Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware (vice.com)

Posted by msmash on from the security-woes dept.

A reader shares a report: The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files, according to a new report being released Thursday by Kaspersky Lab in response to recent allegations against the company. The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer in addition to the backdoor, and that the latter, which had purportedly been created by a Russian criminal hacker and sold in an underground forum, was trying to actively communicate with a malicious command-and-control server during the time Kaspersky is accused of siphoning the US government files from the worker's computer. Costin Raiu, director of the company's Global Research and Analysis Team, told Motherboard that his company's software detected and prevented that communication but there was a period of time when the worker had disabled his Kaspersky software and left his computer unprotected. Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well, though they saw no sign of it trying to communicate with an external server so they don't know if it was active on his computer.

84 of 141 comments (clear)

  1. Yes we scan by Anonymous Coward · · Score: 4, Funny

    In Russia, anti virus scans you

    1. Re:Yes we scan by Archtech · · Score: 1

      Droll! Moderate up.

      --
      I am sure that there are many other solipsists out there.
    2. Re:Yes we scan by sit1963nz · · Score: 2

      In the USA, the NSA scans you as does the FBI, CIA, Homeland security, DEA, Immigration service, boarder patrols, and local police. Don't worry, its all to keep you safe.

  2. Wait a second by kwelch007 · · Score: 1

    Exactly how did Kapersky Lab determine this?

    1. Re:Wait a second by Tinsoldier314 · · Score: 5, Funny

      Exactly how did Kapersky Lab determine this?

      By siphoning all the files off his computer, DUH

    2. Re:Wait a second by Anonymous Coward · · Score: 2, Informative

      Exactly how did Kapersky Lab determine this?

      The computer in question was running Kapersky antivirus software, which logs when it discovers viruses and malware.

    3. Re:Wait a second by Archtech · · Score: 1

      Ho ho ho, "'recursive': see 'recursive'".

      --
      I am sure that there are many other solipsists out there.
    4. Re:Wait a second by cbiltcliffe · · Score: 1, Insightful

      The computer in question was running Kapersky antivirus software, which logs when it discovers viruses and malware.

      But apparently doesn't actually delete or quarantine those malicious files, because they claim that they blocked the malware communication until the end user turned Kaspersky off. So, they detected it, and blocked the symptoms, but didn't bother to remove the infection.

      Sounds like a pretty good reason not to run Kaspersky, to me.....

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    5. Re:Wait a second by alvinrod · · Score: 4, Insightful

      I don't know if I'd want a virus scanner that has the ability to automatically remove files without my explicit permission. Imagine if your virus scanner itself were compromised and told to treat regular files as infections.

    6. Re:Wait a second by Aighearach · · Score: 1

      Or, the guy at FSB who normally writes their press releases had a day off, and the guy that was doing it that day didn't understand the engineering and made an "oops" claim.

    7. Re:Wait a second by rtb61 · · Score: 2

      It should be really fucking obvious but it seems you are a bit dim. The person didn't trust US security software for some reason and instead preferred to use Kaspersky security software for some reason. Now for normal security software, the default setting is to send back a report about infections found, so that the security companies can tighten security, that is like so obvious. The idiots world view presented by the lying American establishment is, if you hire a security guard to guard you property and he finds someone breaking in and removes them, the security guard should no tell anyone, not report it to the security company and not report it to the authorities via the security company, they should keep it a secret because 'er' yeah, bullshit.

      That a NSA employee preferred Kaspersky software over US security software is extremely revealing ie probably you should prefer it as well but than again their machine was already infected but of course that could have been because of failed US security software with national security letter mandated back doors (hence the reason for the NSA employee to use Kaspersky, maybe they did not trust the NSA, their employer and for good reason).

      So how about this for a headline "USE KASPERKSY SOFTWARE BECAUSE IT IS WAS NSA AGENTS PREFER TO USE!!!". Make you feel happier now ;D.

      --
      Chaos - everything, everywhere, everywhen
    8. Re:Wait a second by EvilSS · · Score: 1

      That a NSA employee preferred Kaspersky software over US security software is extremely revealing ie probably you should prefer it as well...

