Slashdot Mirror
'Very High Level of Confidence' Russia Used Kaspersky Software For Devastating NSA Leaks (yahoo.com)
bricko shares a report from Yahoo Finance: Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers. In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.) And last week the Wall Street Journal reported that U.S. investigators "now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored." Members of the computer security industry agree with that suspicion. "I think there's a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky ... and it's very much attributable," David Kennedy, CEO of TrustedSec, told Yahoo Finance. "Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it's legitimate."
If Kaspersky are indeed behind this, they are doing what their company is supposed to do: find malware and make it public. Without their help, NSA's malware would be still in the wild.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Donald Trump is still shielding Russia from accountability for its multiple attacks on our country.
He won't even admit that Russia hacked into our election equipment!
who says spies do not have fun?
Why was there a leak in the first place?
Are NSA really using Kaspersky AV on their secure systems? Quite surprised really
Had my new Win10 machine, decided to put the latest version on. Kas put a man in the middle SSL scanner so it could scan SSL streams. After I told it not too and even disabled it, it still tried to scan all my SSL traffic and would block my browser. It just would not leave my SSL traffic alone even after specifically disabling web protection. This was the scanner only, i did not install the full protection suite.
So I uninstalled it. Rebooted, and it still left the SSL middleware installed. WTF is this amateur behavior at Kaspersky.
No idea wtf is going over there at Kaspersky, but its gone to hell. I don't care if one of the fastest, very low cpu usage, and great anti-virus detection. These stupid games like MITM SSL without my permission is downright unforgivable.
There is no reason to doubt our esteemed intelligence community. When they implore us to trust them because the evidence is too dangerous to show to the public, it is every patriotic citizen's duty to trust them. Spies are lurking in every corner, even on our beloved Slashdot, so we must remain vigilant against efforts to undermine faith in government. Faith keeps us strong, strength crushes enemies. Have faith.
your thin skin doesn't make me a troll
"I think there's a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky ... and it's very much attributable," David Kennedy, CEO of TrustedSec"
Is Kennedy really a reliable source for this "information" and does anyone really have a "high level of confidence" in anything the US intelligence agencies say or believe?
Or that they are Mass Effect fans? Or that they would leak something they found valuable, instead of treating it as a resource for themselves? My Azure is tingling from these revelations.
Mic drop.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
The amazing part is that someone actually runs a closed source virus suite from a Russian vendor. Insane.
...What I want to know are the names of the people responsible for running a foreign COTS A/V on 'net-connected PCs and placing Classified/Top Secret data on those computers and what legal actions/charges are pending against them, and if no legal actions/charges are pending and/or they refuse to identify who they are, why not.
*THOSE* are the questions we should be asking very, very loudly and demanding and the people who should be spending time at Club Fed. Given that level of cavalier handling of such highly-classified and top-secret data, Kaspersky/Putin/FSB et al were likely the very LAST bad-actors to get the data.
How about we figure out how to plug the hole in the lifeboat first before we start holding hearings on where to place the blame?
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Very embarrassing for Obama and the Democrats.
Haha.
Is it fair to hold your CEO accountable for every action you or even your team takes at your job? Sure, sometimes you do something because of a policy or general culture set by upper management, but sometimes you take a course of action because that simply what you wanted to do.
Not everything that a Federal Government does during an administration is the direct responsibility of the administration and/or ruling party.
I stole this Sig
Looking only at motivation, one must note that Kaspersky was a financially successful company with a bright future in an increasingly critical industry. They owed that to a growing reputation (and a lowered reputation for some competitors). What incentive would motivate them to sell out to any government? The only thing I can think of is (1) A death threat, or (2) a greater amount of money than their expected future profits. I doubt either 1 or 2 and I think it illogical for Kaspersky to break trust that was so valuable to them.
But what about the motivation of the US government? They look bad with so much failure to deal with leaks and malware. And what does any government do to deflect blame? They find a scapegoat! Kaspersky looks like an easy target, especially with the Russia scare. And the American public loves to jump on that sort of bandwagon.
...omphaloskepsis often...
.
Not only were there the usual viruses associated with stolen code from MS, but also this stuff from NSA which was picked up as it had the signature of a nasty - because it IS. If the Russians got ahold of it because they had already penetrated Kaspersky...then Kaspersky didn't actually do this - they were an unwitting "useful idiot" at most.
But we have to hate them? Want to bet that's because they refused to back down about putting bugs into their code to "not notice" TLA code, when all other AV's agreed to do that?
.
OK Occam's razor - find another reason that makes sense all around. GoodLuckWithThat. I've yet to see reasonable evidence that the shadow brokers are even russian - they might be, but who knows? Attribution is hard. CIA's leaked tools show their tricks for leaving a false trail, for example (and this is yet another reason not to give any of these guys an encryption backdoor they promise to keep safe - they can't even keep their own stuff safe).
Why guess when you can know? Measure!
It is sad watching slashdot reduced to repeating neocon waffle on a technology forum.
Not to defend Kaspersky, but this seems to be the trend with most security (or perhaps it's even more general than that) software. A new product comes out that's free of cruft, relatively easy to use, and works effectively. Eventually it turns to shit and it becomes as bloated and craptastic as the other software that it replaced some years ago. Fortunately, there's a new product that has just come out . . .
Stop smearing Kaspersky, it's the only company not in bed with the NSA.
Shit probably got stolen by one of the 50 Intel backdoors anyway.
"High level of confidence" means "We got nothing but we'll smear someone anyway"
Unless that thing supports a particular narrative, in which case it "starts at the top".
Beware of the Leopard.
I refuse to install more propitiatory crapware on my computers. I've got enough of it as it is at low levels. We need to cut the crap out and move away from Intel/AMD and other chipsets from companies that won't provide a *complete* set of source code. None of this "open source" non-sense where you only provide half the code or some code wrapped around a proprietary blob. No. I want a *COMPLETE* set of source code that is needed to operate the device. It blows my mind countries don't mandate in law that a complete set of source code be released under a set of free software licenses before said country will allow a products sale within the country- or at least to government or contractors working for government or critical industry sectors thereof.
Classified information is pretty carefully controlled.
Kaspersky is not on the list of approved antivirus software.
So if there's a "problem" here, it's that Someone moved classified information to an insecure machine.
Comment removed based on user account deletion
Again? No. It never stopped, not since Gulf of Tonkin...
Just a little reminder. Hillary lost. I, for one, am glad for that! The DNC emails helped to expose the party's true intent. I don't care WHO "leaked" them! Public interest shall prevail.
Comment removed based on user account deletion
So, you installed just the web protection and then disabled the SSL traffic scanner? Even though 50% of traffic is encrypted now? That really doesn't make any sense, and I would be surprised if the software wasn't designed to handle that stupidity. Of course, it should have just presented it in a take it or leave it thing precisely because it's absurd to claim to offer web protection without scanning SSL.
Odds are good that you disabling the SSL middleware means the uninstaller didn't realize it was there and didn't uninstall it. Or the uninstaller is crap, like most uninstallers on Windows.
The options are either (1) hijack the browser so the scanner is integrated into the SSL engine there (which is a mess) or (2) have an external SSL proxy that by its nature has to MITM to do a proper scan (feel free to correct me if I'm wrong on this). Don't get me wrong, the documentation should have been clear on this and made it clear that the SSL scanner was a required component, but the notion of disabling the SSL scanner while demanding it provide web protection is insane.
Meanwhile, Comodo wants to keep resetting Chrome to use Yahoo "for web protection" and repeatedly reinstalls a Yahoo Search extension if you delete it. So, yea, Anti-Virus developers can be shitty. Oh, and I disabled Comodo's web protection feature and HIPS because they're shit. I really only wanted Comodo for the Containment option, but I don't honestly know if I can trust even that.
C'mon, dude! Stick to the narrative!
Trump + Russia = Treason treason treason REEEEE!!1!! Hillary was supposed to win!!!!!
Are these the same sources that attributed the Mirai botnet to Russia-sponsored actors?
We don't have a good track record of attributing these actions of late.
Russia is not the big bad enemy. This is all a distraction to keep our attention away from the US government and it's misdeeds.
Support your local school shooter, give them your firearms.
I am American and see obvious fakery of this news. Deep state Clinton-Soros conspiracy wants to be true for anti-Russia propagandas to work and coup to be completed.
Didn't think any gov agency could use software from a different country.
Bringing the thread back on topic, my experience at work shows how Kaspersky would have accidentally "hacked" this material.
For my day job I write software tools which scan networks, checking to see if any computers on the customers' network are vulnerable to any known vulnerabilities. Occasionally the antivirus/anti-malware that is mandated by corporate flags our on tools as likely malware. That makes sense, because our code looks a lot like malware code - we seek out vulnerable hosts, checking each to see if it's actually vulnerable. After that, our system reports to the customer where their vulnerabilities are, but to anti-virus / anti-malware systems our code resembles a threat. Our code also closely resembles some of the NSA code, which was basically malware. Our company has to conform to certain security standards, and those standards require all desktops and laptops to have anti-virus / anti-malware, so we aren't supposed to just disable it, even though it's troublesome when it flags our own files. Right or wrong, bureacracy requires that our systems have this protection.
The anti-malware vendors program their software so that when it detects a new strain of likely malware, it sends a copy back to the vendor so they can learn about the new malware. That's typical so they can provide better service by continually adding new detection for new malware varieties.
If, due to bureacratic fiat or any other reason, anti-malware were installed on an NSA system which had a copy of the NSA kit, I'd expect the anti-malware would detect a few of those tools as being possible malware infecting the system. (It is basically malware, after all). Standard practice would be for the anti-malware system to send samples back to Kaspersky, so they can update and improve their detection. Some low-level analyst at Kaspersky would receive several new zero days all "infecting" one computer. Since there are several and they are new, they'd alert their boss and Kaspersky would/should take a look at this customer system that contains several new zero days. Maybe look at the folder the zero days were in to see if more new threats are there. In the same folder the zero days came from, they'd find the NSA manual on how.yo use them. Suddenly Kaspersky would have the NSA kit without ever doing anything more than doing their job as expected.
The policy that would cause this to happen - without any malice by anyone, would be a rule that "all NSA desktops must have anti-malware installed", combined with choosing Kaspersky, a foreign company, as their vendor.
Are you sure? (y/Y)
Mike @ The Geek Pub. Let's Make Stuff!
Every skilled malware maker would know to use man in the middle to see if their new effort was been detected in real time?
Who knows what NSA work looks like when its still been created?
Good behavioral analysis by any quality AV would see a change to the OS, new code, strange code in a new place and report it as it would any new malware.
Domestic spying is now "Benign Information Gathering"
> Officials lack conclusive evidence, but incidents involving the firm’s antivirus products raised alarms
This is literally the first line after the title. The rest of the article is innuendo and has the usual cadre of anonymous sources making unsupported allegations.
Is the GOP that dirty? Or are they just useful idiots? Either way, their lack of wanting to protect America from Russian incursion hurts the US.
kasperski did what every other av vender should have done, report the connections. if he wanted to, he could monetize the whole shabang by creating a very profitable app. maybe even call it nsa-cia-search and discovery!
every single big name av company had all those files submitted in one version or another, but they did naught! at the behest of the us gov, no doubt. he merely followed up and reported. ok. he's russian! whoopy! he delivered a product that told the truth about whats on your computer! he still does that today! every other av vender won't tell you that the alphabet agencies have a presence on your computer!
why? who cares!
but this much is for sure, with the us gov ban on kasperski, they will never know that the cia - nsa has a HUGE fscking presence on their gov / mil computers!
factoid ... when winroute pro firewall came out umpteen years ago, it spotted the worm in a popular hdd partitioning software. it showed up in the log files produced. for those who still have any, it was a huge long line of spaces with the iso name at the end ! they got bought by symantec and i stopped using all there av products.
factoid ... spinrite caught nsa - cia hdd partitioning errors, steve never mentioned or exposed it, but his software still shows when your hdd has unrecoverable partition errors. firmware hacks on maxtor, wd, etc etc
Donald Trump is still shielding Russia from accountability for its multiple attacks on our country.
He won't even admit that Russia hacked into our election equipment!
hrc had how many millions of illegal bused in out of state vote?
the dems not only cheated but they lost. totally fscking funny!
So... you have a report written by ... someone... that says something based on evidence we can't look at? Well, it's in the NYT, it has to be true! Except for that one time a reporter made up stories whole cloth for a few years, but that doesn't count. Solid evidence like someone saying that a report says something based on data we don't have is good enough for me!
We all know they won't show us that because they know how badly the Trend Micro and Crowdstrike reports were crapped on when more competent people found all the stuff they "missed" ... like the fact that an old version of a crappy freeware program named P.A.S. was being used or that most of the IPs were just Tor exit nodes.
Why don't you give us something we can actually research and corroborate? Giving us random hearsay from a report doesn't qualify as "evidence" to a normal person.
I think it was 2 million, no wait, how many more votes did she get? Make it 4 million.
> Eugene Kaspersky himself said that happened
Ah, thanks - I hadn't seen that. It certainly makes sense though - someone was trying to be safe by using Kaspersky, and Kaspersky was trying to do their job by taking notice of new malware on their customer's computer.
> and he told them to immediately delete all copies of the files.
> Someone perhaps didn't?
I'm not sure I would have deleted *all* copies if I were in that situation. :)
Found it.
https://www.theguardian.com/te...
You are likely a paid shill, here to do nothing but spread misinformation. Thereâ(TM)s plenty to bash HRC for but voter fraud is not one.
So what are you, dumb as fuck or a shill sent here to spread bullshit?
No fake n*** here, just bullshit.
Anyone who knew Hillary knew she was dirty for years. Whatever the Russians did/did not do during this election doesn't matter. What matters is that the DNC and Hillary were so dirty that they couldn't even come to the table with their hands clean on any single subject. Add to that the single sided media coverage during an era of information exchange and you got yourself a one-way ticket to loserville. Hillary lost her own campaign due to over-confidence in the control systems in place.
Try again USAmerican.
#morans
#getabrain
The OP specifically turned off the "web protection" (which should have stopped the program scanning web traffic, encrypted or otherwise)
Only Russian spies have Russian anti-virus software installed. That's how they send stolen secret documents back to the Motherland.
The notion to blame the russians is now a default reaction. But it's like admitting the russians are way better with everything software.
"I think there's a very high level of confidence" - that alone discredits any belief in accurate investigation of the accusations.
We know from the Snowden leaks that the NSA bragged about being able to piggyback on others exploits and 3rd party security software, so of course the Russians would do the same. You have to bear in mind that any kind of approach they are using must be tested for being undetectable by all known antivirus programs anyway, so hijacking these programs in the first place is a reasonable approach. Whether Kaspersky colluded with Russian intelligence to facilitate that is unknown, but it seems reasonable to assume that Kaspersky are willing to and also couldn't decline even if they wanted.
grep for operations that copy memory, then laugh at their complete failure when doing what should be simple arithmetic. mem corruption and memory leaks everwhere (read: code execution).
Fine, and did you send them a patch to fix the problems ? or at least submit an issue on their tracker ?
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
"I think there's a very high level of confidence"
This sounds like straight bullshit and can mean four different things and also used interchangeably:
1) A single individual having confidence in something, being dubious because of that.
2) A categorical level of confidence that by itself would be a-point-about-a-point, lacking merit as such.
3) A personal opinion, with no merit to the argument beyond that.
4) Free interpretation with 'ironic distancing', in which the merit to the importance of something, is there would be an idea of 'confidence', as if you are simply asked to buy into the idea, the same way you would be indoctrinated about some way of understanding something (like believing and trusting a dedicated source, like parts of the intelligence community).
And finally: The phrase "and it's very much attributable" also sounds like bullshit.
As if the use of a categorical understanding that way, when explicitly uses a label ('attributable') for damning something or somebody, would be something that would be reasonable (which it couldn't), as if assigning trust to some piece of evidence was something you simply did by just jumping to conclusions, with whatever amorality, ignorance, prejudice or political or personal agenda one might be bringing into it all.
And then there is this:
"Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it's legitimate."
Which also sounds like bullshit to me. I find the very sentence to be either meaningless, or to be inferring a form of circular reasoning: by how firstly, the language in the sentence claims to argue the very merits of legitimacy by making a point about David Kennedy is not only simply ignorant of there being legit information in the first place, but also, that David Kennedy find such ignorance a pragmatic problem that also happens to be "unfortunate" and thus somehow acceptable; secondly, in making a case for viewing 'information' as "legitimate" regardless, by arguing for a predicament in which they are simply told what to believe by others, a sentence like this which both rely on understanding himself as being ignorant of the relevance of any understanding of a situation, he would also find himself unable to make an evaluation in any case with any information, which would be the same as saying that the intelligence community gets to decide what information is even relevant, in cases pertaining to investigations-into -whatever. The notion of "seeing if it's legitimate" is probably void of meaning, both when excluding oneself from doing any meaningful 'seeing/rational thinking)' on his own part, and if including oneself in making any decision if things are legitimate or not, when relying on hearsay from the intelligence community.
As far as I can see, the difference between being used and collusion is being ignored. If I hop on a bus to get to a bank I'm going to rob, I am using the bus and its driver. If the bus driver drops me off, and waits for me to run out of the bank back onto the bus, he has colluded. Either I am not understanding what is being said or most of the comments here are by really intellectually challenged people. So, since Kaspersky is on record admitting to having the NSA code, and it is widely accepted that as an AV vendor, they should have had that code (given where it came from), where is the information which proves or even suggests that they colluded? WSJ last summer said "security experts" believed that Kaspersky must have knowingly provided the code to the FSB. If so, I'm not sure I see the problem, but is it so and what evidence is there for that? Still haven't seen the lines drawn between the dots, but a lot of this is over my head.
That's it.
I remember a militaristic superpower lying to its own citizens about hidden weapons, metal tubes, babies being pulled from incubators, etc all to start a $1T+ war. Same guys.
Show me proof or fuck off.
In a properly run secure computing facility, classified materials are NEVER, EVER allowed to exist on computers connected to insecure networks. That's not a suggestion, that's a formal requirement, at least for the programs I used to work on. OS updates, antivirus software, everything was air-gapped from the Internet. No exceptions. For the exfiltration to happen as described, the NSA must be routinely violating basic infosec procedures in ways that would get any contractor fired, fined, and possibly imprisoned.
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
'Very High Level of Confidence' Russia Used Kaspersky Software'.
So what does that mean? Is "We heard it from two people" very high? For all I know the "Very high" still means that they THINK it is the case, but are not sure. The amount of "Very High Level of Confidence" as finding WMD's in Iraq? Because we know what that ended up to be.
What I see is that the NSA does not want us to use it. So what does that mean in the best case scenario? Only the Russians have access to data IF you use Kasperski.
What does it mean in the worst case scenario? The NSA does NOT have access if you use Kasperski, but besides that everybody, including the NSA has access. So if you use any other Anti Virus program, they still have access.
Because how do you know the Russians don't have access when you use anything else?
Don't fight for your country, if your country does not fight for you.
If I were a national security apparatus and there was a product out there that could detect my dirty deeds, I wouldn't want it widely used by people either. So how do you stop people from using it? Well, one way would be to put out disparaging information about said product being bugged by others. You're a national security entity so you'll never be required to actually show your evidence......after all, it's classified because reasons.
We the unwashed masses are forced to make decisions using information put out by a host of entities that lie for a living. I don't know who to believe, however I usually find it instructive to view the actions of those who know way more about these matters than I. These people used Kapersky religiously.
Unless presented with reasonable evidence to the contrary, I'm going with all this being a FUD campaign by the intel community.
You can't just copy secret material to your home laptop and take it to a bar to work on it. There are strict controls in place
Those controls are enacted by humans, who can either accidentally or intentionally work around the controls.
"Don't copy this to a CD and walk out of the SCIF" is such a control. That control is not infallible.
Comment removed based on user account deletion
So, you installed just the web protection and then disabled the SSL traffic scanner? Even though 50% of traffic is encrypted now?
Financial and health data is among the SSL-encrypted traffic. If you don't want something seeing those things, then you either need to exempt your bank/healthcare sites or disable the SSL scanner entirely. Enterprise proxies usually offer this out of the box---most US organizations will not decrypt traffic to these destinations.
And besides, it's up to him as to whether he wants SSL decryption at all. The feature should be configurable.
Odds are good that you disabling the SSL middleware means the uninstaller didn't realize it was there and didn't uninstall it.
Shit application, shit installer. There is no reason an application cannot keep track of which modules are installed regardless of whether a user disables them.
Meanwhile, Comodo wants to keep resetting Chrome to use Yahoo "for web protection" and repeatedly reinstalls a Yahoo Search extension if you delete it.
They have a deal with Yahoo, and they value Yahoo's money over your express wishes. That should tell you all you need to know about your security vendor.
Antivirus programs are getting to be a bit pointless these days. If you have good security measures, you won't get hit by the kind of crap they can find in the first place.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Pho is facing 10 years for copying that information. Yes, there are rules and procedures---and he broke them. No sympathy, really.
So how can Russia use software that isn't supposed to be exposed to secret information, to steal secret information?
Did you miss the part where a dumbass contractor copied the files and then put them on his computer at home? It was a courier delivery by Air Retard.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
These stupid games like MITM SSL without my permission is downright unforgivable.
Except for the Microsoft MITMs built-in to the O/S to override even HOSTS, of course, those are forgiveable, amiright?
You're running WIn10, so you've already been owned, my man...
If one of my customers' machines were infected with multiple new zero days, I'd expect to find more information about the infection, and maybe another zero-day or two, by looking in that folder. I'd "tell* the client-side agent to send me the entire folder. I'd be thinking "this customer is going to love me for finding this really nasty infection" and I'd get as much information about it as I could.
I've found a LOT of infected machines, mostly web servers, and I've never had a customer complain that I got too much information for them about what's going on. When I call or email them they want to know "how badly infected is the system? How did the bad guys get in? How long has the infection been there?" They'll hold on the phone anxiously awaiting more answers while I dig through their system, so based on my experience over 20 years I'd expect the customer to want me to dig up as much information as I can.