US Government Weighing Sanctions Against Kaspersky Lab (cyberscoop.com)

← Back to Stories (view on slashdot.org)

US Government Weighing Sanctions Against Kaspersky Lab (cyberscoop.com)

Posted by BeauHD on Monday April 23, 2018 @12:20PM from the retaliatory-actions dept.

An anonymous reader quotes a report from CyberScoop: The U.S. government is considering sanctions against Russian cybersecurity company Kaspersky Lab as part of a wider round of action carried out against the Russian government, according to U.S. intelligence officials familiar with the matter. The sanctions would be a considerable expansion and escalation of the U.S. government's actions against the company. Kaspersky, which has two ongoing lawsuits against the U.S. government, has been called "an unacceptable threat to national security" by numerous U.S. officials and lawmakers.

Officials told CyberScoop any additional action against Kaspersky would occur at the lawsuits' conclusion, which Kaspersky filed in response to a stipulation in the 2018 National Defense Authorization Act that bans its products from federal government networks. If the sanctions came to fruition, the company would be barred from operating in the U.S. and potentially even in U.S. allied countries.

45 of 99 comments (clear)

Min score:

Reason:

Sort:

For working on by AHuxley · 2018-04-23 12:26 · Score: 5, Insightful

https://en.wikipedia.org/wiki/...
Stuxnet
Flame
Equation Group https://en.wikipedia.org/wiki/...
Android cyber-espionage used by 60 governments.

The internet needs all the security it can get. Why would the US not want quality global security research?

--
Domestic spying is now "Benign Information Gathering"
1. Re:For working on by Anonymous Coward · 2018-04-23 12:50 · Score: 5, Interesting
  
  The answer is exceedingly self-evident: the US doesn't want research into its own malware.
2. Re:For working on by Tom · 2018-04-23 17:48 · Score: 4, Insightful
  
  Why would the US not want quality global security research?
  Because Kasperky could detect the next US-government-sponsored malware. The other malware companies can be "convinced" to play nice.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
why would the sanctions have to wait? by superwiz · 2018-04-23 12:34 · Score: 2

Sanctions, as such, are political acts. They don't have to comport with independent legal proceedings.

--
Any guest worker system is indistinguishable from indentured servitude.
1. Re:why would the sanctions have to wait? by Xest · 2018-04-23 18:51 · Score: 2
  
  Because they have to judge the impacts.
  When Trump threatened tariffs against steel/aluminium, Juncker in the EU being the absolute clueless corrupt prat he is made the same claim about waiting to see if it's worth applying sanctions against US brands like Harley Davidson and Levis.
  Levis slipped off the list of possible companies a few days later, presumably because someone pointed out to him that sanctioning an American company that employs quite a few people in Europe (it has a factory in Italy, and stores Europe wide) and that shares European values, pays taxes without avoidance/evasions and disagrees with Trump's tarrifs as much as they do was probably going to be a massive own goal, when instead there are plenty of American companies that sell to Europe but don't have quite as high an employment footprint here which would've been way better targets - US agriculture, raw materials, and such would have made better targets for a counter response to steel/aluminium tariffs.
  Still, Trump appears to have rowed back on applying the sanctions to Europe, so there's no need for a trade war between the US and Europe now anyway at least. That in itself is an example of a reason to wait though - the threat alone can sometimes be sufficient for action, what if Kaspersky offered to relocate key elements of it's business out of Russia to the US for example? Actually imposing sanctions would almost certainly never trigger that because it would be too late, threats might.
Re:EVIL RUSSIANS!! by Anonymous Coward · 2018-04-23 12:39 · Score: 2, Interesting

I'll continue to use Kaspersky's antivirus because it's the best around and because if the the US government don't like them, then that must mean their shit is secure from the US government.
Re:EVIL RUSSIANS!! by youngone · 2018-04-23 12:53 · Score: 1

The bit that I thought was odd:

If the sanctions came to fruition, the company would be barred from operating in the U.S. and potentially even in U.S. allied countries.
Potentially, I suppose. If those allied countries agree, but plenty of those US allies are wary of the US' courts overreach.
Not my country though, if the CIA tell my government to jump they ask "how high?".
and just for working... by thesupraman · 2018-04-23 12:54 · Score: 4, Interesting

