. I mean I've been trying to stop picking on Russian trolls here, but that should be obvious to anyone who isn't simply supporting the FSI or FIS.

      And that is in opposition to the rather complicated idea that another poster - guruevi - wrote:

      "Nobody has ever said the Russians had the malware. Russian government involvement is a red herring spun to distract you from the Russia-Clinton-Obama inconvenience."

      That, Friend, is a conspiracy theory. Although it shouldn't be necessary, my definition of conspracy theories dovetails with the Wikipedia entry of the same -https://en.wikipedia.org/wiki/Conspiracy_theory . From the article:

      A conspiracy theory is an explanation of an event or situation that invokes an unwarranted conspiracy, generally one involving an illegal or harmful act carried out by government or other powerful actors. Conspiracy theories often produce hypotheses that contradict the prevailing understanding of history or simple facts. The term is a derogatory one......conspiracy theories rely on the view that the universe is governed by design, and embody three principles: nothing happens by accident, nothing is as it seems, and everything is connected. Another common feature is that conspiracy theories evolve to incorporate whatever evidence exists against them, so that they become, as Barkun writes, a closed system that is unfalsifiable, and therefore "a matter of faith rather than proof".

      And you seem to think that I for some reason don't think there were ever any American spies working for Russia? How odd. And in a fit of irony, you get all insulting about it when you haven't figgered it out. Reread both the thread and what a conspiracy theory is.

      Now if you are actually following the conversation, and want to make a point, Here's what you need to do with your argument:

      Show how John Walker was a red herring or a complicated and misleading and widespread conspiracy.

      The same with the Rosenbergs and all of your other examples.

      Now there is a conspiracy theory is in regards to to Rosenberg's of which Alan Dershowitz claims they were framed. http://articles.latimes.com/19...

      But that's into grassy knoll, Ted Cruz's father being involved in the Kennedy Assassination and chemtrail and Pizzagate and water spray rainbows and faked moon landing territory, and gets a real weird twist by claiming that the Rosenberg's were both guilty of their crime, and framed.

      So unless you can show how those are actual conspiracy theories involved in teh commission of the crimes, you are just wasting both of our times. Buh-Bye.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    16. Re: Data trail by LeftCoastThinker · · Score: 1

      OK look, I am not being insulting (I can be if you really want). I was replying to your reply to my post (not to the other guy who you say you were replying to, I suspect I may have my filters set to nuke him because he is a Russian troll and life is too short to read their bullshit).

      My basic position is simple. The chain of events makes it highly likely that there was collusion with Russia by the NSA double agent that took home classified cyber weapons under penalty of jail time or firing squad. It is also highly likely that the jack booted FSB (filled with former KGB agents and run by Putin, also a former KGB agent) has their hooks in the employees or the entire company of Kaspersky and has been using it as a spyware to scoop up foreign intelligence and whatever else it can.

      Anyone who says this was all just an accident justified by Occam's razor is not a student of Russia, history or the human condition.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
  6. Why not disclose it? by Deathlizard · · Score: 4, Interesting

    So it looks like what happened is what I suspected, that Kaspersky's Heuristic analysis found the file and submitted it for analysis. Which is fine since that's what it's supposed to do.

    The real question is why wouldn't Kaspersky submit it to other AV Firms or even Microsoft for analysis instead of just deleting it? From what it sounds like they had full source code on a virus. I would think that would be the equivalent of striking gold in the AV community regardless of the virus's source, Unless Kaspersky was afraid that the US would Pressure the heck out of them if they disclosed, which is not much different from what's happening now.

    --
    In Soviet Russia, Trojan exploits YOU!
    1. Re:Why not disclose it? by helga+the+viking · · Score: 1

      Exactly. If anything they HELPED the NSA by deleting a zero-day instead of analysing it and distributing the code to the common AV database. If anything it shows as the hard evidence shows Kaspersky benchmarks really well with heuristic AV scans. Doubt Trumpland will apologise for this. It [kaspersky] is now a political pinyata. Don't let facts get in the way of that ;-)

    2. Re:Why not disclose it? by decep · · Score: 1

      Have you ever purchased something from a store, only later to find that another item had been hidden inside, and tried to return that item to the store? I have.