      That's like saying I should prefer to eat at McDonald's because an morbidly obese nutritionist prefers to eat at McDonald's. This is the last person on earth anyone should be trying to emulate when it comes to security. He failed at it miserably.

      Also no concern at all that those malware reports are traceable back to an individual device? I get reporting new malware, but Kaspersky seems to be able to tie it back to specific client devices which certainly is a problem. There is no reason they need that to analyze possible new vectors. And ditto for any other vendor who does this. I wouldn't give a US company a pass on this either (and I'm sure they probably do the same). What other data are they collecting? Even something as simple as collecting running process info would be a massive over-reach and put their customers at risk if that data were compromised.

      People lose their shit over Microsoft telemetry but give Kaspersky a pass because... Russian?

      --
      I browse on +1 so AC's need not respond, I won't see it.
    9. Re:Wait a second by david_thornley · · Score: 1

      There was at least one incident where a virus checker found that an important Windows system file was malware, and removed it. Not good.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    10. Re:Wait a second by cbiltcliffe · · Score: 1

      Virtually all virus scanners automatically quarantine files, which removes them from their original location, and sometimes encrypts them.

      If you think that's unacceptable, then I guess you need to change the settings for anything you run.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  3. This witch hunt is ridiculous. by Anonymous Coward · · Score: 1

    I am American and I can see now that they have fully investigated and have found that they are not to be blamed. Case is closed so now can we go to get back to real problems?

    1. Re: This witch hunt is ridiculous. by Archtech · · Score: 1

      Americans usually know American English.

      Hahahahahahahahahahahahahahahahahaha!

      Only if "American English" is a confused, ungrammatical mess that speakers of real English can barely understand.

      As a qualified speaker of proper English, I can testify that most Russians I know speak better English than most Americans I know.

      --
      I am sure that there are many other solipsists out there.
    2. Re:This witch hunt is ridiculous. by cbiltcliffe · · Score: 1

      Yes, but you do it poorly, also.

      I am Russian, born and raised in cold tundra. In part that snows and where we drink vodka.

      I can imagine that a lot easier with a Russian accent than yours...

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    3. Re: This witch hunt is ridiculous. by Aighearach · · Score: 1

      Why would your speech impediment affect your writing? Are you speaking into a microphone in Russian and having the people in the next room translate and transcribe it?

    4. Re: This witch hunt is ridiculous. by Aighearach · · Score: 1

      1) Some Americans are educated, and are fluent also in the Queen's English, and so do in fact differentiate. Although you are almost correct, in that there are very few such people who would also reject capitalization. Oh, wait, you're the one simply failed to quote it correctly! LOL

      2) Americans often say "The States." It is used when on, or when discussing, vacations. "I'll reply to the emails when I get back in The States!" It places emphasis on their travel. It is also often used by people who have traveled recently, or people who want to you to believe that understand European intellectualism.

      3) Americans who know to capitalize American should also know to capitalize America. The mixed cases are very suspicious.

    5. Re:This witch hunt is ridiculous. by Aighearach · · Score: 1

      Everybody knows that not all of Russia is cold snowy tundra, and everybody knows that all of Russia is where they drink vodka.

      Except Moscow, which is cold, but they mostly drink bourbon.

    6. Re: This witch hunt is ridiculous. by Hal_Porter · · Score: 2

      No comrade! I am American from good family. My grandfather fought in the Great Patriotic War and my father was top Silovik. Would you like to borrow my thumb drive?

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    7. Re: This witch hunt is ridiculous. by HiThere · · Score: 1

      If I want to emphasize the dialect I speak (or write), then I may say "American English". Certainly if I'm contrasting it with another variety of English. (I don't, however, write or say "The Queen's English", though I'm aware that the British used to do so. [I don't know current usage.] Instead I'll say "British English". Maybe I'm just a lazy typist.)

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    8. Re: This witch hunt is ridiculous. by jbengt · · Score: 1

      I can testify that most Russians I know speak better English than most Americans I know.