Yes, it is also clear that Kaspersky is the only major threat protection software that has not agreed to whitelist US government malware.
Have the US government realise that this is just a form of Striesand effect recommending Kaspersky to anyone who doesnt that the US to know their affairs?
1. Re:and just for working... by AHuxley · 2018-04-23 13:07 · Score: 1
  
  Makes a user wonder what a lot of the other EU and US AV brands are doing that the US gov totally approves of?
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:and just for working... by BlueStrat · 2018-04-23 15:05 · Score: 2
  
  Makes a user wonder what a lot of the other EU and US AV brands are doing that the US gov totally approves of?
  They do what they must for a piece of that valuable US/EU/Five-Eyes market.
  No different than US tech companies vis a vis China. Just look at how Google is assisting the Chinese government with it's digital tyranny over the population. Just a different authoritarian regime's security service to have to make happy in order to compete with the competition.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
3. Re: and just for working... by DNS-and-BIND · 2018-04-23 16:31 · Score: 1, Informative
  
  That's why they don't want anyone to be able to install their software. Brand them as enemy spies and run a FUD campaign. The whole thing started when US government malware developers had their half finished malware flagged by Kapersky and auto uploaded for analysis. The intelligence bosses were outraged. How dare anyone protect themselves against the out of control NSA? The angriest person is the slave owner whose slaves attempt to escape.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
4. Re: and just for working... by eaglesrule · 2018-04-24 10:47 · Score: 1
  
  Apparently it was discovered by Isreali spies. So it fits the pattern of accuse others of that which you are guilty.
The Agenda by AlanObject · 2018-04-23 12:54 · Score: 5, Insightful

It really seems to me that someone or someones high up in the U.S. govt really has it in for Kasperskey. Is that just my impression or does anyone else feel that way?
I would think that if the company actually had any malware in their security products it would have been detected by now. At the end of the day if they were doing Bad Guy Stuff then it would have to write Bad Guy Stuff either to local storage or onto the wire even if it is encrypted. There are a number of automated tools for detecting this both in a simulated environment (VM) and on real hardware.
Has there been any revealing of this kind of behavior that I missed? If not this seems like an awful lot of punishment in the absence of any crime.
So what's the motive here?
1. Re: The Agenda by Bing+Tsher+E · 2018-04-23 12:59 · Score: 1
  
  One would think that if Kapersky software contained malware, the NSA could reveal it and kill the company with a single blow.
2. Re:The Agenda by Anonymous Coward · 2018-04-23 13:18 · Score: 1
  
  It really seems to me that someone or someones high up in the U.S. govt really has it in for Kasperskey. Is that just my impression or does anyone else feel that way?
  I would think that if the company actually had any malware in their security products it would have been detected by now. At the end of the day if they were doing Bad Guy Stuff then it would have to write Bad Guy Stuff either to local storage or onto the wire even if it is encrypted. There are a number of automated tools for detecting this both in a simulated environment (VM) and on real hardware.
  Has there been any revealing of this kind of behavior that I missed? If not this seems like an awful lot of punishment in the absence of any crime.
  So what's the motive here?
  That is not how sophisticated state owned malware works. They would not code in obvious malware like spyClass with method uploadSecretsToKGB(). They would bake in a very obscure security 0 day and just let their state sponsor know about it. When it eventually gets compromised it will be patched and they will act shocked. It would probably be a very miniscule security exploit that grants just enough access to compromise another app and then install the real malware payload. This is all assuming that the Russians learned from the NSA/CIA. The US government knows this and that is why they are very careful about which foreign software/hardware/equipment they use.
3. Re:The Agenda by AHuxley · 2018-04-23 13:24 · Score: 2
  
  Re "So what's the motive here?"
  
  The problem for the USA and UK is that their gov/mil malware is regional and has to stay hidden.
  When discovered the malware also has to look very average.
  The UK wants to collect on every computer network in Ireland and all Irish supporters in the USA.
  
  So subtle differences in gov malware only found in the wild in Ireland/USA would get detected by the more advanced AV brands.
  
  The US wants collect it all but different cyber projects do not want to collect within the USA, 5 eye nations.
  
  FBI projects might only collect in the USA and regions of the USA. Under the cover of state and federal task forces.
  
  Globally that adds up to very distinct regional changes in advanced nation state funded malware finding its way into lots of low end consumer computers and networks.
  
