Security Firm Kaspersky, Which Has Been Accused by US of Working With Russian Spies, Helped Catch an Alleged NSA Data Thief

← Back to Stories (view on slashdot.org)

Security Firm Kaspersky, Which Has Been Accused by US of Working With Russian Spies, Helped Catch an Alleged NSA Data Thief

Posted by msmash on Wednesday January 9, 2019 @08:27AM from the stranger-things dept.

An anonymous reader shares a report: The 2016 arrest of a former National Security Agency contractor charged with a massive theft of classified data began with an unlikely source: a tip from a Russian cybersecurity firm that the U.S. government has called a threat to the country. Moscow-based Kaspersky Lab turned Harold T. Martin III in to the NSA after receiving strange Twitter messages in 2016 from an account linked to him, according to two people with knowledge of the investigation. They spoke with POLITICO on condition of anonymity because they're not authorized to discuss the case.

The company's role in exposing Martin is a remarkable twist in an increasingly bizarre case that is believed to be the largest breach of classified material in U.S. history. It indicates that the government's own internal monitoring systems and investigators had little to do with catching Martin, who prosecutors say took home an estimated 50 terabytes of data from the NSA and other government offices over a two-decade period, including some of the NSA's most sophisticated and sensitive hacking tools. The revelation also introduces an ironic turn in the negative narrative the U.S. government has woven about the Russian company in recent years.

34 of 85 comments (clear)

Min score:

Reason:

Sort:

Who? by sexconker · 2019-01-09 08:38 · Score: 3, Insightful

Who actually believes the accusations against Kaspersky?
1. Re:Who? by Anonymous Coward · 2019-01-09 08:51 · Score: 2, Interesting
  
  The accusation was that KAV could not be trusted because K was in Russia and it was feared the company was infiltrated. Eugene was not credibly personally accused at any point of any crimes or malfeasance. It was a possibility.
  Ultimately it appears agents of Russia used the product to find NSA tools by name-matching to known keywords, it wasn't breached so much as it was misused for that purpose. Every system has vulns. AV ops are no different.
  But it should be noted that Russian agents were involved in that, albeit not with Eugene's knowledge or aid. So any Trumptards proclaiming this is Russophobia are abject morons proven once more again.
2. Re:Who? by duke_cheetah2003 · 2019-01-09 09:05 · Score: 3, Insightful
  
  Who actually believes the accusations against Kaspersky?
  I do. And only because... why wouldn't they? There's no reason I can conjure up that would plausibly explain how Kapersky is not in bed with the FSB.
  To think they aren't is folly. We know the Russian government loves to play all sorts of under the table games with just about every other country on the earth. That they wouldn't leverage software publishers within their sphere against other countries is just naive. Of course they would. Wouldn't you?
3. Re:Who? by Shotgun · 2019-01-09 09:23 · Score: 2
  
  And I think there is a surprising amount of evidence to indicate that US "intelligence" agencies do the same with companies in our influence. This is sort of SOP at this point, is it not?
  
  --
  Aah, change is good. -- Rafiki
  Yeah, but it ain't easy. -- Simba
4. Re:Who? by PPH · 2019-01-09 09:38 · Score: 2
  
  And China with Huawei, ZTE, etc. It's pretty much SOP wherever you go. So just learn to live with it.
  
  --
  Have gnu, will travel.
5. Re:Who? by jellomizer · 2019-01-09 09:51 · Score: 2
  
  In general if a country is known to be actively trying to hack and break into your countries sensitive systems. And said country has a proven policy of tight control between government and industry. It really wouldn't be a good idea, to use there system to protect yours.
  Can Kaspersky be honest and not send any data to its host government... Yes, it is possible. However, for the Russian Government, they are a key ready at their disposal if they ever feel they need them. Just like how the United States NSA went into the privately owned Telcos to get our telephone meta-data, without much resistance from them, because of "9/11" it would be just as easy for the Russian Government to get in and get the data.
  Kaspersky, will need to do a Lot to prove their trustworthiness to be on US government systems.
  I have no reason to not believe the accusations against Kaspersky. And for this story there is really isn't a connection. Because it is very easy for a company to actually do its job, and report back to its customer.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
6. Re:Who? by mattyj · 2019-01-09 10:08 · Score: 5, Insightful
  