      I work with four Russians (actually only one is from Russia (Moscow), one is from Belarus, one from the Ukraine, and the other I'm not sure - but they're all native Russian language speakers.) They've lived in the US from 20 to 35 years. None of the four speak better English than most Americans I know. Two of them speak pretty well (the owners of the business), the other two range from passable to pretty bad. Even the well spoken bosses don't know some of the common idioms of the language.

    9. Re: This witch hunt is ridiculous. by Gryle · · Score: 1

      And what qualifications do you boast that would make you such an authority?

      --
      Only two things are infinite, the universe and human stupidity, and I'm not entirely sure about the universe - Einstein
    10. Re: This witch hunt is ridiculous. by jon3k · · Score: 1

      You have outed yourself sir !

      We don't put spaces before our punctuation. But nice try.

    11. Re: This witch hunt is ridiculous. by Brockmire · · Score: 1

      College? Try primary school when you're like 10 years old. You're blaming others for being stupid or lazy.

    12. Re: This witch hunt is ridiculous. by Brockmire · · Score: 1

      You're the one who doesn't grasp things. You think spelling colour like "color" is proper English? Take your American English and your imperial measurements and stick them up your ass.

    13. Re: This witch hunt is ridiculous. by HiThere · · Score: 1

      Sorry, but whether "British English" is the default English depends on which country you are in. I *have* heard the language that Canadians speak called "Canadian", or even "Canuk", but normally one would say "English", and if one wanted to be specific "Canadian English". "English" is the generic term which includes, e.g., "Austrailian English", and even "Delhi English".

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    14. Re: This witch hunt is ridiculous. by david_thornley · · Score: 1

      India is by far the largest country with English as a native language. Shouldn't that be default?

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    15. Re:This witch hunt is ridiculous. by david_thornley · · Score: 1

      C'mon. Remember to drop your articles. Russian has no counterparts for "a", "an", and "the". You were "born and raised in cold tundra. In part that snows and where we drink vodka." That's a lot better as a written Russian accent.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    16. Re:This witch hunt is ridiculous. by david_thornley · · Score: 1

      When I visited it in the late 60s, kvass (fermented black bread, not very alcoholic) seemed to be popular also.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  4. Wait... by the_skywise · · Score: 4, Insightful

    So first they admitted they retrieved the documents and patted themselves on the back for pulling down the documents that were leaked because they obviously involved data related to hacking.
    NOW they're claiming there was malware on his system (oh, and that's not Kapersky's fault either because the user allegedly turned Kapersky off for a bit) so the leaks might have come from the malware and not from them?
    I dunno... I would've led with the latter story FIRST...

    1. Re:Wait... by Anonymous Coward · · Score: 1

      Personally, I find it concerning the amount of data they collected from this machine to be able to give this analysis (the questionable analysis due to motivation aside). Their excuse just provides a style type of rope.

    2. Re:Wait... by Anonymous Coward · · Score: 1

      Get real. Kaspersky is not out there to infect your computer, steal your secrets (which you stole in the first place), or lie to the world while they hack all the computers. Did you grow up in front of the TV or something? They produce a top AV suite and some of the best research out there, and have been doing so for over a decade. Do you think their record is made up? How often do you see the same amount of research and diligence from your American firms? Never. Ever.

  5. Credible Internal Kaspersky Investigation by PopeRatzo · · Score: 2

    What possible reason would Kaspersky have to lie?

    Also, in Soviet Russia, antivirus software installs you.

    --
    You are welcome on my lawn.
    1. Re:Credible Internal Kaspersky Investigation by Anonymous Coward · · Score: 2, Insightful

      Found the paid russian troll.

      Found the broken sarcasm detector.

    2. Re:Credible Internal Kaspersky Investigation by sit1963nz · · Score: 3, Insightful

      What reason would the US government have to lie , apart from the fact they do not control it and can not order back doors installed.

  6. Re:But, but Russians hackers... by Impy+the+Impiuos+Imp · · Score: 2, Interesting

    I'm so confused. I thought Russia was bad.

    No, I'm sure they're paying you a decent rate with benefits as a government employee.

    What is that in Russia anyway? $247 a month?