      I purchased a household item like a comforter that had curtains stuffed inside. Nothing particularly high value. I returned the items I had not purchased to the store. When returning the items, while it was not overt, the store basically suspected me of theft and I was not exactly rewarded for "doing the right thing". Never again.

      Can you imagine how many wasted man hours it would take to deal with the NSA over lost secrets? Its not like you can just pick up the phone and say "hey I found this on some guys computer, okaybye". You would probably be involved in a multi-year [secret] investigation with very little possibility of positive press.

    3. Re:Why not disclose it? by AHuxley · · Score: 1

      A cyber thought experiment?
      How to create phone home software that just works but will not get detected/reported/studied by an advanced OS or AV?
      The mission is for a US persistent, generational file tracking effort that works, phones home and stays with documents.
      How to avoid that user alert but not have to worry about upgraded AV/OS detection/discovery globally?

      Some social engineering?

      Networking that looks just like all the other ongoing past/existing national/international contractor grade "police" investigation tools found in the wild and have to keep working?

      --
      Domestic spying is now "Benign Information Gathering"
  7. Overreaction to business as usual by cloud.pt · · Score: 5, Insightful

    So basically, commercial software, namely an antivirus, proceeded as intended (detected malicious/suspicious code). Nothing new.

    Then the Russian gov., just like the US or the UK govs. pulled that software/information based on the principle of screwing anyone's privacy (especially foreigners) over national security concerns (which when you look at it from an impartial point of view, like me (someone who literally stands between both countries in western Europe), it's a contextually solid argument, even though I am completely opposed to this relegation of privacy to second place. This is also not new, and the US knows this happens frequently. They know it because they also do it. How many Sillicon Valley corps. are sueing the US gov. to prevent just that? (Well, Microsoft just dropped it because, well, the government had a bad case and decided to pull back).

    At least they're not loading Linksys hardware with trojans for deployment to China and Russia's top tier installations.

    Seems like a very plausible explanation from Kaspersky, clearly not at fault, and will be a clear case of hypocrisy by whichever government decides to slander private business of the company. Not only is the government at fault (that was bad BAD behavior from the employee, unless he was whistleblowing something, like Snowden), but they also do this.

    Demand local servers, just like Brasil did to Facebook, if you are worried about your info being offshored to jurisidictions you can't control the full chain of behavior.

  8. lol by crimson+tsunami · · Score: 1

    It took the NSA 3 years to notice or 3 years to let everyone else know...

  9. In their defense of deleting the files by FeelGood314 · · Score: 5, Insightful

    After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO. Following a request from the CEO, the archive was deleted from all our systems. The archive was not shared with any third parties.

    To be fair, this puts them in a bind. They acquired NSA malware source code but they got it because their product uploaded it to them. If they keep it and use it they are breaching the trust of their client. I trust and give Kaspersky permission to scan for viruses and pull their executables. I don't give them permission to look through various source code on my computer. This isn't about saving or shielding the NSA, it's about the integrity of their contract with their users. Screw the NSA but Kaspersky showed more integrity here than the NSA has ever shown in its entire existence.

    1. Re:In their defense of deleting the files by Anonymous Coward · · Score: 1

      Actually, if you enable the reporting product you very much gave them permission to upload anything their software hits on as a target and give them permission to take it the hell apart so they learn how to stop it. Which is why you should read teh EULAs. And if you are doing work for your employer or the government, you do so on a machine they supply to you with the software they supply, so it is their lookout as to whether they should enable reporting features on the antivirus product they give to you. Dunno about Kaspersky, but most software, Windows excluded, gives you that control by default even if it is opt-out.

