Israel and Russia's overlapping hacks of Kaspersky complicate espionage narrative

Discussion in 'Serious Discussion' started by MS_User, Oct 13, 2017.

  1. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,548
    377
    90
    [​IMG]


    The drama between Russian cybersecurity firm Kaspersky and the U.S. government just doesn't quit, but a new report may answer some longstanding questions.

    This week, the New York Times revealed that U.S. intelligence was actually tipped off about the Russian government hacking Kaspersky Lab software by Israeli intelligence officers who observed Russia in action during the course of their own spying efforts.

    Russia's activities are described as "[searching] computers around the world for the code names of American intelligence programs," indicating that Russian intelligence leveraged the broad permissions required by any antivirus software to turn compromised computers into a kind of searchable database.

    While there is much we don't yet know about the Russian government's efforts to hack Kaspersky products, in at least one instance they appear to have resulted in Russia obtaining classified documents from an NSA employee who had stored them on a personal computer that ran Kaspersky software.

    The extensive system-wide permissions that antivirus software necessitates and the trust it demands of its users make Kaspersky's products an ideal target for governments wishing to spy on their adversaries. Kaspersky first noticed intrusion by Israel referenced in the New York Times story back in 2015, when it reported that "a sophisticated cyberespionage actor" had infiltrated its systems using code that resembled a previous attack. Kaspersky dubbed the effort "Duqu 2.0" and drew a connection between methods used in the new intrusion and those employed by Stuxnet, a cyber weapon developed for use against Iran by the U.S. and Israel.

    On Wednesday, Germany's federal cybersecurity agency BSI told Reuters that it had not detected any threat from Kaspersky software but would work in cooperation with U.S. intelligence agencies.

    The whole ordeal is a nightmare for Kaspersky Lab. The company looks incompetent at preventing state-sponsored hacks in the best-case scenario and complicit with the Russian government the worst case scenario. However it plays out, the unfolding drama will certainly hurt the software maker's footprint in the U.S., where Congress has already taken action to purge the government of the company's software.

    Kaspersky maintains its desire to "certifiably refute the false accusations" made in the New York Times story,

    "Kaspersky Lab has never helped, nor will help, for any government in the world with its cyberespionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical," the company said in a statement to TechCrunch.

    "... For 20 years, Kaspersky Lab has been focused on protecting people and organizations from these cyberthreats — its headquarters’ location doesn’t change that mission."
     
  2. JFKI

    JFKI MDL Expert

    Oct 25, 2015
    1,098
    369
    60
  3. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,176
    1,163
    90
    #3 Joe C, Oct 13, 2017
    Last edited: Oct 13, 2017
    Kaspersky could be innocent, or maybe not. They (Kaspersky) have very little choice to internet surveillance that is imposed by the Russian govt. It's just that the Israeli's hacked Kaspersky, and found that Kaspersky's servers were already accessed by the Russian govt. Which is what the Russian govt does with anybody within their country. It's the reason they now demand that Facebook & Linkedin have servers in Russia if they want to do business in Russia. It is irreverent whether Kaspersky had anything to do with anything. As long as Kaspersky is in Russia, they will be under scrutiny because of Russia's rule of their internet provider
    https://freedomhouse.org/report/freedom-net/2016/russia

    If Kaspersky were to leave Russia and move to a place where their ISP respects privacy, they might be able to recover. I did read some where that Kaspersky does encrypt their internet data, but the Russian govt has access to decrypt
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. WindowsGeek

    WindowsGeek MDL Senior Member

    Jun 30, 2015
    366
    63
    10
    #4 WindowsGeek, Oct 13, 2017
    Last edited: Oct 13, 2017
    I seriously dought Kaspersky was oblivious to this.
     
  5. JFKI

    JFKI MDL Expert

    Oct 25, 2015
    1,098
    369
    60
    Oblivious to what ? Being slandered ? ;)
     
  6. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,176
    1,163
    90
    What I find interesting is that the Isreali's hacked into Kaspersky's servers, How secure is a security company?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. WindowsGeek

    WindowsGeek MDL Senior Member

    Jun 30, 2015
    366
    63
    10
    That they were not aware if this.
     
  8. JFKI

    JFKI MDL Expert

    Oct 25, 2015
    1,098
    369
    60
    Please define "this".
     
  9. JFKI

    JFKI MDL Expert

    Oct 25, 2015
    1,098
    369
    60
    Why it's hard to trust the U.S. on Russia's alleged Kaspersky espionage
    Michael B. Kelley
    Editor
    Yahoo FinanceOctober 14, 2017

    [​IMG]
    View photos
    Russian President Dmitry Medvedev (R) listens to Russian antivirus program developer Yevgeny (Eugene) Kaspersky (L) as he visits the Kaspersky Labs company development center in Moscow on June 18, 2009. (AFP PHOTO)
    The Russian government used antivirus software from the private Russian company Kaspersky to steal classified U.S. data, according to several recent reports.