  The CIA and MI6 can have very advanced but parallel collection projects than a NSA, GCHQ.
  MI5 within Ireland and the UK.
  
  The governments are using contractors to create new malware that looks like average malware so it cant be seen as advanced security service products.
  Why use bespoke code once that can be tracked back to the security services when contractors can just use average new malware again and again?
  Very average gov malware gets detected globally and regionally by AV brands with skills. Thats the risk.
  How to keep gov malware safe? Stop the better AV brands from collecting globally and seeing regional security services malware differences.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:The Agenda by chill · 2018-04-23 13:28 · Score: 1
  
  Yes. They aren't accused of having malware inside their product, but rather that their product sends back hashes of files found on the system. This is normal AV behavior, as they use the hashes to identify known good files from known bad.
  However, the accusations were this, combined with the ability to send whole files up for cloud analysis, have been used by the Russian Gov't to identify classified material on U.S. systems and steal files.
  While Kaspersky themselves claim no such activities, and that their updates are protected by digital signatures, the accusations are the keys were compromised and the data flows all go thru gov't controlled telecom hubs in Russia.
  The ultimate accusation is the software and infrastructure around it can, and has been, used to facilitate espionage.
  Whether this is with the willing cooperation of Eugene Kaspersy, the unwilling cooperation, or that he is just a pawn that has little recourse, is all up for debate. The U.S. gov't sees Kaspersky software as a direct security threat, because of the significant possibility of compromise by the Russian intelligence service.
  As Russian malware has been found before in critical infrastructure, such as power plants and banks, the U.S. Gov't is pushing for a ban on use of the software in the U.S. to help protect the private sector. A ban on the software in Gov't doesn't go far enough in this regard.
  
  --
  Learning HOW to think is more important than learning WHAT to think.
5. Re: The Agenda by Anonymous Coward · 2018-04-23 14:22 · Score: 1
  
  The agenda is that the mass media had made a huge anti Russia push because of Trump, and likely Kapersky are one of the few AV vendors they cannot get within their grasp to "whitelist" their spying tools or insert back doors to scan the public's PCs. Considering that no one independently has found anything wrong with Kapersky's software, that leans even more towards the prior agenda. If anything Kapersky might be one of the more trustworthy AVs to use cause god knows what all the other AVs have whitelisted or what kind of backdoors are built into them period.
6. Re: The Agenda by DNS-and-BIND · 2018-04-23 16:37 · Score: 1
  
  NSA malware developers had their half finished malware flagged by Kapersky and auto uploaded. This utterly outraged the intelligence bosses. How dare anyone attempt to protect themselves against their weapons? In order to them to control us, we must be defenseless.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
7. Re: The Agenda by rtb61 · 2018-04-23 17:50 · Score: 4, Interesting
  
  Always look at stuff from the professionally paranoid point of view (not an insult, gees they get cranky, just the nature of the job, you have to be professionally paranoid). The US governments wants to use entirely corrupt security letters to put back doors in security software sold to foreigners. Immediately they will suspect foreign governments of doing the same thing, the US does it, why wouldn't Russia or China do it. It has to be careful how it tackles this though, a blanket ban on foreign security software would generate a blanket ban on US security software and wipe out the security letters and back doors, mind you this includes stuff like M$ windows updates, which are now individually packaged, a specific user's computer get a specifically targeted update (only for high level hacks but will get caught if that computer is already being monitored by local intelligence agencies, change in traffic). It would be much cleaner to simply blanket ban all foreign security software and entirely reasonable to do so but the messy bit about US software being banned by foreign countries for exactly the same reason, forces this messy rubbish with Kaspersky. They will be banned one way or another, they will just have to accept that and the Russian government will ban US/EU security software for the same reason.
  The only way out, open source the code and any updates and the updates must be served locally, only after the code for the update has been supplied and verified (so you can image open source security software becoming part of FOSS distributions to simplify the issue for everyone). Should the Russian government decide to be really mean, they can simply review copyright law and shorten copyright protection to 25 years from date of first publication and that will hurt the US by far the worst and many other NATO countries will also feel the brunt of that (UK/France). People would just source 60s, 70s and 80s content out of Russia (keep in mind, current movies demonstrate that music from those eras are much more popular than the autotune crap of the last couple decades and movie and TV series have similarly crapped out apart from the odd few exceptions). Of course China would join in, they are not really pleased with the US either and other partner countries would follow suit. So 2018 - 25 = 1993, so youch, makes the Kaspersky ban a joke in comparison and does not hurt Russia and China any where near as much as the US, a tiny fraction in comparison. US want's a trade war, it shouldn't be surprised 'when' it gets kicked in the copyright licence fee crown jewels, software as well. This US would lose far more in copyright licence fees than the entire rest of the world combined.
  They can fend that off with a blanket ban on all foreign security software and simply not mention Russia or Kaspersky. Of course Russia and China could still simply extort 'er' bargain the 'Trump' way, to get greater cooperation from the US with the threat of the downward revision of copyright laws (originally 14 years, so very hard to diplomatically argue about 25 years but the money gone, wow, not just revenue but the valuation of assets, from billions to ZERO and that would also hurt the US dollar, a lot).
  