      Oh, and is Microsoft guilty because it submits information and you have absolutely no way to shut that off? (And, it wouldn't surprise me that machines at the NSA and CIA actually do have a way to shut off absolutely all reporting but that's just my speculation.) Why isn't the government banning Windows from running on government machines?

  10. Re:Who's at fault? by Anonymous Coward · · Score: 1

    Exactly -- once the thickheaded ignoramuses and dumbasses spend one second thinking about it, they will finally realize that in fact Kaspersky did everyone a favor by learning how to keep those tools from breaking into everyone's computers.

  11. Just assume your home PC was never secure. by JustNiz · · Score: 1

    I mean are you REALLY naive enough to believe that Windows is
    1) an even slightly secure OS
    2) Microsoft (and therefore the NSA) really don't/aren't using their own backdoors built right into Windows (and maybe Intel's IME) to conduct ongoing scans, analysis and upload of anything/everything of "interest" that you ever have on your PC ?

    The problem is clearly the NSA employee who took the code home and put it on his Windows PC in the first place. He of all people should have known WAAAY better.

    1. Re:Just assume your home PC was never secure. by Arzaboa · · Score: 1

      Adding AV to Microsoft is about as bad as adding an anonymous FTP server to your desktop. Passwords are only going to keep your friends honest.

      NSA guy should have know. What on earth was he thinking to allow his data to be uploaded to Russia. He's going ot have a court date coming up.

  12. Willing to bet KGB employee by ripvlan · · Score: 2

    I'm willing to bet that Kaspersky had an employee who was also an unknown intelligence spy on the payroll.

    The intelligence agency figured out the US Govt was using software - submitted resume for spy to open job - and spy reported to work as instructed. Aren't we worried that the NSA is asking Google/Apple/ISP (cough AT&T) to open the door a crack?

    Isn't this the fear of many in security? - that an unknown group could change the C compiler source code to ignore or replace certain instructions. Then modify the encryption software with a backdoor that matches the pattern the compiler is looking for - and thus inject a backdoor? Said backdoor is not visible/obvious in the encryption software.

    And the method to do this is have spies report to work at legitimate businesses. with external orchestration of their activities.

    Also possible that said spy figured out the zero-day which was put to use from another group outside. OR coded said backdoor or side-channel vector.

  13. I can imagine how by aepervius · · Score: 1

    Because it would be the interrest of the FSB to get the new malware and signature for two reasons (and I would not be surprised the NSA do the same ) 1) be made aware of new zero day exploit and find counter for the russian's firm/gov security 2) get new exploitable weapons they themselves did not come up with , why otusource when some civilian can build something

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  14. Exercise Solution by Anonymous Coward · · Score: 1

    The sarcasm begins in part 2 of the rationale, with "Only the copyright holder has the legal authority to authorized copying the software." The copying would almost certainloy be found, by any court, to be defensible as Fair Use.

    The purpose of the copying is to analyze the malware, not to use/enjoy the malware in the usual manner.

    The nature of the copyrighted work is functional, not artistic. And it's already published and shared with whomever the NSA has chosen to investigate.

    The effect of the copying on the marketability of the malware is zero. Anyone who didn't want the malware before, still won't want it.

    And finally, it shouldn't be copyrightable anyway, because the NSA does not need a government-granted monopoly in order to have incentive to create and publish the malware. Even PD or GPLed malware would be good enough for their purposes.

  15. Re:Relativity by jon3k · · Score: 1

    You still have to prove the most-likely hypothesis is correct. And a less-likely (more complicated) hypothesis can still turn out to be the correct one.

    Rational people assume the most-likely until reasonable evidence proves otherwise.

