Slashdot Mirror


'Very High Level of Confidence' Russia Used Kaspersky Software For Devastating NSA Leaks (yahoo.com)

bricko shares a report from Yahoo Finance: Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers. In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.) And last week the Wall Street Journal reported that U.S. investigators "now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored." Members of the computer security industry agree with that suspicion. "I think there's a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky ... and it's very much attributable," David Kennedy, CEO of TrustedSec, told Yahoo Finance. "Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it's legitimate."

4 of 232 comments (clear)

  1. Kaspersky did their job by KiloByte · · Score: 5, Insightful

    If Kaspersky are indeed behind this, they are doing what their company is supposed to do: find malware and make it public. Without their help, NSA's malware would be still in the wild.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  2. Amazing by 110010001000 · · Score: 5, Insightful

    The amazing part is that someone actually runs a closed source virus suite from a Russian vendor. Insane.

    1. Re:Amazing by DNS-and-BIND · · Score: 5, Insightful

      Why not? What have we got to fear? The NSA has a much larger chance of harming me than some distant foreign government. In fact I'd say the dirty foreigners' interest in me is about zero, while the NSA has a constant canker of anxiety about us American citizens, otherwise it wouldn't be spying on us illegally. I simply have less to fear from the foreigners and much to fear from the lawless NSA.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  3. So, what steps? by DCFusor · · Score: 5, Insightful
    Israel claims to have hacked Kaspersky and seen the Russians in there too - they told us and that's how we originally claimed we knew Kaspersky was involved at all. If you trace back this convoluted story, that's the closest thing you can find to something that's almost believable. OK, so some _NSA_ _dude_ breaks all the rules and takes the nasties home - accidental treason if you will - and happens to have a machine full of stolen microsoft code that came with viruses, and Kaspersky AV too. It sees this, and some other nasty looking things, and brings them back to the mother ship to see what's up - all as designed and as in the EULA and so on. All this was told to us by "reputable sources" naming "reputable sources" in the IC and promoted by the MSM. Now their story changes...they seem to be depending on people having a real short attention span.
    .

    Not only were there the usual viruses associated with stolen code from MS, but also this stuff from NSA which was picked up as it had the signature of a nasty - because it IS. If the Russians got ahold of it because they had already penetrated Kaspersky...then Kaspersky didn't actually do this - they were an unwitting "useful idiot" at most.
    But we have to hate them? Want to bet that's because they refused to back down about putting bugs into their code to "not notice" TLA code, when all other AV's agreed to do that?
    .

    OK Occam's razor - find another reason that makes sense all around. GoodLuckWithThat. I've yet to see reasonable evidence that the shadow brokers are even russian - they might be, but who knows? Attribution is hard. CIA's leaked tools show their tricks for leaving a false trail, for example (and this is yet another reason not to give any of these guys an encryption backdoor they promise to keep safe - they can't even keep their own stuff safe).

    --
    Why guess when you can know? Measure!