    Slashdot should examine the IP addresses of the downmods of this sarcasm.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  7. Re:But, but Russians hackers... by hey! · · Score: 2, Insightful

    Every country has spooks. None of them should be trusted, even if they have your best interests in mind, which if you're American the Russian SVR probably doesn't.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  8. either way you slice it... by tiedyejeremy · · Score: 1

    Sounds like Kaspersky is either trying to deflect or didn't do a good job of prevention/protection. Were I Kaspersky, at this point, I think I might have kept my mouth shut.

    --
    Anything you say will be held against you. ... "tits"
  9. You know what this increasingly looks like? by Opportunist · · Score: 4, Insightful

    That looks like some NSA worker used a private USB stick to transfer some of the "internal tools" from his computer to another, forgot about it, stuck it into his computer at home that ran Kaspersky, Kaspersky scanned the stick, the AV heuristics determined the stuff looked kinda fishy, did a closer scan, and eventually sent a copy to Russia. Whether that happened after asking "Hey, dude, something's kinda odd about this file, mind if we analyzed it?" or not is kinda moot now.

    And since it would be kinda embarrassing to admit such a blunder and that the NSA, of all agencies, handed their valuable zero days to the Russians... let's rather say those damn Russkies in general and Kaspersky in particular are "hacking" us.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:You know what this increasingly looks like? by david_thornley · · Score: 1

      The NSA really doesn't have that good a reputation for internal security, although it's probably better than it was when the agency was younger.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  10. I seem to have misunderstood... by hyades1 · · Score: 1

    From the summary: "Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well..."

    I thought computers only had one asshole, and it was generally referred to in polite society as "User".

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  11. Doesn't work when it's turned off [Re:That's a low by Anonymous Coward · · Score: 3, Informative

    Kaspersky's antivirus doesn't protect against malware? Now you've really thrown down the gauntlet!

    It doesn't protect when it's turned off. From TFA:

    The worker's home machine got infected with the backdoor after he tried to install a pirated version of Microsoft Office. Not only is pirated software notorious for containing malware, but the worker apparently intentionally disabled his Kaspersky detection software to install the pirated software. The worker disabled it in order to run a tool known as a keygen that would generate a software key that would allow him to run the pirated Microsoft Office software on his machine. But that key-generation software turned out to contain a backdoor known as “Smoke Bot," “Smoke Loader,” and "Mokes" that was purportedly created by a Russian hacker in 2012 and sold on a Russian underground forum.

  12. Malware writer has malware? by barbariccow · · Score: 3, Interesting

    So... he's a developer for NSA creating malware, and it detected malware? Sounds about right. The guy was probably testing explicitly if Kapersky could detect the malware since that's what the Russian targets would use. And it did. And now they're pissed / backroom deal with American anti-virus companies to ensure only their shittier software is used (which likely doesn't detect NSA's malware, or has explicit exemptions built-in).

  13. Re:But, but Russians hackers... by alexo · · Score: 5, Interesting

    I'm so confused. I thought Russia was bad.

    All governments are "bad", they just use different methods.

    That said, if any government gets to spy on me, I'd rather it be a foreign one, simply because they don't have as many opportunities to mess up my life, or terminate it.

  14. Re:120 Malicious Files by barbariccow · · Score: 1

    It is, but being windows it probably crashed partway through the job.

  15. So let me get this straight... by Archtech · · Score: 2, Insightful

    ... he brought home non-government malware that might have stolen the government malware he was working on?

    --
    I am sure that there are many other solipsists out there.
  16. Re:But, but Russians hackers... by Archtech · · Score: 4, Interesting

    All governments are "bad"...

    ... but most of them are so grotesquely incompetent it doesn't matter too much.

    As Bertrand Russell once observed, ancient Greece was somewhat redeemed by the fact that the police were so inefficient that most decent people were able to escape their attentions.

    --
    I am sure that there are many other solipsists out there.
  17. Re: But, but Russians hackers... by infolation · · Score: 1

    This is starting to resemble MAD magazine's Spy vs Spy.

