Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks (thedailybeast.com)

Posted by msmash on from the reality-check dept.

The law says American agencies must eliminate the use of Kaspersky Lab software by October. But U.S. officials say that's impossible as the security suite is embedded too deep in our infrastructure, The Daily Beast reported Wednesday. From a report: Multiple divisions of the U.S. government are confronting the reality that code written by the Moscow-based security company is embedded deep within American infrastructure, in routers, firewalls, and other hardware -- and nobody is certain how to get rid of it. "It's messy, and it's going to take way longer than a year," said one U.S. official. "Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with."

At issue is a provision of the National Defense Authorization Act (NDAA) enacted last December that requires the government to fully purge itself of "any hardware, software, or services developed or provided, in whole or in part," by Kaspersky Lab. The law was a dramatic expansion of an earlier DHS directive that only outlawed "Kaspersky-branded" products. Both measures came after months of saber rattling by the U.S., which has grown increasingly anxious about Kaspersky's presence in federal networks in the wake of Russia's 2016 election interference campaign.

10 of 127 comments (clear)

  1. Re:Prior art by khandom08 · · Score: 3, Funny

    It's Trojan horses all the way down....

  2. Re:AI Solution? by Anonymous Coward · · Score: 3, Funny

    Al is looking into it. (He prefers Alphonse, BTW) He said the Kapersky shit is like Norton and is a bitch to get off of the machines.

    It'd be best to just trash the machines and start with all new ones.

    Alphonse knows a guy who knows a guy who can get really cheap machines. His name is Wong Wei Wang. His company is based in Beijing and is called (English translation) Friendly Not Government Controlled Computer Company. The Trump administration has already OKay'd it. Eric is such a great guy according to Wong.

  3. The question to ask.. by lionchild · · Score: 3, Insightful

    The question to ask, as both a taxpayer and an IT guy is this: What's the "penalty" for failing to make the October deadline?

    --
    Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
  4. If this had been an actual emergency by Sloppy · · Score: 4, Insightful

    The government is lucky this Kaspersky scare is bullshit, then. If this had been an actual emergency (e.g. the software were doing something bad, whether by design or due to some random bug that you can't fix because it's proprietary), sounds like everything would be totally fucked.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    1. Re:If this had been an actual emergency by Aighearach · · Score: 3, Insightful

      It is a known fact that you don't have the information needed to determine it is "bullshit."

      And you never would have it. And the second part of what you said is therefore the whole part that isn't bullshit; it might be an emergency, in which case the network is fucked.

      Since knowledge of the evidence for the concern is classified, you don't know about it; and even if you had a security clearance, we know your job doesn't involve knowledge of these particulars because then you wouldn't be allowed to tell us. So by definition, you can't know it is bullshit; you either have reasons to believe it is a problem, because there is public information about what the danger is in losing control of a network, or you don't fucking know.

      I'll give you a hint: If your opinions about network security are based on your domestic politics, you're a fucking idiot.

    2. Re:If this had been an actual emergency by Anonymous Coward · · Score: 5, Insightful

      Actually, the entire backstory of this whole farse is very widely known in cybersecurity circles, including the so-called "classified" facts (which are widely disseminated outside the US where said "classification" of otherwise widely known information is not relevant).

      Here are the crib notes and timeline, without dates:

      - Equation group leaks
      - Equation Group software widely attributed to NSA in cybersecurity circles
      - Kaspersky researchers tie Equation Group to creators of both stuxnet and Flame via forensic analysis (note they DO NOT call out NSA here, but anyone with half a brain can put 2 and 2 together)
      - US military and/or NSA (not totally known as it is "classified") become involved in middle east anti-terrorism espionage using malware deployed on public wifi networks
      - Kaspersky publishes research on said malware, again without attributing it to anyone, but making it public
      - US military and/or NSA (not totally known as it is "classified") have to pull out of their espionage and invoke a burn order since they are exposed

      To make it even shorter - Kaspersky did their job. Because their job exposed US government activities, the US government got pissed.

  5. Virus or Anti-Virus by coolmoose25 · · Score: 4, Insightful

    If you can't get your Anti-Virus software off of your equipment, is it really anti-virus, or has it just become another virus?

    --
    Brawndo: It's what plants crave!
  6. Huh? by rsilvergun · · Score: 3, Insightful

    bullshit. Do a week of training with one of their competitors, uninstall the old stuff, install the new stuff, call it a day. None of this is difficult. These are software programs designed to take care of security for end users.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Huh? by dyfet · · Score: 3, Informative

      I think you missed the part about "embedded in routers", etc...

  7. If it wasn't government, there would be a solution by xxxJonBoyxxx · · Score: 4, Interesting

    >> Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with

    In the real world, I'd go to Kaspersky's biggest competitors and say, "if you replace these guys on a one-to-one basis (at no charge this year), we'll give you their support contracts in future years."