Slashdot Mirror
Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware (vice.com)
A reader shares a report: The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files, according to a new report being released Thursday by Kaspersky Lab in response to recent allegations against the company. The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer in addition to the backdoor, and that the latter, which had purportedly been created by a Russian criminal hacker and sold in an underground forum, was trying to actively communicate with a malicious command-and-control server during the time Kaspersky is accused of siphoning the US government files from the worker's computer. Costin Raiu, director of the company's Global Research and Analysis Team, told Motherboard that his company's software detected and prevented that communication but there was a period of time when the worker had disabled his Kaspersky software and left his computer unprotected. Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well, though they saw no sign of it trying to communicate with an external server so they don't know if it was active on his computer.
In Russia, anti virus scans you
Exactly how did Kapersky Lab determine this?
By siphoning all the files off his computer, DUH
So first they admitted they retrieved the documents and patted themselves on the back for pulling down the documents that were leaked because they obviously involved data related to hacking.
NOW they're claiming there was malware on his system (oh, and that's not Kapersky's fault either because the user allegedly turned Kapersky off for a bit) so the leaks might have come from the malware and not from them?
I dunno... I would've led with the latter story FIRST...
What possible reason would Kaspersky have to lie?
Also, in Soviet Russia, antivirus software installs you.
You are welcome on my lawn.
I'm so confused. I thought Russia was bad.
No, I'm sure they're paying you a decent rate with benefits as a government employee.
What is that in Russia anyway? $247 a month?
Slashdot should examine the IP addresses of the downmods of this sarcasm.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Every country has spooks. None of them should be trusted, even if they have your best interests in mind, which if you're American the Russian SVR probably doesn't.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
That looks like some NSA worker used a private USB stick to transfer some of the "internal tools" from his computer to another, forgot about it, stuck it into his computer at home that ran Kaspersky, Kaspersky scanned the stick, the AV heuristics determined the stuff looked kinda fishy, did a closer scan, and eventually sent a copy to Russia. Whether that happened after asking "Hey, dude, something's kinda odd about this file, mind if we analyzed it?" or not is kinda moot now.
And since it would be kinda embarrassing to admit such a blunder and that the NSA, of all agencies, handed their valuable zero days to the Russians... let's rather say those damn Russkies in general and Kaspersky in particular are "hacking" us.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Exactly how did Kapersky Lab determine this?
The computer in question was running Kapersky antivirus software, which logs when it discovers viruses and malware.
Kaspersky's antivirus doesn't protect against malware? Now you've really thrown down the gauntlet!
It doesn't protect when it's turned off. From TFA:
So... he's a developer for NSA creating malware, and it detected malware? Sounds about right. The guy was probably testing explicitly if Kapersky could detect the malware since that's what the Russian targets would use. And it did. And now they're pissed / backroom deal with American anti-virus companies to ensure only their shittier software is used (which likely doesn't detect NSA's malware, or has explicit exemptions built-in).
I'm so confused. I thought Russia was bad.
All governments are "bad", they just use different methods.
That said, if any government gets to spy on me, I'd rather it be a foreign one, simply because they don't have as many opportunities to mess up my life, or terminate it.
... he brought home non-government malware that might have stolen the government malware he was working on?
I am sure that there are many other solipsists out there.
All governments are "bad"...
... but most of them are so grotesquely incompetent it doesn't matter too much.
As Bertrand Russell once observed, ancient Greece was somewhat redeemed by the fact that the police were so inefficient that most decent people were able to escape their attentions.
I am sure that there are many other solipsists out there.
Kaspersky's antivirus doesn't protect against malware? Now you've really thrown down the gauntlet!
It doesn't protect when it's turned off. From TFA:
I hope this dork got fired for such incompetence....
You're messin' with my Zen Thing, man.....
Those guys are supposed to have a semi-infinite annual budget. They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas. How incompetent can they be?
