Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Very High Level of Confidence' Russia Used Kaspersky Software For Devastating NSA Leaks (yahoo.com)

Posted by BeauHD on from the shrouded-in-secrecy dept.

bricko shares a report from Yahoo Finance: Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers. In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.) And last week the Wall Street Journal reported that U.S. investigators "now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored." Members of the computer security industry agree with that suspicion. "I think there's a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky ... and it's very much attributable," David Kennedy, CEO of TrustedSec, told Yahoo Finance. "Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it's legitimate."

22 of 232 comments (clear)

  1. Kaspersky did their job by KiloByte · · Score: 5, Insightful

    If Kaspersky are indeed behind this, they are doing what their company is supposed to do: find malware and make it public. Without their help, NSA's malware would be still in the wild.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    1. Re:Kaspersky did their job by Mike+Van+Pelt · · Score: 4, Insightful

      There's a difference between detecting malware running on the PCs that Kaspersky is protecting, and leveraging its presence on a PC in an intelligence agency's network to exfiltrate their little logic bombs. The first is entirely legitimate. The second... is espionage. I think it was Heinlein that said "Espionage is not immoral; everyone does it. But the cost for getting caught at it is very high." The cost to Kaspersky is likely to be very high indeed, whether someone at the company did it, or some Russian TLA inserted the code without their knowledge.

      Kaspersky should have stuck to the first. Still, I wish they had let Stuxnet have its way with Iran's centrifuges for a few more years.

    2. Re:Kaspersky did their job by Anonymous Coward · · Score: 3, Insightful

      Yes, he ran against Hillary.

    3. Re: Kaspersky did their job by poity · · Score: 4, Funny

      Absolutely correct. The PDF where intelligence community officials say they have a high degree of confidence and backed it up with diagrams of computer networks, we all knew the case was bulletproof. And when IT pros read that document and saw those diagrams they literally said "it's Russia via Kaspersky 100%, also Tuck Frumpf".

      --
      your thin skin doesn't make me a troll
    4. Re:Kaspersky did their job by Anonymous Coward · · Score: 4, Insightful

      Except modern antivirus products use various algorithms to spot novel malware programs that it doesn't know yet as well as ones it has published signatures for. A program is a program. The antivirus software has no way to know the difference between a malware that has infected a computer and a malware that has been compiled by that computer's user. They were indeed doing their job. The fault lies with the NSA having antivirus software installed on a computer where they were developing viruses.

    5. Re:Kaspersky did their job by johanw · · Score: 4, Insightful

      > And was publicly opposed by hundreds of prominent members of the GOP & the American Right, incl both Presidents Bush

      That is quite a recommendation. No wonder he won.

    6. Re:Kaspersky did their job by bsDaemon · · Score: 4, Informative

      The fault lies with the contractor who stole classified information, took it home, and put it on a personal computer where he had Kaspersky installed. I have a very hard time believing such actions to NOT be deliberate with the intention that the programs be scanned by Kaspersky, and possibly specifically by Kaspersky. I'm not saying Nghia Hoang Pho, 67, was flipped in his soviet client state homeland and sent to the US with specific pro-Russian instructions, but I mean, come on....

    7. Re:Kaspersky did their job by DCFusor · · Score: 4, Insightful

      I'd mod this up if I could. Damn partisans miss the point - they're all crooked as hell.

      --
      Why guess when you can know? Measure!
    8. Re:Kaspersky did their job by Anonymous Coward · · Score: 5, Interesting

      Yet, in spite of the GOP abandoning him, he won the election. I think this can only be explained by some combination of Clinton being so obnoxious a choice that people couldn't bring themselves to case a ballot for her and Trump being quite crafty in his strategy.

      Remember, both candidates knew that the popular vote didn't matter and both campaigned to win the EC.

      For example, Trump didn't spend much time in California because there was no possibility he would win it and, if he did win it, it meant he didn't need it as the election would have been a landslide in his favor even without California's EC votes. Similarly, California voters who may have supported Trump had no reason to even bother to vote. In a liberal state like California, putting a Trump sticker on your car in an urban area was like putting a Goldwater sticker on your car in 1964 (I know, I lived there in Berkeley in 1964 and our family cars had Goldwater stickers on them -- those "tolerant liberals" were only tolerant of their own views - it really sucked being a small child and having your car windows spat on). Thus, most potential Trump voters in California didn't look around and see stickers and yard signs that would motivate them to vote.