  --
  Chaos - everything, everywhere, everywhen
8. Re: The Agenda by houghi · 2018-04-23 19:18 · Score: 1
  
  They are aftet ALL non-American companies. Huawei us another. The US went from "brown people are evil"
  "Everybody is evil".
  
  --
  Don't fight for your country, if your country does not fight for you.
9. Re:The Agenda by butzwonker · 2018-04-23 19:54 · Score: 1
  
  [...] been used by the Russian Gov't to identify classified material on U.S. systems and steal files.
  That would justify not allowing Kaspersky as antivirus on government machines that handle classified material. If they have allowed this before that would have been surprisingly stupid. Or does it work like that? "Hey, this machine handles classified data, so make sure to put an arbitrary, foreign anitivirus program on it." That would be stupid.
  No, there is more to the story than meets the eye. Kaspersky's cloud service has uploaded NSA malware and they have analyzed it. That's why US authorities are so furious about the company. Even though it seems from their published reaction that Kaspersky Labs have removed the NSA-related signatures under pressure, the company did not go far enough in 'pleasing US authorities'.
10. Re: The Agenda by Darkling-MHCN · 2018-04-23 20:03 · Score: 2
  
  The issue is that it's security software with low level access to your system which is controlled by a company which is controlled by Putin. It may not have malware in it now, but of course it has mechanisms in place to enable the distribution of malware very quickly.
11. Re: The Agenda by Darkling-MHCN · 2018-04-25 15:33 · Score: 1
  
  It doesn't need a backdoor. It is the backdoor. Every anti-virus program out there has automatic update functionality. Kaspersky installs by default with "Download and install updates automatically." enabled.... need I say more?
A surprise move stops foes dead! by Provocateur · 2018-04-23 13:02 · Score: 1

In a politically-correct response, Kaspersky has a new name, which would have far reaching global consequences. They made the stunning announcement before the decision was made official in US courts with regards to the sanctions. A spokesman said that it is not a reaction to other politically charged news -- this was in their plans for two years they said. " We are now known as Kowalski Labs

--
WARNING: Smartphones have side effects--most of them undocumented.
1. Re:A surprise move stops foes dead! by benjfowler · 2018-04-24 00:55 · Score: 1
  
  Yevgeniy ("Eugene") Kaspersky is a Chekist, i.e. an "ex"-KGB spy. He cannot be trusted any more than Putin.
Re: Drone to death. by Reverend+Green · 2018-04-23 16:14 · Score: 2

Moscow probably has a lot better air defences than our usual targets for military aggression.
Private sanctions by Max_W · 2018-04-23 17:44 · Score: 1

What may happen is that people would follow this example and start introducing their own private sanctions. It may hurt international commerce, global division of labor, ideas and goods exchange.
Re:EVIL RUSSIANS!! by war4peace · 2018-04-23 20:52 · Score: 1

Same here. And guess what, I use Kaspersky AV and it would be impossible for them to stop me (a private citizen) from using it. Sure, the government can ban the usage of the software in their own apparatus, but not in private homes.

--
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
As someone who has just listed Kaspersky products by Maelwryth · 2018-04-23 23:55 · Score: 1

Why should i be worried again?

