Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Lab Moving Core Infrastructure To Switzerland (securityweek.com)

Posted by msmash on from the how-about-that dept.

wiredmikey writes: As part of its Global Transparency Initiative, Russia-based Kaspersky Lab today announced that it will adjust its infrastructure to move a number of "core processes" from Russia to Switzerland. The security firm has faced challenges after several governments have banned Kaspersky software over security concerns, despite no hard evidence that Kaspersky has ever colluded with the Russian government. As an extension to its transparency initiative, announced in October 2017, the firm is now going further by making plans for its processes and source code to be independently supervised by a qualified third-party. To this end, it is supporting the creation of a new, non-profit "Transparency Center" able to assume this responsibility not just for itself, but for other partners and members who wish to join. Noticeably, Kaspersky Lab does not link the move specifically to the effects of the U.S. ban, but sees wider issues of global trust emerging.

38 of 78 comments (clear)

  1. Wait... by Locke2005 · · Score: 2, Insightful

    So, what you are saying is there is more evidence that Trump has colluded with the Russian government than there is evidence that Kapersky has colluded with the Russian government? What a world we live in!

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
    1. Re:Wait... by Locke2005 · · Score: 1

      We live in a country where there are still far more registered Democrats than registered Republicans, but nice fantasy you have there!

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:Wait... by Locke2005 · · Score: 1

      "As of October 2017, Gallup polling found that 31% of Americans identified as Democrat, 24% identified as Republican, and 42% as Independent." https://en.wikipedia.org/wiki/... Yep, the Trumptards are a distinct MINORITY!

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    3. Re:Wait... by Locke2005 · · Score: 1

      Hillary Clinton got 2.7 million more votes... once again, Trump received a MINORITY of the popular vote. And your point was?

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
  2. How will moving location change anything? by jellomizer · · Score: 4, Insightful

    Kaspersky is being accused of aiding the Russian government in its espionage. Being that the company makes security software which by definition needs to be run these systems normally with elevated privileges.
    Despite if the claims are true or not, people are not choosing Kaspersky software due to its connection with Russia, and the Russian government does have a trend of getting involved in its companies. Companies with sensitive information are not using the software.

    Moving to Switzerland doesn't seem to really fix anything, because all it will take is a request for the CEO to send or "Backup" their data to a Russian Data center, or to an 3rd party data-center that Russia may have access too.

    The only way I think they would be considered safe, is if they provide the source to all the countries they are trying to sell too, have them review it, and compile it with their own tools and redistribute it to its citizens. Any data collection would need to be done by 3rd party resellers who have no direct connection to the actual company.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:How will moving location change anything? by cheesybagel · · Score: 1

      The same issue happened a couple years back with Microsoft selling Windows in China IIRC. They made the source code available for inspection. I assume this is a similar initiative.

    2. Re: How will moving location change anything? by reanjr · · Score: 1

      It's simple enough to reject those requests if Switzerland has reasonable privacy laws. "I'd love to send the data to Moscow HQ, but I'm in Switzerland and the law does not permit me to do so."

    3. Re: How will moving location change anything? by jellomizer · · Score: 2

      There are ways around that normally. Lets say there is a remote offsite backup in UK. Where their privacy may be compatible for Switzerland to send data to them, but UK Laws may allow sending data to Russia.

      I am not saying UK laws will or will not allow this, I am just giving an example.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    4. Re:How will moving location change anything? by ausekilis · · Score: 1

      The government has been up in arms about foreign-produced hardware for many years, to the point that they stopped buying Cisco equipment for a while. Problem is you can't really find any off-the-shelf computer components that AREN'T made in Asia somewhere. I've even heard of instances where the gov won't allow software developed with IntelliJ because they are Russian as well.

      Once Kaspersky establishes itself as "not Russian" in the public eye, then the tides will change again. Most big companies have factories/offices/development around the world. This really isn't much different.

    5. Re:How will moving location change anything? by CaptainDork · · Score: 1

      I don't disagree with your thoughtful answer.