  18. Should be obvious by houghi · · Score: 1

    The NSA does not care what anti virus program you use, as long as it is one that is in their pocket. The fact that they claim that the Russians have hacked it is meaningless as it is both unproven and irrelevant.
    If they have, I will assume they have done so with the others as well.

    We are at a time that when the NSA asks not to use something doe not mean that that something is bad, just that they won't benefit if you do.

    --
    Don't fight for your country, if your country does not fight for you.
  19. Re:Doesn't work when it's turned off [Re:That's a by bev_tech_rob · · Score: 3, Insightful

    Kaspersky's antivirus doesn't protect against malware? Now you've really thrown down the gauntlet!

    It doesn't protect when it's turned off. From TFA:

    The worker's home machine got infected with the backdoor after he tried to install a pirated version of Microsoft Office. Not only is pirated software notorious for containing malware, but the worker apparently intentionally disabled his Kaspersky detection software to install the pirated software. The worker disabled it in order to run a tool known as a keygen that would generate a software key that would allow him to run the pirated Microsoft Office software on his machine. But that key-generation software turned out to contain a backdoor known as “Smoke Bot," “Smoke Loader,” and "Mokes" that was purportedly created by a Russian hacker in 2012 and sold on a Russian underground forum.

    I hope this dork got fired for such incompetence....

    --
    You're messin' with my Zen Thing, man.....
  20. What's up with the NSA? by OneHundredAndTen · · Score: 2

    Those guys are supposed to have a semi-infinite annual budget. They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas. How incompetent can they be?

    1. Re:What's up with the NSA? by DNS-and-BIND · · Score: 2

      The Deep State is not particularly competent at all. They simply like exercising power. If they fail - so what? They'll just try again. It's not like they're in danger of being tossed out for failure. Being untouchable is what being in the unelected career government is all about.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    2. Re:What's up with the NSA? by jon3k · · Score: 1

      Because they're humans and it's technology is complex. So far the only things I'm aware of are Snowden who violated his sworn duty to not leak classified data and however the Russians got a hold of the very small amount of NSA code. The most plausible story of which I've heard was that they left some exploit code on a compromised machine somewhere and the Russians found it.

      For all we know the NSA planted it to see who would pick it up because they realized the Russians had found the same exploit and needed to go ahead and get it patched.

      We have NO idea what's going on, we don't even see the tip of the iceberg.

    3. Re:What's up with the NSA? by AHuxley · · Score: 1

      Re "They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas?"

      The GCHQ and NSA had crypto all worked out until the first networked home/desktop computers of the early 1980's. Real time decryption of junk standard global cryptic systems.
      All commercial, NATO/mil/gov, many nations diplomatic, banking encryption that was sold as a standard in the West was totally understood by the NSA and GCHQ from the 1950-80's
      The 1980's desktop computers gave the user the ability to create and use their own working, low cost, free encryption. Encryption that was not weak, junk, gov/mil plain text ready.
      The GCHQ method around that was to use MI6, MI5, the UK mil and go after interesting people with a very direct on site collection.
      The better quality UK method would remain hidden from courts, media, lawyers, telcos, the OS, software developers, AV experts, police, govs, AV .
      The NSA solution was the funding of a global collect it all effort on all networked systems.
      The USA needed a way into all computer systems it would encounter on most existing global networks. The US set junk encryption standards, junk VPN efforts. US OS makers did not try to find out what the US gov/mil was doing deep in their products.
      Results can be seen with the years of US thinking around ideas like Magic Lantern (software) https://en.wikipedia.org/wiki/....
      PRISM https://en.wikipedia.org/wiki/...
      NSA ANT catalog https://en.wikipedia.org/wiki/...
      Equation Group https://en.wikipedia.org/wiki/...
      Room 641A https://en.wikipedia.org/wiki/...
      The USA went for the telco network, any consumer grade junk encryption, the OS, the software.
      Lots of ways in, lots of ways to stay in, expected never to get detected. No comment or any ability of internal discovery in the past by the best private sector US brands.