    One former U.S. official, explaining that the company’s software would have had to be programmed to scan for specific keywords, asserted to the Journal: “There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this.”

    [​IMG]
    View photos
    A picture taken on October 17, 2016 shows Yury Namestnikov, the head of Kaspersky’s Russian research and analysis department at the company’s headquarters in Moscow. (AFP PHOTO)
    ‘I think it settles things’
    Kaspersky denied the allegations, saying, “Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question.” Consequently, the question is whether observers should trust Kaspersky or the U.S. government, who is making the claims through selective leaks and mostly anonymous sources.

    Immunity, told Yahoo Finance. “It’s not like we have real evidence. And that’s a difficult thing. … We are now in a world where the [U.S.] government may never be able to present the real evidence against a company and still is going to be forced to act on it. And we’re going to all have to make decisions about whether we trust the government in each and every case because they’ve been wrong before.”" data-reactid="60">“I think [the slew of reports] settles things, but that’s only if you have some element of trust in what the [U.S.] government is leaking,” Dave Aitel, a former NSA research scientist and CEO of the cybersecurity company Immunity, told Yahoo Finance. “It’s not like we have real evidence. And that’s a difficult thing. … We are now in a world where the [U.S.] government may never be able to present the real evidence against a company and still is going to be forced to act on it. And we’re going to all have to make decisions about whether we trust the government in each and every case because they’ve been wrong before.”

    Skeptics demand pure evidence, which the U.S. government cannot provide without revealing highly valuable details about how the information was obtained.

    “There’s no good way to do it is the problem,” Aitel said. “It’s not like there’s been a magical way where you can both show the evidence and protect sources and methods. And I don’t there ever will be, especially in this world which is so tightly tied to intelligence sources — where we have a difficulty [trusting] the government in the first place. The issue, largely, is that we don’t trust the [U.S.] government. And there’s really good reasons for that.”

    In this case, the evidence is relatively strong.

    “According to the public information, the Israelis have screenshots and key logger dumps of this activity happening,” Aitel said. “To me that says they were watching it in real time. And they know exactly who was at the desk because if they have a key logger, they know who’s logged in. They know a lot about the people involved, so we haven’t seen all of the information that the Israelis have.”

    [​IMG]
    View photos
    Kaspersky’s commercial software is used by more than 400 million people worldwide.
    ‘Trust us, this company is doing bad things’
    wrote an op-ed in the New York Times arguing that “it is unacceptable to ignore questions about Kaspersky Lab because the answers are shielded in classified materials. Fortunately, there is ample publicly available information to help Americans understand the reasons Congress has serious doubts about the company.”" data-reactid="90">U.S. officials have been wary of Kaspersky for years, and the FBI warned big business and U.S. agencies to avoid the popular anti-virus software used by 400 million people worldwide. In September, Sen. Jeanne Shaheen, D-N.H., wrote an op-ed in the New York Times arguing that “it is unacceptable to ignore questions about Kaspersky Lab because the answers are shielded in classified materials. Fortunately, there is ample publicly available information to help Americans understand the reasons Congress has serious doubts about the company.”

    Aitel explained that the U.S. government knows it has a trust issue, which is why the leaks have come out in a particular way.

    “It’s really tough to take a message from the government and trust it as it stands, which is why they did this panoply of leaks to give a veneer of, ‘Hey, it’s not just a Republican member of the administration,” Aitel said. “It’s actually a group of people. They’re well read. There’s a Democratic senator doing an op-ed. … This [Russian operation] dates back to 2014 and 2015, it’s been verified by an outside party, which is Israel. So I think there’s a lot to this story where [the U.S. government] is saying: Listen, this time you have to trust us, this company is doing bad things.”

    [​IMG]
    View photos
    Eugene Kaspersky as a Soviet military cadet.
    ‘When I go to banya, they’re friends’
    highlighted “the paradox of Eugene Kaspersky: a close associate of the autocratic Putin regime who is charged with safeguarding the data of millions of Americans; a supposedly-retired intelligence officer who is busy today revealing the covert activities of other nations; a vital presence in the open and free Internet who doesn’t want us to be too free.”" data-reactid="114">Kaspersky Labs was founded by Eugene Kaspersky, a cybersecurity expert who attended a KGB-backed cryptography institute before working for Soviet military intelligence. In 2012, Wired highlighted “the paradox of Eugene Kaspersky: a close associate of the autocratic Putin regime who is charged with safeguarding the data of millions of Americans; a supposedly-retired intelligence officer who is busy today revealing the covert activities of other nations; a vital presence in the open and free Internet who doesn’t want us to be too free.”

    banya (sauna) night with a group of about 5 to 10 that usually includes Russian intelligence officials,” Bloomberg reported in 2015. “When I go to banya, they’re friends,” Kaspersky said at the time.