  This is the worst reasoning. You sound like one of those "If you have nothing to hide, you have nothing to worry about" guys re: the Surveillance State.
  Kaspersky has had a stellar reputation in the community for two decades. They've consistently been one of the top cybersecurity researchers in the world.
  That being said, who knows, maybe Putin has an office at their HQ, but all this FUD without a shred of evidence whatsoever isn't helping anything.
7. Re:Who? by AHuxley · 2019-01-09 11:07 · Score: 1
  
  AV software does its job and reports new malware efforts found in the wild.
  Lots of other AV software is strange in the way it finds nothing in the same way ...
  Why would the Russian gov show what it can do in real time?
  Why would any Western spy agency show it can spy on networks in Russia in real time to the media?
  
  Russia would never show what it can do.
  The West and NATO would never be allowed by the NSA/GCHQ to show that it can do in Russia.
  No nations talks to the media without full and early declassification and then never really about methods used.
  Now we are to trust the publication of US/NSA/NATO methods used in Russia that are free to read in the media?
  
  Intelligence services hide all their methods used/names for decades and prevent real historians from publication 50-60 years later.
  Now we get to read along with ongoing spy methods used in Russia by Western spies?
  
  --
  Domestic spying is now "Benign Information Gathering"
8. Re:Who? by Anonymous Coward · 2019-01-09 11:48 · Score: 1
  
  Kaspersky has had a stellar reputation in the community for two decades. They've consistently been one of the top cybersecurity researchers in the world.
  For years Kaspersky has "discovered" exploits they have created, used and sold to Putin. They "discover" these exploits and save us, only when they think their usefulness is no longer needed.
9. Re:Who? by khchung · 2019-01-09 12:17 · Score: 3, Insightful
  
  Who actually believes the accusations against Kaspersky?
  I do. And only because... why wouldn't they?
  Then use the same logic to believe that the US lied about Kaspersky, because... why wouldn't they?
  
  --
  Oliver.
10. Re:Who? by drinkypoo · 2019-01-09 12:30 · Score: 2
  
  Kaspersky has had a stellar reputation in the community for two decades. They've consistently been one of the top cybersecurity researchers in the world.
  Their technical competence is not in question, their ability to resist the probable demands of the Russian security apparatus is. I don't mean to imply that this fact differentiates Russia from the USA in any fashion, but Russia is known to be a bit insistent about cooperation with the state.
  
  That being said, who knows, maybe Putin has an office at their HQ, but all this FUD without a shred of evidence whatsoever isn't helping anything.
  It would be foolish not to assume that they are compromised, much as major American companies have been compromised. I always pretty much assume that the US, Russia, and China are doing more or less the same stuff... only in differing proportions. And probably more than a handful of others as well, but I don't want to go too far off track. Those, at least, are actors known to behave in such a fashion. Anyone who can afford to engage in espionage does so.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
11. Re:Who? by Vlad_the_Inhaler · 2019-01-09 20:37 · Score: 1
  
  You made that up.
  This is classic FUD without a shred of proof or even evidence.
  If you read what the politicians said when calling for Kaspersky to be locked out, it was full of weasel-words like "could" but without anything concrete.
  The one case where something from the NSA is known to have landed in Russia was part of a known and documented feature - heuristic analysis of executables which can then (this is optional and can be turned off by the user) be sent back for deeper analysis. The software in question fit the criteria and the worker in question was too stupid to have turned the feature off.
  
  --
  Mielipiteet omiani - Opinions personal, facts suspect.
12. Re:Who? by dcw3 · 2019-01-10 01:08 · Score: 1
  
  I do, but as a Cold War vet, you'd probably think I'm biased.
  
  --
  Just another day in Paradise
13. Re:Who? by rtb61 · 2019-01-10 01:13 · Score: 1
  
  Technically they are a security threat in that the US government can not issue a binding security letter to force questionable activity, where all the others will roll right over, well roll you right over. It was inevitable the US government would ban them and likely will ban other companies they can not force security letters on.
  
  --
  Chaos - everything, everywhere, everywhen
14. Re:Who? by dcw3 · 2019-01-10 01:34 · Score: 1
  
  I always pretty much assume that the US, Russia, and China are doing more or less the same stuff
  In general, I agree with this. The only difference is that in the U.S. companies don't have to cooperate with the government. And it's much more difficult to do so because it would be easy for one person to spill the beans.
  