      That method left the US open to long term risk due to the need of its contractors to win a constant race with upgrades, new AV products, firewalls, experts trying to understand and secure their networks.
      The USA also had to have no trail that would go back to the USA gov/mil, so US gov/mil staging servers and code litter had to show up as another language, ip range, time zone.
      e.g. Marble https://www.theregister.co.uk/... "seem fluent in enemy tongues" (31 Mar 2017)
      A lot of funding was flowing to any US contractors to win the malware race and keep collect it all working at the commercial, diplomatic and consumer level globally.
      The UK effort was to never get caught and only focus on the more interesting people. Lawyers, human rights lawyers, the media, police, telco experts in the UK would be left to wonder about the role of informants. Interesting people in cults, faith groups, politics would then look internally for informants that never existed further exposing their methods, members to the UK security services.
      Collect it all was the US approach that worked until it was detected. Too big, too many staging servers, too much junk code litter, code efforts in some nations, no code efforts in the wild in others.
      The US had to respect the role of other 5 eye. Such an interesting malware void in the wild was detectable, over years and globally.
      Internet collect it all should have stayed more hidden like the UK methods and had a much lower risk of any discovery.
      The US selected to spread lots of new and very visible cyber collection methods globally.
      Great work for over time, contractors, jobs, presenting results. Money was flowing. Results needed sorting. Staging servers nee

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:What's up with the NSA? by strikethree · · Score: 1

      Those guys are supposed to have a semi-infinite annual budget. They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas. How incompetent can they be?

      They do not pay very well and are quite anal to work for. What kind of people do you think they will get?

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
  21. The should have known by volodymyrbiryuk · · Score: 1

    Now the NSA chickens are coming home to roost.

    --
    sudo rm -r -f --no-preserve-root /
  22. Re:But, but Russians hackers... by alvinrod · · Score: 1, Insightful

    There's even more reason to be distrustful of Russian companies after the recent Olympics scandals where the head of the Russian anti-doping organization was told by the state to actually dope and then help to conceal doping for Russian athletes in advance of the Sochi. If Russia can put pressure on people and organizations to do that kind of stuff, there's plenty of reason that they could make Kaspersky operate below board. It's not even that Kaspersky want to do this or are somehow evil, merely that rule of law is quite tenuous in Russia and Putin has enough power that it's not feasible for companies to outright oppose him.

    Yes, the U.S. government doesn't try to act much better or actively tries to get away with the same type of crap, but at least the court systems keep them in check to some degree, although I would argue nowhere near enough.

  23. Re:Doesn't work when it's turned off [Re:That's a by BlueStrat · · Score: 1

    I feel safe knowing the quality of the personnel that spy on us and can have anyone they wish killed by a drone strike without a trial.

    FTFY

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  24. Re: But, but Russians hackers... by Aighearach · · Score: 1

    LOL yeah, I'm surprised they even bothered to throw this out there to the neckbeards at this point. It doesn't seem to have much potential purpose other than lulz.

  25. laptop had 3 Stooges syndrome like Mr Burns by Thud457 · · Score: 1

    So it was like that scene in Ghostbusters where everything was under control until EPA Inspector Walter Peck shutdown the containment facility.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  26. It was a honeypot by MobyDisk · · Score: 5, Interesting

    The contractor's computer was a honeypot. NSA hacking tools are being released on the dark web and they want to find out how they are being leaked. One theory was that Kaspersky was the culprit. So the NSA intentionally had a contractor put some NSA tools on a laptop that has Kaspersky, and had him put some other malware on there so that Kaspersky antivirus would detect it and wake up, then they watched to see if anyone scanned the NSA hacking tools and downloaded them.

    What is happening now is the ensuing PR war. The public won't really learn the truth for years, if ever.

    1. Re:It was a honeypot by MobyDisk · · Score: 1

      I think that's why they setup the honeypot: to find out how those tools were leaked. The story that a contractor traveled overseas with secret hacking tools on an laptop with no encrypted hard drive strains believability to the point where the "conspiracy theory logic" seems more reasonable. *shrugs*

  27. Does anyone else thing it'd be funny to ... by Hal_Porter · · Score: 1

    ... mock the NSA guy for this?

