Slashdot Mirror
Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware (vice.com)
A reader shares a report: The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files, according to a new report being released Thursday by Kaspersky Lab in response to recent allegations against the company. The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer in addition to the backdoor, and that the latter, which had purportedly been created by a Russian criminal hacker and sold in an underground forum, was trying to actively communicate with a malicious command-and-control server during the time Kaspersky is accused of siphoning the US government files from the worker's computer. Costin Raiu, director of the company's Global Research and Analysis Team, told Motherboard that his company's software detected and prevented that communication but there was a period of time when the worker had disabled his Kaspersky software and left his computer unprotected. Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well, though they saw no sign of it trying to communicate with an external server so they don't know if it was active on his computer.
I'm so confused. I thought Russia was bad.
In Russia, anti virus scans you
Exactly how did Kapersky Lab determine this?
I am American and I can see now that they have fully investigated and have found that they are not to be blamed. Case is closed so now can we go to get back to real problems?
So first they admitted they retrieved the documents and patted themselves on the back for pulling down the documents that were leaked because they obviously involved data related to hacking.
NOW they're claiming there was malware on his system (oh, and that's not Kapersky's fault either because the user allegedly turned Kapersky off for a bit) so the leaks might have come from the malware and not from them?
I dunno... I would've led with the latter story FIRST...
What possible reason would Kaspersky have to lie?
Also, in Soviet Russia, antivirus software installs you.
You are welcome on my lawn.
Sounds like Kaspersky is either trying to deflect or didn't do a good job of prevention/protection. Were I Kaspersky, at this point, I think I might have kept my mouth shut.
Anything you say will be held against you.
I thought Windows was larger than that.
Kaspersky's antivirus doesn't protect against malware? Now you've really thrown down the gauntlet!
That looks like some NSA worker used a private USB stick to transfer some of the "internal tools" from his computer to another, forgot about it, stuck it into his computer at home that ran Kaspersky, Kaspersky scanned the stick, the AV heuristics determined the stuff looked kinda fishy, did a closer scan, and eventually sent a copy to Russia. Whether that happened after asking "Hey, dude, something's kinda odd about this file, mind if we analyzed it?" or not is kinda moot now.
And since it would be kinda embarrassing to admit such a blunder and that the NSA, of all agencies, handed their valuable zero days to the Russians... let's rather say those damn Russkies in general and Kaspersky in particular are "hacking" us.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
From the summary: "Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well..."
I thought computers only had one asshole, and it was generally referred to in polite society as "User".
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Kaspersky's antivirus doesn't protect against malware? Now you've really thrown down the gauntlet!
It doesn't protect when it's turned off. From TFA:
So the computer was clean, user turns Kaspersky antivirus off, gets 120 pieces of malware. How does Kaspersky know?
They blocked the backdoor communication, until switched off? Should they not have removed the back door? Or at least warned of it?
So... he's a developer for NSA creating malware, and it detected malware? Sounds about right. The guy was probably testing explicitly if Kapersky could detect the malware since that's what the Russian targets would use. And it did. And now they're pissed / backroom deal with American anti-virus companies to ensure only their shittier software is used (which likely doesn't detect NSA's malware, or has explicit exemptions built-in).
Forget to take your meds again?
... he brought home non-government malware that might have stolen the government malware he was working on?
I am sure that there are many other solipsists out there.
I honestly cannot differentiate between trolling and self-deluded paranoia anymore. Sad.
The NSA does not care what anti virus program you use, as long as it is one that is in their pocket. The fact that they claim that the Russians have hacked it is meaningless as it is both unproven and irrelevant.
If they have, I will assume they have done so with the others as well.
We are at a time that when the NSA asks not to use something doe not mean that that something is bad, just that they won't benefit if you do.
Don't fight for your country, if your country does not fight for you.
So a key-gen contained a trojan? Welcome to 1999.
500 rub za opozdanie, daje posrati bez kamer nelizya.
Idut v osnovnom studenti in lenoblasti, kotorie na drugoe ne godny.
Kaspersky's antivirus doesn't protect against malware? Now you've really thrown down the gauntlet!
It doesn't protect when it's turned off. From TFA:
I hope this dork got fired for such incompetence....
You're messin' with my Zen Thing, man.....
Those guys are supposed to have a semi-infinite annual budget. They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas. How incompetent can they be?
Here is a good way of distinguishing between paranoia and reality.
Donald Trump's campaign manager is under house arrest and is co-conspirators have been charged with crimes related to his ongoing treason against the United States.
Esli ti schitaesch normalinim pitki v politsii, ubiystva geev, korruptsiu na samom verhu vlasti, tebe konechno ponravitsya rossia.
Rasskazati kak ubili Litvinenko? A vedi on bil v foreign government.
Think what you wish for.
Not only they admit the Kaspersky AV is sending infected files back home to Russia (why? They already know it's malware, why send again?), they're also admitting the AV collects unrelated stats, like network traffic (WHAT?!), like user actions (f/w switch), etc... This is... just overwhelming.
This is the CIA's doing. https://www.scmagazineuk.com/wikileaks-cia-impersonated-kaspersky-labs-as-cover-for-malware-operations/article/706841/
They were haxored by Petya - or notPetya, whatever Petya it was, left and right this summer.