--
I reserve the write to mangle english.
Good! by benjfowler · 2018-04-24 00:52 · Score: 1

I think meat-hooks and piano wire would be the best approach to taking care of Chekists, but harsh sanctions will do in the meantime.
Re:Russia Too Agressive by benjfowler · 2018-04-24 00:54 · Score: 1

False equivalency.
Russian intelligence are completely lacking in any kind of humanity and morality, and have zero (ZERO!) legal oversight or restraint on their activities.
Western intelligence are hidebound with law and morality in comparison. That's why the Russians are beating our arses -- they are monstrously immoral, and will do anything to win.
Not white-listing by DrYak · 2018-04-24 01:42 · Score: 1

US AV brands are doing that the US gov totally approves of?
They are not white-listing Russian malware ?
Same as EU vendors aren't white-listing Chinese malware ?
Slowly reaching the point where going the VirusTotal/MetaScan/etc. route is the best :
throw as many different AV engine at it, and hope that at least one of these engine won't have it on the whitelist mandated by their local government.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Meh. Trump admin will stop this by WindBourne · 2018-04-24 02:11 · Score: 1

I am guessing that trump admin will stop it if there is any proof at all, that Kaspersky has helped Putin.

--
I prefer the "u" in honour as it seems to be missing these days.
Re:Sure Moneychanger by benjfowler · 2018-04-24 03:00 · Score: 1

A Russian "patriot", is by definition, a thug, a thief, a rapist and an enemy of the rest of the human race.
FUD by Virtucon · 2018-04-24 03:16 · Score: 1

Kaspersky has worked to uncover some of the worst malware out there and I think that's at the root of this. Why? Because the US has lost some of its best tools for spying, hacking and infiltration because of their work. Does it bother me that they're based out of Russia? No. We still do a lot of business with the Russian gov't and that's what gets lost. Anybody remember the ISS? How do US astronauts get to/from it?
So okay, US Gov't show us your "evidence" show us what the NSA knows about Kaspersky in terms of what backdoors or malware they've infected millions of PCs with. Otherwise shut up and ban Russian Vodka instead.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Re:Russia Too Agressive by Virtucon · 2018-04-24 03:27 · Score: 1

I trust the NSA, FISA, FBI and bulk collection about as far as I could throw them.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
What law did they break? by oh_my_080980980 · 2018-04-24 04:55 · Score: 1

"The evidence of close ties and cooperation between Kaspersky Lab and the Kremlin is overwhelming..."

Cite a law or fuck off. Useless war mongering Senator....
1. Re:What law did they break? by eaglesrule · 2018-04-24 11:19 · Score: 1
  
  If Isreali spies can infiltrate Kaspersky, it stands to reason that the Russian Federation would be able to have spies as well. Their corporate management doesn't necessarily have to have any ties to the Russian government, only that the employees that work there are easily accessible, such as the Kaspersky executives being arrested for treason.
  I'm pretty sure that in Russia, treason means anything they want it to mean so that you do what they want.
Re: Drone to death. by Reverend+Green · 2018-04-24 08:12 · Score: 1

All of my geopolitical rivals are drunken incompetents! No one is as cool as ME!
Re: and once again the chink says everyones as bad by BlueStrat · 2018-04-24 09:11 · Score: 1

So no worried!
Did I say I approved?
I simply pointed out how amoral corporations view the markets and the government intelligence services related to them.

Go suck some more foreign cock Strat.
Not me, that's what the D.C. political elite in both parties do.
Strat

--
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Re:EVIL RUSSIANS!! by eaglesrule · 2018-04-24 10:36 · Score: 1

You'll end up having to pay in dogecoins or whatever, since you're going to have trouble using normal payment systems to pay for that Kaspersky subscription. If they can't take you head on, they will always come at you sideways.
Re:EVIL RUSSIANS!! by war4peace · 2018-04-24 11:06 · Score: 1

Lo and behold, there is such a thing as Kaspersky Free Antivirus.

--
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Re:Russia Too Agressive by benjfowler · 2018-04-24 11:28 · Score: 1

Russia just LOVES useful idiots and fifth columnists like you.
Re: Russia Too Agressive by Virtucon · 2018-04-24 13:27 · Score: 1

Sorry but if questioning bulk collection, secret courts and the US spying on their own citizens makes me a 5th columnist, pass the borscht comrade. Wake up and read what started all of this too because We aren't the global arbiters of truth anymore.
Pompus twits like you who blindly follow along believing the US is beneficent and can do no wrong will be the death of our constitutional rights all because of terrorists and dem ruskies.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"