      Clinton, on the other hand did spend a bit of time in California -- mostly to raise money -- and putting a Clinton yard sign up or a Clinton sticker on your car was perfectly acceptable and wouldn't get you abused, so supporters did so. This inevitably garnered more support as sheeple looked around and saw only Clinton campaign signs and stickers and, being herd animals and tribal in nature, jumped on the bandwagon.

      Do you want a President who ran their campaign so terribly that she paid for 3M votes that were obviously useless to her instead of buying a few hundred thousand which would have mattered? Her inability to administer her own campaign effectively and efficiently leaves little doubt that she would have been similarly incompetent as administrator of the country.

      On the other hand, Trump is a horrible joke -- but fortunately he's doing a good job at his second most important responsibility - appointing Federal Judges that respect the rule of law and think politicians should make policy, not judges. This judicial legacy will long outlast his term as Federal Judges serve for life, His first most important responsibility is defense -- it's not clear how he will do on that as he's not been tested yet and I hope he's not.

    9. Re:Kaspersky did their job by negRo_slim · · Score: 4, Insightful

      Can we get back on topic, I'm trying to find any of that stuff... uhhh shit what's it called, umm prof? pruf? Oh no PROOF that's right. Has any proof been offered up or are still just on red scare autopilot?

      --
      On the Oregon Cost born and raised, On the beach is where I spent most of my days
    10. Re:Kaspersky did their job by AHuxley · · Score: 3, Informative

      The OS had changes made by the NSA malware. Every new AV product made with some level of skill should have detected the new, novel and unexpected changes to the OS.
      Got a sample and reported back to their brand for that brands experts to the look over and warn the world about.
      Thats what every good AV brands builds behavioral analysis into their AV products.
      Behavioral analysis is what finds the new problems in the wild and protects the global community from new issues deep in an OS, network.
      Detecting new malware and protecting the world from new malware is not "espionage" ....

      --
      Domestic spying is now "Benign Information Gathering"
    11. Re: Kaspersky did their job by Anonymous Coward · · Score: 4, Insightful

      Everything was apparently against Trump, yet he won. Just. The margin was so narrow that the Russian help from the stolen documents and massive social media trolling was vital in pushing him over the finish line first. Not that he colluded, no he would have been as oblivious to their help as he is to most things which don't have his name on.

      Unfortunately, the Russians are unable to help him now he's president, and try as they might, his supporters are unable to stop everyone seeing his chaotic ignorant incompetence. All of which is great for his opponents, of which there are more and more, appalled at what he's doing to the USA and its reputation. At this rate, the GOP will lose its majority in Congress in November, if Trump lasts that long.

      I hope his interview with Mueller is filmed. I want to see him squirm, as for possibly the first time in his life he is forced to tell the truth.

  2. Very high level of confidence in TREASON by Anonymous Coward · · Score: 3, Insightful

    Donald Trump is still shielding Russia from accountability for its multiple attacks on our country.

    He won't even admit that Russia hacked into our election equipment!

    1. Re:Very high level of confidence in TREASON by Anonymous Coward · · Score: 4, Informative

      Where is this evidence?

      The first attack, on Aug. 24, involved an attack on an American company "evidently to obtain information on elections-related software and hardware solutions."

      That attack was most likely successful. The report said the G.R.U. used data most likely obtained from it to conduct the second set of attacks, a "voter registration themed spear-phishing campaign targeting U.S. local government organizations."

      Specifically, it said, in late October or early November, the G.R.U. sent to 122 local elections officials emails designed to look as if they were from that company and containing attachments designed to look like an updated system manual and checklist. Opening the attachment would download malicious software from a remote server, the report said.

      The report masked the name of the software vendor, referring to it as "U.S. Company 1," in keeping with standard minimization rules for intelligence reports based on surveillance. However, the report contained references to an electronic voter identification system used by poll workers and sold by VR Systems, a Florida company.

      VR Systems' website said its products were used by jurisdictions in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia. In a statement, VR acknowledged that there had been a problem, while stressing that none of its products dealt with vote marking or tabulation. ...

      Mr. Trump called for a crackdown in the context of leaks about what surveillance has shown about his own associatesâ(TM) contacts with Russian officials. The report Ms. Winner is accused of leaking, by contrast, focuses on pre-election hacking operations targeting voter registration databases and does not mention the Trump campaign.

    2. Re:Very high level of confidence in TREASON by DCFusor · · Score: 3, Interesting
      Funny anyone asking for real evidence gets modded troll immediately. TLA's are here and are "controlling the narrative" - but failing. We know there's no other reason to call a legit request for "how you know what you claim" as trolling. It's obvious, and I had to burn a mod point to make this point. This is important. You think the Russians are doing all the badware on earth? How about this situation?
      .