That's a lot of words in four sentences.
Now the NSA chickens are coming home to roost.
sudo rm -r -f --no-preserve-root /
I feel safe knowing the quality of the personnel that protect us.
I feel safe knowing the quality of the personnel that spy on us and can have anyone they wish killed by a drone strike without a trial.
FTFY
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
So it was like that scene in Ghostbusters where everything was under control until EPA Inspector Walter Peck shutdown the containment facility.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The contractor's computer was a honeypot. NSA hacking tools are being released on the dark web and they want to find out how they are being leaked. One theory was that Kaspersky was the culprit. So the NSA intentionally had a contractor put some NSA tools on a laptop that has Kaspersky, and had him put some other malware on there so that Kaspersky antivirus would detect it and wake up, then they watched to see if anyone scanned the NSA hacking tools and downloaded them.
What is happening now is the ensuing PR war. The public won't really learn the truth for years, if ever.
... mock the NSA guy for this?
E.g. the Kaspersky guys could say "Look out! Here comes Typhoid Mary!" whenever they saw him. That shit would never get old.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
So Kaspersky is proud to announce that they didn't steal information but instead the problem was the user has Kaspersky for their AV and their laptop was infested with malware? This PR is almost as good as John McAfee's how to remove McAfee video.
How would kaspersky know what was or wasn't on his system months after the antivirus software was removed from his computer unless they were sending full system logs, file directory logs, etc back to their servers and storing those and possibly who knows what else for undetermined amounts of time... they said there were no signs of the program attempting to communicate, so they're storing everyone's full tcp ip communication logs also????
And my grandfather, my dad, and I never served in units fighting Russian operatives during the Cold War(s).
Suuuure.
Try another one.
Maybe they'll byte.
-- Tigger warning: This post may contain tiggers! --
Lol
Im sure they'll start using the WSL, aka the Linux subsystem on Windows 10. That'll stop them. *eyes rolling*.
Why didn't it alert the user after it was re-enabled? We are to believe the software detected the Trojan, you don't think it should have alerted the user if not automatically remove it? Fucking useless software if it can only detect the installer and not the installation. The only way to read this is either the software is garbage, or they are lying.
quit ya bitchin, Trump is the best thing to happen to the non united states in a long time.
I hope this dork got fired for such incompetence....
Fired? He should be arrested for removing classified information without authorization. As a matter of fact anyone else find it kind of weird that we haven't heard of this happening yet? With all the other leaks, even if this one wasn't intentional they should have come down on him like the hand of god itself to make an example.
I browse on +1 so AC's need not respond, I won't see it.
It seems like the United States Postal Service network is becoming more secure that that of the NSA.
E Proelio Veritas.
Kaspersky AV was installed on a machine full of malware and NSA hacking tools. Kaspersky AV then did its job perfectly, and retrieved samples of all the malware.
America then got wind of this, and because this is 1) embarassing to the NSA, and 2) proves that Kaspersky is a top product, America is now in a full head-on propaganda assault, spreading lies and misinformation that Kaspersky and the Russians (all of them, apparently) are hacking into your computers.
Wake the F up. The only two AV-suites you can trust to not be compromised and do their job at this point is F-secure and Kaspersky. You won't be better off if you let America kill Kaspersky, and eventually other foreign AV-suites.
Why would anyone trust a proprietary American operating system running proprietary Russian antivirus?
The former is known to have been pwned by the NSA, while the latter was pwned by the FSB.
Seriously. For an NSA employee it must be like swimming in their own filth.
To get rid of Kaspersky? What is the use of an anti-virus software that does a very bad job of protecting you.
I tend to think that Kaspersky's version of events is more probable, really why was this classified material on a home computer, if he was that slack with security, he didn't understand the implications, and that is exactly the type of person who will get mass infection of virus's,an malware?
Why does slashdot keep mentioning Kaspersky? The world needs to just forget they exist. Kind of like the country they are in. The world doesn't need it at all, but it needs the world. Let's just ignore the whole bunch.
Echoing the sentiments of such security giants as Howlin' Wolf, Willie Dixon and Chicken Shack, Mr. Morrison, CEO of security company "Doors" was crystal clear about an increased role for women in protecting certain software and hardware ports from unanticipated penetration.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Why the fuck would they use Windows OS on government computers ..
It's an older username , sir, but it checks out.
question 0) why does computer at work have a USB entry at all?
question 1) the guy took a probably infected USB stick and put it in at work, now what happens withe the network at work?
question 2) what happens with the contractor that violated procedures in this manner?
question 3) if the KAV antivirus detects this amount of malware, then why doesn't it remove it from the customers PC rather than disabling communication with the command center ?
question 4) Is the FSB that incompetent in that it does not use KAV to gain special access? What kind of relationship do they have?
The NSA is incapable of keeping its own top secret data and tools safe. Just imagine how laissez faire they are with your data? You know, data siphoned off from every form of telecommunications that you've ever used. Ideal stuff for identity theft and fraud.
"The men don't know/But the little girls understand.
I've calculated my velocity with such exquisite precision that I have no idea where I am.