    E.g. the Kaspersky guys could say "Look out! Here comes Typhoid Mary!" whenever they saw him. That shit would never get old.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  28. Re:But, but Russians hackers... by Anonymous Coward · · Score: 1

    Oh, the irony of your "(-1: Post disagrees with my already-settled worldview) is not a valid mod option." sig.

  29. Riiiiiight by WillAffleckUW · · Score: 1

    And my grandfather, my dad, and I never served in units fighting Russian operatives during the Cold War(s).

    Suuuure.

    Try another one.

    Maybe they'll byte.

    --
    -- Tigger warning: This post may contain tiggers! --
  30. Re: Doesn't work when it's turned off [Re:That's a by Brockmire · · Score: 1

    Why didn't it alert the user after it was re-enabled? We are to believe the software detected the Trojan, you don't think it should have alerted the user if not automatically remove it? Fucking useless software if it can only detect the installer and not the installation. The only way to read this is either the software is garbage, or they are lying.

  31. Re:But, but Russians hackers... by cyn1c77 · · Score: 1, Insightful

    I'm so confused. I thought Russia was bad.

    All governments are "bad", they just use different methods.

    That said, if any government gets to spy on me, I'd rather it be a foreign one, simply because they don't have as many opportunities to mess up my life, or terminate it.

    Really?

    You don't think that a foreign government can:
    1. Leak sensitive data online and make it look like it came from your computer?
    2. Tell the US that you are a mole for them?
    3. Send a foreign operative into your house to kill you?

    Your own country is tasked to protect you. At the very least, it wants your taxes.

    A foreign government doesn't give a hoot about you, your life, or your family.

  32. Re:Doesn't work when it's turned off [Re:That's a by EvilSS · · Score: 1

    I hope this dork got fired for such incompetence....

    Fired? He should be arrested for removing classified information without authorization. As a matter of fact anyone else find it kind of weird that we haven't heard of this happening yet? With all the other leaks, even if this one wasn't intentional they should have come down on him like the hand of god itself to make an example.

    --
    I browse on +1 so AC's need not respond, I won't see it.
  33. wow, that is amazing by Sqreater · · Score: 1

    It seems like the United States Postal Service network is becoming more secure that that of the NSA.

    --
    E Proelio Veritas.
  34. In case you're not able to piece it together by Anonymous Coward · · Score: 1

    Kaspersky AV was installed on a machine full of malware and NSA hacking tools. Kaspersky AV then did its job perfectly, and retrieved samples of all the malware.

    America then got wind of this, and because this is 1) embarassing to the NSA, and 2) proves that Kaspersky is a top product, America is now in a full head-on propaganda assault, spreading lies and misinformation that Kaspersky and the Russians (all of them, apparently) are hacking into your computers.

    Wake the F up. The only two AV-suites you can trust to not be compromised and do their job at this point is F-secure and Kaspersky. You won't be better off if you let America kill Kaspersky, and eventually other foreign AV-suites.

  35. Re:Dobro pojalovati v rossyu by alexo · · Score: 3, Interesting

    Esli ti schitaesch normalinim pitki v politsii, ubiystva geev, korruptsiu na samom verhu vlasti

    While "civilized" countries outsource their torture to Syria or Guantanamo Bay, the end result is similar. The Russians may be more overt, but that is because the west finds different methods of controlling the populace to be more effective (or possibly more cost-effective).

    As for the gays, you may want to read up about Alan Turing, who never set foot in Russia.

    Corruption is rife everywhere.

    tebe konechno ponravitsya rossia.

    What does it have to do with anything? I live in Canada, not in Russia, so I care more about CSIS than the FSB.

    Russia is no paradise and Putin is no saint, but there are almost 200 countries in the world and a good number of them have a worse track record. Is that an excuse? Of course not, but I prefer to concentrate on what is happening in the country I live in and in those in which I have relatives and friends.

    And come to think of it, so do you, since I didn't hear you complaining about Kim Jong-un's reign of terror or the atrocities of Bashar al-Assad.

    Rasskazati kak ubili Litvinenko? A vedi on bil v foreign government.

    Litvinenko was an ex FSB officer and a personal thorn in Putin's side, hardly a good example.