  --
  Just another day in Paradise
15. Re:Who? by T.E.D. · 2019-01-10 02:39 · Score: 1
  
  Kaspersky has had a stellar reputation in the community for two decades. They've consistently been one of the top cybersecurity researchers in the world. That being said, who knows, maybe Putin has an office at their HQ, but all this FUD without a shred of evidence whatsoever isn't helping anything.
  This is sort of missing the point. There is no real rule-of-law in Russia right now, so any company or person operating out of that country is completely at the mercy of the whims of Putin. Kaspersky could be the greatest defender of free-speech and computer security the world has ever known 99% of the time, but if the day comes (or has come) when Putin wants something out of a computer, and he wants Kaspersky's software to quietly do it, the guy has literally no recourse.
16. Re:Who? by dcw3 · 2019-01-10 04:35 · Score: 1
  
  Not saying they didn't but it's a bit more difficult for the US to do so. If the lie gets leaked to the media or pretty much anyone not on the inside, the whole cover is blown. For the same reason most conspiracy theories are BS, this is also BS...you have too many people who know the facts, and it takes one person to blab if it's all a lie. The media (think Pentagon Papers) can get away with that in the US...try it in Russia or China.
  
  --
  Just another day in Paradise
17. Re:Who? by drinkypoo · 2019-01-10 05:14 · Score: 1
  
  The only difference is that in the U.S. companies don't have to cooperate with the government
  Never Forget Qwest.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
18. Re:Who? by dcw3 · 2019-01-10 10:28 · Score: 1
  
  Good point. I guess we don't know if the insider trading conviction was payback or not.
  
  --
  Just another day in Paradise
19. Re:Who? by duke_cheetah2003 · 2019-01-11 05:51 · Score: 1
  
  This is the worst reasoning. You sound like one of those "If you have nothing to hide, you have nothing to worry about" guys re: the Surveillance State.
  Possibly the worst reasoning, I'll yield that one. But doesn't change anything. It's realistic thinking. Given the history of the Russian government tendency to tinker with levers behind the scenes.
  Look, it's certainly possibly Kapersky is on the up and up, but this is the Russian government we're talking about. An abundance of caution and possibly even paranoia regarding Russian companies is most certainly wise and warranted. Regardless of Kapersky's reputation, the government they operate under have a very nefarious reputation and it has to be taken into consideration when considering Kapersky's usefulness and integrity.
  As I posted originally, to do otherwise is naive and folly.
20. Re:Who? by duke_cheetah2003 · 2019-01-11 06:06 · Score: 1
  
  Kaspersky has had a stellar reputation in the community for two decades. They've consistently been one of the top cybersecurity researchers in the world.
  That being said, who knows, maybe Putin has an office at their HQ, but all this FUD without a shred of evidence whatsoever isn't helping anything.
  This is sort of missing the point. There is no real rule-of-law in Russia right now, so any company or person operating out of that country is completely at the mercy of the whims of Putin. Kaspersky could be the greatest defender of free-speech and computer security the world has ever known 99% of the time, but if the day comes (or has come) when Putin wants something out of a computer, and he wants Kaspersky's software to quietly do it, the guy has literally no recourse.
  This pretty much is my concern. Kapersky could be fine and dandy today, and yesterday.. but tomorrow is always going to be a question mark, which is why I find them untrustworthy and lacking in integrity. Not because they're a bad company, or are out to steal stuff on behalf of the Russian government. It's that they can turn into that at any moment, and we'd never know the difference.
A more accurate headline should have read as... by bogaboga · 2019-01-09 08:39 · Score: 5, Insightful

Security Firm Kaspersky, Which Has Been Accused by US of Working With Russian Spies, Helped Catch an Alleged NSA Data Thief

Security Firm Kaspersky, Which Has Been Accused by US of Working With Russian Spies with no evidence furnished thus far, Helped Catch an Alleged NSA Data Thief
1. Re:A more accurate headline should have read as... by mattyj · 2019-01-09 10:14 · Score: 4, Interesting
  