  16. Is it Executive IT Syndrome? by ErichTheRed · · Score: 3, Funny

    Here's another thought about why it happened -- is it possible that NSA treats some of their more brilliant analysts the same way companies treat executives? Everywhere I've worked, security policies apply to absolutely everyone except the C-level and senior VP ranks. Execs just tell IT to plug whatever new shiny thing they got at a conference or Best Buy into the network, override password policy so they don't have to log in to their machines, and a whole bunch of other things that would get ordinary workers fired. Maybe if you're a super-brilliant borderline autistic cybersecurity genius, the NSA decides it's not worth it to try to enforce policy?

    I'm sure a lot of the safeguards around classified information are the equivalent of "security theatre" but I'm kind of surprised NSA would let their analysts casually walk out the door with unreleased exploit code and bring it home with them. People I know who work for defense contractors on much more mundane stuff can't even mount USB drives on their computers read-only, let alone copy files, but it seems like they just let things like this happen once you get a certain level of access beyond the perimeter. Some of the things I've heard described are totally security theatre, like covering whiteboards when the janitor comes through or insisting that every piece of garbage be burned _and_ shredded...but at least they have the common sense to prohibit employees from taking confidential data home and employees I've spoken with are well-trained to not talk about exactly what they're working on. I have a feeling we'd never know about this if it hadn't gotten to a machine without Internet access.

    Almost all companies work like this too -- once you're inside everything is trusted and can talk to everything else. That's absolutely the wrong thing to do, but rebuilding the network and walling things off to an "assumed-compromised" posture is super expensive and hard to implement. Lots of companies don't even have internal PKI right yet so port-level authentication on network gear isn't even possible. And the app landscape is so vast and much of it is so old that totally locking down some things would take tons of research and effort...all of which the company won't pay for. You would think NSA would be all over that though, given what they work on.

  17. Clues [Re:Beleivable] by Geoffrey.landis · · Score: 1

    "if we accidentally get some of your files, we delete them immediately-- any files of any type, no matter what they are or what they do."

    But if it got malware, how are they supposed to know if YOU wrote the malware (and thus the policy would be to delete it) or if you just downloaded it (and thus their policy should be to catalogue and hash)?

    We are assuming here that Kaspersky is not actually clueless.

    Among other things, the fact that you have source code and several previous versions of the file might serve as a clue.

    --
    http://www.geoffreylandis.com
  18. Take your customer's stuff and publish it by Geoffrey.landis · · Score: 1

    Yes, that's a different question. I was addressing the post by AmiMoJo stating that what they should have done was copied the customer's files, analyzed them, and published them.

    --
    http://www.geoffreylandis.com
  19. Re: Believable by Corbets · · Score: 1

    Iâ(TM)m pretty sure nobody got executed for mishandling cyber weapons a few decades ago.

    Oh, and I corrected that annoying spelling error in the subject that everyone else has been ignoring.

  20. Re:Inclined to agree w/ you here... apk by Xest · · Score: 1

    If only they'd listened to you APK, NSA could've stopped this leak if only they'd just black holed Kaspersky's servers with hosts file :(

  21. Re:Relativity by Ol+Olsoc · · Score: 1

    You still have to prove the most-likely hypothesis is correct. And a less-likely (more complicated) hypothesis can still turn out to be the correct one.

    Rational people assume the most-likely until reasonable evidence proves otherwise.

    The problem with all conspiracy theories, which to me is when the people employing them work their way backwards, picking and choosing what they accept, and miraculously, it just so happens to align with their world view. They will even manage to deny it when Kaspersky admits they accessed the idiot's computer.

    So this is what happened, So this is how it was found, This is who did it, this is how it happened, and the people who did it admitted they did it.

    The only thing left is that somehow the person heading up the company didn't do what his training instructed him to do, which is pass it up the line. And that makes so little sense as to be completely dismissible.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  22. Re: Believable by LeftCoastThinker · · Score: 1

    In the era when literally everything is networked and you can crash a country's economy or power grid with the right cyber weapon, they are the WMD of the modern era, and we did execute the Rosenbergs for stealing US nuclear bomb technology for the Russians.

    --
    If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like