I don't know if I'd want a virus scanner that has the ability to automatically remove files without my explicit permission. Imagine if your virus scanner itself were compromised and told to treat regular files as infections.
The contractor's computer was a honeypot. NSA hacking tools are being released on the dark web and they want to find out how they are being leaked. One theory was that Kaspersky was the culprit. So the NSA intentionally had a contractor put some NSA tools on a laptop that has Kaspersky, and had him put some other malware on there so that Kaspersky antivirus would detect it and wake up, then they watched to see if anyone scanned the NSA hacking tools and downloaded them.
What is happening now is the ensuing PR war. The public won't really learn the truth for years, if ever.
No comrade! I am American from good family. My grandfather fought in the Great Patriotic War and my father was top Silovik. Would you like to borrow my thumb drive?
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
It should be really fucking obvious but it seems you are a bit dim. The person didn't trust US security software for some reason and instead preferred to use Kaspersky security software for some reason. Now for normal security software, the default setting is to send back a report about infections found, so that the security companies can tighten security, that is like so obvious. The idiots world view presented by the lying American establishment is, if you hire a security guard to guard you property and he finds someone breaking in and removes them, the security guard should no tell anyone, not report it to the security company and not report it to the authorities via the security company, they should keep it a secret because 'er' yeah, bullshit.
That a NSA employee preferred Kaspersky software over US security software is extremely revealing ie probably you should prefer it as well but than again their machine was already infected but of course that could have been because of failed US security software with national security letter mandated back doors (hence the reason for the NSA employee to use Kaspersky, maybe they did not trust the NSA, their employer and for good reason).
So how about this for a headline "USE KASPERKSY SOFTWARE BECAUSE IT IS WAS NSA AGENTS PREFER TO USE!!!". Make you feel happier now ;D.
Chaos - everything, everywhere, everywhen
Esli ti schitaesch normalinim pitki v politsii, ubiystva geev, korruptsiu na samom verhu vlasti
While "civilized" countries outsource their torture to Syria or Guantanamo Bay, the end result is similar. The Russians may be more overt, but that is because the west finds different methods of controlling the populace to be more effective (or possibly more cost-effective).
As for the gays, you may want to read up about Alan Turing, who never set foot in Russia.
Corruption is rife everywhere.
tebe konechno ponravitsya rossia.
What does it have to do with anything? I live in Canada, not in Russia, so I care more about CSIS than the FSB.
Russia is no paradise and Putin is no saint, but there are almost 200 countries in the world and a good number of them have a worse track record. Is that an excuse? Of course not, but I prefer to concentrate on what is happening in the country I live in and in those in which I have relatives and friends.
And come to think of it, so do you, since I didn't hear you complaining about Kim Jong-un's reign of terror or the atrocities of Bashar al-Assad.
Rasskazati kak ubili Litvinenko? A vedi on bil v foreign government.
Litvinenko was an ex FSB officer and a personal thorn in Putin's side, hardly a good example.
International assassinations are nothing new. Some countries use Polonium-210, other use drones.
Think what you wish for.
I did not "wish" for anything.
Really?
You don't think that a foreign government can:
1. Leak sensitive data online and make it look like it came from your computer?
2. Tell the US that you are a mole for them?
3. Send a foreign operative into your house to kill you?
What for? Why expend the resources? Why bother with me? Don't they have enough domestic problems?
Your own country is tasked to protect you.
Tell that to Maher Arar.
A foreign government doesn't give a hoot about you, your life, or your family.
And that's the main reason I am less concerned about them than I am about my own.
As far as I know all those people were either in Russua, Russian citizens, or both.
Therefore, they were terminated by their government (or a local one), which is exactly my point.
I criticize Putin quite vocally, but I doubt he's going to send assassins to Canada to silence me.
On the other hand, an encounter with the local police can easily ruin my day.
Even joking about this is sad. Learn how to have an argument. Attack the argument, not the source.