  Kasperksy Lab is incorporated in the UK, by the way, only HQ'd in Moscow, so the company as a whole can't really be taken over by the Russian government. My guess is that a 20 year old cybersecurity company HQ'd in Russia has the good sense to have their digital assets stored/cloned outside the reach of the government.
  It's pretty standard for a cybersecurity outfit to employ former government agents. You know, like all the American ones that have former NSA spooks on the payroll. Standard operating procedure because that's where the best people come from.
  Maybe it all just a front, but I'm not believing it. Kaspersky Labs has had a pretty stellar reputation for a very long time now.
2. Re:A more accurate headline should have read as... by dohzer · 2019-01-09 11:04 · Score: 1
  
  Well they've given the US one thief, so I guess we can trust them completely from now on. Right?!
3. Re:A more accurate headline should have read as... by dcw3 · 2019-01-10 04:41 · Score: 1
  
  Well they've given the US one thief, so I guess we can trust them completely from now on. Right?!
  Quite possibly a quid pro quo for some other action that was privately agreed to. Or, it would be a red herring to simply make them more legitimate looking. That thief might have already been compromised so why not give him up publically.
  
  --
  Just another day in Paradise
He wasn't a rocket surgeon by netringer · 2019-01-09 08:43 · Score: 3, Funny

Kaspersky found who was behind the Twitter handle by using the highly specialized tool ...Google. He used the same HAL9999999 handle when posting to a dating site. Protip to eleeet spy teefs: Don't do stuff like that.

--
Ever dream you could fly? Get up from the Flight Sim. I Fly
Nobody said they were willing participants. by Gravis+Zero · 2019-01-09 09:02 · Score: 2, Insightful

Nobody has claimed Kaspersky was a willing or even witting participant in the event, only that they were a participant. As such, it's fully within the rights of the US government to deem their software on US government systems to be a threat and to advise employees to not use it.
On the other hand, what better way to sow seeds of self-doubt than to sacrifice a pawn?
There are a couple reasons to trust them but far more numerous and more compelling reasons to distrust them.

--
Anons need not reply. Questions end with a question mark.
In all likelihood by nehumanuscrede · 2019-01-09 10:00 · Score: 5, Interesting

Kaspersky is probably the only company who refuses to look the other way at NSA / CIA born malware and viruses.
If you don't play nice with the spooky types, they make life hell on you in return.
1. Re:In all likelihood by dcw3 · 2019-01-10 04:44 · Score: 1
  
  Yeah, and how many "spooky types" have you actually know to do this? I've worked around three letter agencies for forty plus years, and never once seen that occur. Not saying it hasn't, but it would certainly be the exception.
  
  --
  Just another day in Paradise
Backdoors by The+Evil+Atheist · 2019-01-09 10:37 · Score: 1

Surely, stuff like this can't happen if we have backdoors only for the good guys!

--
Those who do not learn from commit history are doomed to regress it.
Re:Highly classified material isn't generally... by AHuxley · 2019-01-09 10:57 · Score: 1

If your reading about ongoing US intelligence work in real time?
Someone declassified something in part early for some reason.
Real US intelligence gets looked at to be officially released about in 30-50 years without methods.
Anything before that is politics, the deep state, US propaganda, a limited hangout.

--
Domestic spying is now "Benign Information Gathering"
Re:too bad by AHuxley · 2019-01-09 11:11 · Score: 1

With wifi at the CPU level for network wake up, that's going to be easy for police/mil/gov at the consumer level.
The US got all the big brand help it needed with PRISM for years.
Whats floating around the web is bait, a trap, contractor efforts.

--
Domestic spying is now "Benign Information Gathering"
This makes sense by Miles_O'Toole · 2019-01-09 12:41 · Score: 4, Interesting

TFA says Kaspersky's tip led to the arrest in 2016 of a security contractor who stole massive amounts of data from the NSA. Their reward was that in 2017, Donald Trump signed legislation banning Kaspersky on government computers, and prohibiting government institutions from buying or installing it on "computers and other devices".
It looks an awful lot like Kaspersky proved in 2016 they were not a tool of the Russian government. Their reward was that less than a year later, Putin reached out through his asset in the White House to punish them for failing to bend over and spread for him.

--
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
We Have to Tell the NSA?! by LifesABeach · 2019-01-10 08:02 · Score: 1

Boy do I feel awkward. I have been accessing the NSA data bases to do light credit checks of folks that use debit cards. I just thought it was ok, what with cell tower owners selling location data. So I just figure that any data collected is accessible.