    International assassinations are nothing new. Some countries use Polonium-210, other use drones.

    Think what you wish for.

    I did not "wish" for anything.

  36. Re:But, but Russians hackers... by alexo · · Score: 2

    Really?

    You don't think that a foreign government can:
    1. Leak sensitive data online and make it look like it came from your computer?
    2. Tell the US that you are a mole for them?
    3. Send a foreign operative into your house to kill you?

    What for? Why expend the resources? Why bother with me? Don't they have enough domestic problems?

    Your own country is tasked to protect you.

    Tell that to Maher Arar.

    A foreign government doesn't give a hoot about you, your life, or your family.

    And that's the main reason I am less concerned about them than I am about my own.

  37. Re:But, but Russians hackers... by alexo · · Score: 2

    As far as I know all those people were either in Russua, Russian citizens, or both.
    Therefore, they were terminated by their government (or a local one), which is exactly my point.

    I criticize Putin quite vocally, but I doubt he's going to send assassins to Canada to silence me.

    On the other hand, an encounter with the local police can easily ruin my day.

  38. Re:But, but Russians hackers... by Bryansix · · Score: 2

    Even joking about this is sad. Learn how to have an argument. Attack the argument, not the source.

  39. Re:Doesn't make any sense by Bryansix · · Score: 1

    You are oversimplifying a complex problem. It's much simpler to block the backdoor than to create a removal tool. Many of these malware programs actively thwart removal attempts.

  40. Slashdot is Kaspersky running dog by EmperorOfCanada · · Score: 1

    Why does slashdot keep mentioning Kaspersky? The world needs to just forget they exist. Kind of like the country they are in. The world doesn't need it at all, but it needs the world. Let's just ignore the whole bunch.

  41. Jim Morrison proposes all-female anti-hacker squad by hyades1 · · Score: 1

    Echoing the sentiments of such security giants as Howlin' Wolf, Willie Dixon and Chicken Shack, Mr. Morrison, CEO of security company "Doors" was crystal clear about an increased role for women in protecting certain software and hardware ports from unanticipated penetration.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  42. Re:Jim Morrison proposes all-female anti-hacker sq by hyades1 · · Score: 1

    "The men don't know/But the little girls understand.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  43. Re: But, but Russians hackers... by bestweasel · · Score: 1

    You forgot that a foreign government can also manipulate your country's electorate into choosing a monumentally unsuitable, incompetent, damaging and divisive leader.

  44. Re: But, but Russians hackers... by david_thornley · · Score: 1

    And this would have anything to do with anti-virus...how? I don't like it when Russians try to mess with US elections. (I don't like it when the US messes with other countries' elections, but I seem to be in a minority here.)

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  45. Re: But, but Russians hackers... by bestweasel · · Score: 1

    I was adding to the ways in which a foreign government can mess up someone's life.

    Tangential maybe but this is about Kaspersky who are defending themselves from the accusation of being, hosting, or being used as a vector by, Russian spies.

    We have this NSA analyst who has access to the source code of their spying tools, copies a zip file containing it and the tools themselves to a USB drive, takes it home and plugs it into his PC which is running antivirus software from a non-friendly state but that's OK because he's not meant to take classified info home.

    Then the Kaspersky scan discovers this malware in a zip file and downloads it as a sample.

    Why didn't the NSA analyst notice the big Kaspersky warning about malware on his PC? Maybe because they used a silent signature. Kaspersky have a patent on that: "If the silent signature coincides with malware signature, a user is not informed".

    But now Kaspersky say there was other malware on the PC. Easy enough for the NSA to verify.

    Will the US government say fair enough maybe it wasn't you and sorry for the lost business?

    Then again, maybe you believe this,

    Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kasperskyâ(TM)s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems. They provided their N.S.A. counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.

    The most obvious route is for the Russian government to have a willing or unwilling accomplice inside Kaspersky.

  46. Re: But, but Russians hackers... by david_thornley · · Score: 1

    Sorry for the misinterpretation. I agree that the US government should avoid Kaspersky, and that no classified information should be on a computer running Kaspersky.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes