'Very High Level of Confidence' Russia Used Kaspersky Software For Devastating NSA Leaks

bricko shares a report from Yahoo Finance: Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers. In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.) And last week the Wall Street Journal reported that U.S. investigators "now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored." Members of the computer security industry agree with that suspicion. "I think there's a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky ... and it's very much attributable," David Kennedy, CEO of TrustedSec, told Yahoo Finance. "Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it's legitimate."

Kaspersky did their job

[KiloByte]

If Kaspersky are indeed behind this, they are doing what their company is supposed to do: find malware and make it public. Without their help, NSA's malware would be still in the wild.

Re:Kaspersky did their job

[Mike+Van+Pelt]

There's a difference between detecting malware running on the PCs that Kaspersky is protecting, and leveraging its presence on a PC in an intelligence agency's network to exfiltrate their little logic bombs. The first is entirely legitimate. The second... is espionage. I think it was Heinlein that said "Espionage is not immoral; everyone does it. But the cost for getting caught at it is very high." The cost to Kaspersky is likely to be very high indeed, whether someone at the company did it, or some Russian TLA inserted the code without their knowledge.

Kaspersky should have stuck to the first. Still, I wish they had let Stuxnet have its way with Iran's centrifuges for a few more years.

Re:Kaspersky did their job

Russia has also been known to spread FUD over the internet via forums and posts. I think this is one of them. At this point, Kaspersky has been shown to be malicious and should be dropped from use with haste by everyone.

Re:Kaspersky did their job

Yes, he ran against Hillary.

Re:Kaspersky did their job

Except modern antivirus products use various algorithms to spot novel malware programs that it doesn't know yet as well as ones it has published signatures for. A program is a program. The antivirus software has no way to know the difference between a malware that has infected a computer and a malware that has been compiled by that computer's user. They were indeed doing their job. The fault lies with the NSA having antivirus software installed on a computer where they were developing viruses.

Re:Kaspersky did their job

[johanw]

> And was publicly opposed by hundreds of prominent members of the GOP & the American Right, incl both Presidents Bush

That is quite a recommendation. No wonder he won.

Re:Kaspersky did their job

[DCFusor]

I'd mod this up if I could. Damn partisans miss the point - they're all crooked as hell.

Re:Kaspersky did their job

[negRo_slim]

Can we get back on topic, I'm trying to find any of that stuff... uhhh shit what's it called, umm prof? pruf? Oh no PROOF that's right. Has any proof been offered up or are still just on red scare autopilot?

Re: Kaspersky did their job

Everything was apparently against Trump, yet he won. Just. The margin was so narrow that the Russian help from the stolen documents and massive social media trolling was vital in pushing him over the finish line first. Not that he colluded, no he would have been as oblivious to their help as he is to most things which don't have his name on.

Unfortunately, the Russians are unable to help him now he's president, and try as they might, his supporters are unable to stop everyone seeing his chaotic ignorant incompetence. All of which is great for his opponents, of which there are more and more, appalled at what he's doing to the USA and its reputation. At this rate, the GOP will lose its majority in Congress in November, if Trump lasts that long.

I hope his interview with Mueller is filmed. I want to see him squirm, as for possibly the first time in his life he is forced to tell the truth.

Re:Kaspersky did their job

[sound+vision]

Are you sure about those judges? I have seen Trump promote exactly two:
#1 Had no experience in law and could not answer what should be basic questions about legal proceedings
#2 Got America confused for a theocracy and had to be removed from office

So, blatant disrespect and/or ignorance of the law. The kind of people who need to be kept far, far away from positions of power.

Very high level of confidence in TREASON

Donald Trump is still shielding Russia from accountability for its multiple attacks on our country.

He won't even admit that Russia hacked into our election equipment!

I believe it and so should you

[poity]

There is no reason to doubt our esteemed intelligence community. When they implore us to trust them because the evidence is too dangerous to show to the public, it is every patriotic citizen's duty to trust them. Spies are lurking in every corner, even on our beloved Slashdot, so we must remain vigilant against efforts to undermine faith in government. Faith keeps us strong, strength crushes enemies. Have faith.

Zero evidence = No case

[Karmashock]

Mic drop.

Amazing

[110010001000]

The amazing part is that someone actually runs a closed source virus suite from a Russian vendor. Insane.

Re:Amazing

[DNS-and-BIND]

Why not? What have we got to fear? The NSA has a much larger chance of harming me than some distant foreign government. In fact I'd say the dirty foreigners' interest in me is about zero, while the NSA has a constant canker of anxiety about us American citizens, otherwise it wouldn't be spying on us illegally. I simply have less to fear from the foreigners and much to fear from the lawless NSA.

Never Mind All That...

[BlueStrat]

...What I want to know are the names of the people responsible for running a foreign COTS A/V on 'net-connected PCs and placing Classified/Top Secret data on those computers and what legal actions/charges are pending against them, and if no legal actions/charges are pending and/or they refuse to identify who they are, why not.

*THOSE* are the questions we should be asking very, very loudly and demanding and the people who should be spending time at Club Fed. Given that level of cavalier handling of such highly-classified and top-secret data, Kaspersky/Putin/FSB et al were likely the very LAST bad-actors to get the data.

How about we figure out how to plug the hole in the lifeboat first before we start holding hearings on where to place the blame?

Strat

So, what steps?

[DCFusor]

Israel claims to have hacked Kaspersky and seen the Russians in there too - they told us and that's how we originally claimed we knew Kaspersky was involved at all. If you trace back this convoluted story, that's the closest thing you can find to something that's almost believable. OK, so some _NSA_ _dude_ breaks all the rules and takes the nasties home - accidental treason if you will - and happens to have a machine full of stolen microsoft code that came with viruses, and Kaspersky AV too. It sees this, and some other nasty looking things, and brings them back to the mother ship to see what's up - all as designed and as in the EULA and so on. All this was told to us by "reputable sources" naming "reputable sources" in the IC and promoted by the MSM. Now their story changes...they seem to be depending on people having a real short attention span.
.

Not only were there the usual viruses associated with stolen code from MS, but also this stuff from NSA which was picked up as it had the signature of a nasty - because it IS. If the Russians got ahold of it because they had already penetrated Kaspersky...then Kaspersky didn't actually do this - they were an unwitting "useful idiot" at most.
But we have to hate them? Want to bet that's because they refused to back down about putting bugs into their code to "not notice" TLA code, when all other AV's agreed to do that?
.

OK Occam's razor - find another reason that makes sense all around. GoodLuckWithThat. I've yet to see reasonable evidence that the shadow brokers are even russian - they might be, but who knows? Attribution is hard. CIA's leaked tools show their tricks for leaving a false trail, for example (and this is yet another reason not to give any of these guys an encryption backdoor they promise to keep safe - they can't even keep their own stuff safe).

Oh fuck off

Stop smearing Kaspersky, it's the only company not in bed with the NSA.

Shit probably got stolen by one of the 50 Intel backdoors anyway.

"High level of confidence" means "We got nothing but we'll smear someone anyway"