      Peek-a-boo - I see you, paid "intelligence community trolls with mod points". A big FU to lying to keep your rice bowl full.

      --
      Why guess when you can know? Measure!
    3. Re:Very high level of confidence in TREASON by DRJlaw · · Score: 5, Funny

      Funny anyone asking for real evidence gets modded troll immediately. TLA's are here and are "controlling the narrative" - but failing.

      Where's the evidence of this?

    4. Re:Very high level of confidence in TREASON by Entrope · · Score: 4, Informative

      That is not evidence of Trump trying to shield Russia. That is evidence of Trump trying to enforce the nation's anti-espionage laws, although he still has a long way to go before he equals Obama's record for prosecuting alleged leakers.

      Do you have video of Trump talking to Russia's president or prime minister, saying something like "after my election, I have more flexibility", and asking that the message be carried to Vladimir Putin? Did Trump's DOJ hide an investigation into Russian bribes and similar corruption among uranium dealers until after Trump's State Department approved the sale of something like 20% of America's uranium reserves to a Russian company?

      If you substitute "Obama" for "Trump" in those questions, the answer to both is "yes".

      But that's a narrative that you won't hear from Los Tiempos de Nuevo York.

  3. Been using Kaspersky for years, its gotten worse by BrookHarty · · Score: 4, Interesting

    Had my new Win10 machine, decided to put the latest version on. Kas put a man in the middle SSL scanner so it could scan SSL streams. After I told it not too and even disabled it, it still tried to scan all my SSL traffic and would block my browser. It just would not leave my SSL traffic alone even after specifically disabling web protection. This was the scanner only, i did not install the full protection suite.

    So I uninstalled it. Rebooted, and it still left the SSL middleware installed. WTF is this amateur behavior at Kaspersky.

    No idea wtf is going over there at Kaspersky, but its gone to hell. I don't care if one of the fastest, very low cpu usage, and great anti-virus detection. These stupid games like MITM SSL without my permission is downright unforgivable.

  4. Amazing by 110010001000 · · Score: 5, Insightful

    The amazing part is that someone actually runs a closed source virus suite from a Russian vendor. Insane.

    1. Re:Amazing by DNS-and-BIND · · Score: 5, Insightful

      Why not? What have we got to fear? The NSA has a much larger chance of harming me than some distant foreign government. In fact I'd say the dirty foreigners' interest in me is about zero, while the NSA has a constant canker of anxiety about us American citizens, otherwise it wouldn't be spying on us illegally. I simply have less to fear from the foreigners and much to fear from the lawless NSA.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  5. So, what steps? by DCFusor · · Score: 5, Insightful
    Israel claims to have hacked Kaspersky and seen the Russians in there too - they told us and that's how we originally claimed we knew Kaspersky was involved at all. If you trace back this convoluted story, that's the closest thing you can find to something that's almost believable. OK, so some _NSA_ _dude_ breaks all the rules and takes the nasties home - accidental treason if you will - and happens to have a machine full of stolen microsoft code that came with viruses, and Kaspersky AV too. It sees this, and some other nasty looking things, and brings them back to the mother ship to see what's up - all as designed and as in the EULA and so on. All this was told to us by "reputable sources" naming "reputable sources" in the IC and promoted by the MSM. Now their story changes...they seem to be depending on people having a real short attention span.
    .

    Not only were there the usual viruses associated with stolen code from MS, but also this stuff from NSA which was picked up as it had the signature of a nasty - because it IS. If the Russians got ahold of it because they had already penetrated Kaspersky...then Kaspersky didn't actually do this - they were an unwitting "useful idiot" at most.
    But we have to hate them? Want to bet that's because they refused to back down about putting bugs into their code to "not notice" TLA code, when all other AV's agreed to do that?
    .

    OK Occam's razor - find another reason that makes sense all around. GoodLuckWithThat. I've yet to see reasonable evidence that the shadow brokers are even russian - they might be, but who knows? Attribution is hard. CIA's leaked tools show their tricks for leaving a false trail, for example (and this is yet another reason not to give any of these guys an encryption backdoor they promise to keep safe - they can't even keep their own stuff safe).

    --
    Why guess when you can know? Measure!
    1. Re: So, what steps? by poity · · Score: 3, Funny

      We can only draw one conclusion: Kaspersky illegally ignored the "Top secret NSA virus do not upload for analysis" metatag embedded in those files.

      --
      your thin skin doesn't make me a troll