      I used Kaspersky long ago, when Windows was routinely eaten up with malware. You remember those days of Combofix and TDSSKiller and Malwarebytes.

      I would install Kaspersky long enough to do the job, and it did it well. After the infections were removed, I did a deep uninstall using Revo Uninstaller, simply because, "Russia."

      I had no reason to suspect Kaspersky of any evil, but I did not want a Russian company in my house.

      Were I not retired from IT, I would avoid Kaspersky just as a best practice.

      Competition affords choices and perception is often guides purchase decisions.

      --
      It little behooves the best of us to comment on the rest of us.
    6. Re:How will moving location change anything? by butzwonker · · Score: 1

      In related news, last fall ESET analyzed and detected variants of FinFisher, the German spy software used for the Bundestrojaner that is also sold to oppressive regimes like Egypt and Turkey.

      Those anti-virus vendors are getting pesky, I guess there will be more government actions against those who don't comply in the near future.

    7. Re:How will moving location change anything? by Bert64 · · Score: 2

      Why is a russian company worse than an american, chinese or european company?
      Sure, the russian government is known for spying, but so are governments of various other countries especially the us. The us is also known for having secretive courts, mass surveillance etc.

      You can't trust any software which does not have publicly disclosed source code, and even then you should conduct your own audits and builds if its for a critical system. If the code is open, you may not have the skills or time to audit it, but as the code is open to everyone then its open to be inspected by various groups with competing interests, as it's unlikely that opposing governments would all collude together to backdoor software.

      Unless you are actually working for a government, it actually makes sense to prefer foreign software, as a far away foreign government is unlikely to have any interest in you, or influence over you.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    8. Re:How will moving location change anything? by Bert64 · · Score: 1

      Well it makes sense that Kaspersky would detect state-sponsored malware from the US and Israel etc, the whole purpose of such companies is to detect malware irrespective of where it comes from and if other vendors are not identifying the same malware that could be either collusion or incompetence.

      Then again, what about malware sponsored by the russian government? Are Kaspersky finding any less russian malware than other vendors? If Kaspersky are great at finding US malware but conveniently fail to detect russian malware thats found by other researchers, that might imply some level of collusion (or coercion).

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    9. Re:How will moving location change anything? by CaptainDork · · Score: 1

      Recall that I said I was retired IT.

      Searching my post, there is no reference regarding trust, either of Russia or the US.

      ... as a far away foreign government is unlikely to have any interest in you, or influence over you.

      Seriously?

      In 2015, maybe.

      --
      It little behooves the best of us to comment on the rest of us.
  3. Not sure that'll help by Artem+S.+Tashkinov · · Score: 5, Informative

    Eugene Kaspersky still lives in Moscow and he's still an ex-KGB agent. These two facts alone make look Kaspersky highly untrustworthy considering that the Kremlin is waging e-war with the rest of the world.

    1. Re:Not sure that'll help by BlueStrat · · Score: 4, Interesting

      Eugene Kaspersky still lives in Moscow and he's still an ex-KGB agent. These two facts alone make look Kaspersky highly untrustworthy considering that the Kremlin is waging e-war with the rest of the world.

      No, even if true Kaspersky A/V is still the far more trustworthy choice as I'd trust Putin over the US government as far as their interest in and ability to screw with me as an individual.

      You have to understand that any A/V made by companies in "Five Eyes" nations or their allies is intentionally and deliberately broken out of the box. Kaspersky A/V will happily identify/remove US/Western LEA/TLA spyware, etc. That's really what this is about.

      If the US government forces me to be spied on then whenever possible I'll choose to be spied on by the US's enemies over allowing the US to do so.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re:Not sure that'll help by Anonymous Coward · · Score: 1

      An Israeli firewall software was also removed off the Australian buy list .
      Full inspection of code at an Israeli embassy was not enough at the time.
      Same old story, differential treatments.

      But what is the point when Intel chips have huge unfixed hardware bugs, and video cards/DMA is another biggie.You think speculative execution is only llimited to CPU's? and not GPU's or phone modem chips?.