    The big question for the cybersecurity community is whether Eugene Kaspersky — a former Russian government cryptologist who built a globally mainstream software company — knew that Kremlin hackers were using his companies software for espionage. He denies that he did. Evidence (via more selective leaks) could prove otherwise.

    “[The Israelis] no doubt have pretty damning screenshots if you’re going to get a United State Democratic Senator to get worked up enough to write the op-ed,” Aitel said. “So if they have the user names that were on those machines, then they know Kaspersky himself is lying. And if he’s willing to lie, then he is basically making a bet that this information is not going to come out because it might risk some source of some kind. But I think he might be wrong. So I think the story is going to continue.”

    [​IMG]
    View photos
    Eugene Kaspersky, CEO of Kaspersky Lab, speaks at the 2013 Government Cyersecurity Forum in Washington,DC on June 4, 2013. (AFP PHOTO/Nicholas KAMM)
    ‘There’s been a lot of burned bridges’
    In any case, the reluctance to believe the espionage allegations against Kaspersky reflects the damaged relationship between the U.S. government and the U.S. information security community.

    “I see a lot of people in the industry still defending Kaspersky,” Aitel said. “And to be honest, I blame it on the Obama administration and previous administrations, which really didn’t want to engage with the information security community and treated [outside infosec experts] as they weren’t an important part of the discussion.”

    speech signaling a harder line against encryption that was seen as unhelpful by outside cybersecurity experts." data-reactid="142">Aitel noted that on Oct. 10, the same day that New York Times reported Israel’s role in exposing Kaspersky, Deputy U.S. Attorney General Rod Rosenstein gave a speech signaling a harder line against encryption that was seen as unhelpful by outside cybersecurity experts.

    told the Washington Post. “The government feels as though tech companies have to find a solution for them, and the tech companies feel as though the government just doesn’t understand how they’re putting the larger security at risk here.”" data-reactid="143">“I’m not seeing how this gets us closer to having the real discussion about solutions in this space,” Ari Schwartz, a former senior director for cybersecurity under Obama who became the managing director of cybersecurity services at a law firm, told the Washington Post. “The government feels as though tech companies have to find a solution for them, and the tech companies feel as though the government just doesn’t understand how they’re putting the larger security at risk here.”

    Aitel said that the speech showed that Washington still wasn’t listening enough to outside experts.

    “When the information security community says ‘responsible encryption is a nonstarter,’ but the Department of Justice is still pretending like it’s going to be OK, I think that’s that old mindset: ‘We can just market it, we’ll put a law through, and they won’t really get a say in it.’ … There’s been a lot of burned bridges. The lack of trust is palpable. It’s unfortunate though, and I think it needs to change.”

    [​IMG]
    View photos
    Former NSA hacker Rob Joyce, the current White House cybersecurity coordinator, gives a talk in January 2016.
    ‘Doing the work of rebuilding those bridges’

    Aitel explained that the U.S. government needed cybersecurity people with technical experience — as opposed to those with only policy experience — to garner respect and trust from the information security community at large.

    Joyce “is doing the work of rebuilding those bridges,” Aitel said. “His team is just better. They know these people [in the infosec community]. They can go out and have dinner with them; he’s approachable. With the previous administration, it was like: ‘No, we know better than you and you’re always wrong.’

    “And I know that you can’t sell any kind of newspaper that has anything positive about the Trump administration,” Aitel added, “but that doesn’t make it not true.’’
     
  10. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,548
    377
    90
    I would not use kaspersky or any other anti for that matter.
     
  11. Tosko

    Tosko MDL Novice

    Dec 7, 2016
    46
    11
    0
    I used to use Kaspersky, until I moved to BitDefender. Now not using any.
     
  12. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,176
    1,163
    90
    Kaspersky knew nothing of it....right? It's not like Russia would have a backdoor installed without Kaspersky's knowledge
    https://www.bleepingcomputer.com/ne...00-for-not-giving-fsb-an-encryption-backdoor/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. JFKI

    JFKI MDL Expert

    Oct 25, 2015
    1,098
    369
    60
    #13 JFKI, Oct 17, 2017
    Last edited: Oct 17, 2017
    :D Please tell me why that sounds so familiar ?

    In fact it sounds like something an unnamed country (which was actually named in the opening post and is supposedly our ally) would instigate.
     
  14. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,176
    1,163
    90
    Russia is changing their laws, Why else do they insist that FB store more servers in Russia now?
    Russia needs to track what it's citizens say and where they are
    https://www.bleepingcomputer.com/ne...while-china-blocks-whatsapp-with-gfw-upgrade/

    I already posted this before, perhaps you'll read it
    https://freedomhouse.org/report/freedom-net/2016/russia
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...