      I bet Kaspersky gets first news on zero day exploits, with its own inhouse team capable of doing something with it. They don't need to do anything with teh AV product - not when they have deep unpatched CVE intel.

    3. Re:Not sure that'll help by Virtucon · · Score: 1

      The enemy of my enemy is my friend is a better analogy.

      --
      Harrison's Postulate - "For every action there is an equal and opposite criticism"
    4. Re:Not sure that'll help by giggleloop · · Score: 2

      Exactly what could the Russian government do to a private citizen who will likely never step foot on their soil? Now what could your own government do to you? Sure, it's paranoid thinking either way, but the latter example certainly has more capacity for causing you damage personally.

    5. Re:Not sure that'll help by BlueStrat · · Score: 1

      ...If the US government forces me to be spied on then whenever possible I'll choose to be spied on by the US's enemies over allowing the US to do so.

      Tossing your privacy to the wolf instead of the wolf in sheeps clothing. The old kamikaze approach. That'll teach 'em.

      Russia/Putin have zero interest in me and have no ability to toss me into PMITA prison unlike the US government who is and has for decades violated many if not most civil rights enshrined in the US Constitution.

      If the US government doesn't want people running Russian software maybe they should stop trying to out-Russia Russia.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    6. Re:Not sure that'll help by jamlam · · Score: 3, Insightful

      Exactly what could the Russian government do to a private citizen who will likely never step foot on their soil?

      Errr, attempt to poison them? http://www.bbc.co.uk/news/uk-e...

    7. Re:Not sure that'll help by dhaen · · Score: 1

      The enemy of my enemy is my friend is a better analogy.

      Who needs a analogy, the post is perfectly understandable.

      Also any state worth it's salt has a range of weapons in its armoury. Pot, kettle, black.

    8. Re:Not sure that'll help by Anonymous Coward · · Score: 1

      Well, I kind of doubt they'll poison someone for letting them spy on them.

      Most of us have nothing to do with Russia, so they have no interest in us at all. I strongly believe that I'm far too boring for the Russian (or American) governments to care about.

    9. Re:Not sure that'll help by benjfowler · · Score: 1

      Aren't you cute?

      Finding common cause with the Nazis in the Kremlin, against your own people is treason.

      Think carefully about which side you will take in the coming war. Because when the fight starts, there will be no quarter offered to Chekists -- or their Western rightwing enablers.

    10. Re:Not sure that'll help by Bert64 · · Score: 1

      A better analogy would be tossing your privacy to the wolf instead of the shark, assuming that you're a fish...

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    11. Re:Not sure that'll help by BlueStrat · · Score: 1

      If the US government forces me to be spied on then whenever possible I'll choose to be spied on by the US's enemies over allowing the US to do so.

      Bitter much? So bitter that you would trust a power-crazed murdering dictator over a country that at least makes an attempt to provide some freedoms. At least the USA has a chance to change and improve. Russia will always be under the thumb of Putin and his cronies.

      Both governments are murderers of innocents and oppressors of their respective populations.

      The US just has better PR and people like you that lap it up.

      Maybe if US tech companies lose enough business to foreign outfits because of the lack of trust they might pool enough resources to convince the US gov to back off on their police-state tendencies.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  4. ISS Mission Support by Virtucon · · Score: 1

    When will ISS Mission Support move to Switzerland too? That would include crew and resupply missions too.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  5. Unless the entire company uproots by rsilvergun · · Score: 1

    I don't think it'll matter. Russia doesn't play nice when it comes to security and has a history of using overt violence to get what it wants out of people. You can't thumb your nose at Putin the way, say, Tim Cook did to the American FBI. If any of their staff or family of their staff are left in Russia I'd be nervous about using their product. That's just the reality of it.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  6. Re: Bullshiiiiiiiiii by reanjr · · Score: 1

    You mean it's a safe haven for those who do not wish to associate with world government? That sounds perfect for their purposes of signalling they are not under the control of Russia.

  7. Switzerland? Transparent? by PolygamousRanchKid+ · · Score: 1

    Among the folks who stash their illegally earned, stolen or just plain plundered cash in Swiss secret numbered accounts are:

    Cocaine Cartel Barons, corrupt African government officials, the American mafia, crooks in the Vatican Bank, that Crown Prince of Nigeria who keeps sending me spam, the "Windows Support" guy who keeps calling me, wealthy American and German tax evaders . . . and Putin's oligarch mafia stooges.

    So the place is transparent as Area 51.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  8. Cute by Opportunist · · Score: 1

    Eugene is literally following the money...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. You clearly don't understand economics by Anonymous Coward · · Score: 1, Informative

    Do you really believe that the current financial system is actual capitalism? The world hasn't had real capitalism for centuries; this is the most regulated economy in the history of the world.

    When connected elites use the state to benefit their operation at the expense of everyone else, that is not free market capitalism. Capitalism entails a truly free market, where no company is artificially propped up by government.

    Study up:

    www.BernieIsWrong.com

    1. Re:You clearly don't understand economics by Anonymous Coward · · Score: 1

      Ironic. The way you describe it here, it would also fit into the theories of Karl Marx, where connected bourgeois use the state to benefit their operation at the expense of everyone else.
      And Marx's communism also happens to have never been tried for real. What the Soviet Union, China or North Korea are calling communism is in the end just a rebranded bourgeoisie that enslaved the rest of the people to be their proletariat.

  10. The future by slashmydots · · Score: 1

    So now it will say "we think this is malware but we don't want to cause any problems or use such offensive, inflammatory terms" and then the only button is "stay neutral."

  11. won't help to find any back doors. by Anonymous Coward · · Score: 1

    While you would think Kapersky labs would have made a move away from Russia, even before the recent Russian intrigue, moving to Switzerland will not help much except for branding. The fact that Kapersky had numerous Russians employed to write code, means that if any of them were working (surreptitiously or outwardly)for the Russian Government, any code written by them is suspect.

    If anybody knows about the IPSEC compromise in OpenBSD, they can understand. OpenBSD touted as one of the most secure unix operating system ever built, suffered a serious blow to its reputation about 7 years ago when it was found out that the "contractor" who wrote most of the IPSEC code, worked for the FBI and had an NDA from them that prohibited him from telling the OpenBSD group. it resulted the FBI implementing a number of backdoors and side channel key leaking mechanisms into the OCF, (OpenBSD Cryptographic framework) for the express purpose of monitoring the site to site VPN encryption system.

    Needless to say, this was the FBI compromising a system **because** it was secure. In fact OpenBSD lost its DARPA funding becasue DARPA was notified of it, but could not tell OpenBSD the reason for it funding cut off.

    the good part about this was that the IPSEC stack was rewritten and more code contributors were vetted a bit better.

    Sometimes the worst enemies are not the one you prepare fo,r and there is a good chance that auditors found some backdoors in Kapersky's software and, like Open BSD, are not telling those about it except for a general warning.

  12. Don't lie to us, Slashdot editors by benjfowler · · Score: 1

    The claim that Kaspersky never colluded with the Russian government to attack the West is FUCKING BULLSHIT. There is copious evidence that the fat Chekist motherfucker, Yevgeniy Kaspersky, works in cahoots with the FSB to hack Western intelligence agencies and steal our secrets.

    Kaspersky has been caught RED HANDED attacking the West, and working directly for our mortal enemies in the Kremlin.

    Eds, don't insult us by lying to us.

    1. Re:Don't lie to us, Slashdot editors by benjfowler · · Score: 1

      Takes a fascist to know one. Russian pig.

  13. As long as by AHuxley · · Score: 1

    We keep seeing the good work:
    Telling the world about and protecting computers from such efforts as:
    Stuxnet, Flame, Duqu, Equation Group https://en.wikipedia.org/wiki/... , Android cyber-espionage used by 60 governments.

    The problem with Switzerland is the Swiss military command structure and its closeness with the US mil.
    At a staff level the US officer contact is as close to Switzerland as any military in a 5 eye nation.
    The Swiss command level officers have enjoyed getting educated with the US mil for decades and will always support any US requests for help.

    --
    Domestic spying is now "Benign Information Gathering"