“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical,” the company says in an emailed statement.

Yeah, right. :roll:

So, knowing how much access the Russian dictator has in businesses inside the country, why is it surprising that someone finally woke up to the risk of having a Russian antivirus posed? If Putin was to "ask" Kaspersky to use their AV for govt. actions, you know they certainly would. Who wants to be the next Voronenkov or Magnitsky ?


After months of escalating hostility toward the Russian cybersecurity company and antivirus maker Kaspersky, including its complete banishment from US government agency computers, the New York Times reports that Russia has in fact used Kaspersky antivirus software to probe federal systems for US intelligence secrets.

“AV is pretty much the perfect bugging device on every computer it’s sold on,” says Bobby Kuzma, systems engineer at Core Security. “You’ve got this piece of software that’s in a position to see everything on your computer.”


https://www.wired.com/story/kaspersky-russia-antivirus/

Ahh, the good old witch hunt with a touch of Putin demonisation.

Yea, you get allegations about Kaspersky doing something bad, but like the other cyber stuff (remember the scandal surrounding companies that made software for voting machines?) it has not been substantiated in the end, or in some cases they were outright debunked.

p.s.
Russian dictator
Demonisation of Putin never gets old for some reason, heh.

P.p.s. if you read the article:
and the New York Times report that outlines Russia’s intrusion stops short of stating that the company colluded with Russian intelligence.
But the North Korea incident shows that antivirus companies can be compromised without any sort of backroom agreement.
You would notice that the article is not about Russian Goverment coercing Kaspersky into conducting illegal/unethical activities, but about the danger of AV software in general based on how it is a single point of failure due to its special status/rights on the system and the projection of domestic US experience:
"We know that the US government has solicited participation from technology vendors in the United States in the past, whether through official channels or more covert mechanisms such as National Security Letters," says Kuzma. "There's no reason why other foreign governments cannot compel the same type of cooperation from companies that are based in their territory."

I guess it is pretty much like Mickeysoft. When the US secret services want to know something, or the industry needs new ideas or patents.. have a look at what other people do and save on their PCs or networks. Lots of backdoors for the initiated. A hegemony is not for the faint hearted, even if is a tad better than outright war. Kaspersky will help Russia, like Apple helped the US when it came to access to "well-defended" privacy.
What else do you expect when it comes to legal matters, or a nation needing certain information? :shucks:

OT (sorry), regarding Russia:
I think that Putin is much more reasonable than e.g Trump, and i begin to have some respect that he still has the composure, after being blamed for everything under the sun and being treated as a pariah.
A "dictator", well.. democracy is of course a joke in Russia. There are differences between his and our ideas of how to lead a state, but we the west do not have a real democracy either.

My theory: if you look at what is happening in Russia you probably need some "tsar" to keep it all together, and get ahead of criminals and certain networks, to have a working government in such a country at all.
I do not like his managing of anyone being critical about him, it is almost as if Mrs Politovskaja was the same calibre challenging him and his power, like e.g. this sceret service agent he poisoned with radioactive stuff, or other organised resistance.
However, this is how he spreads the message not to mess with him, most probably learned in his service times, but imho it would not be necessary for him to do that. Way too much overreacting :03:

His speeches and statements regarding the handling of the middle east, economics and about general conduct agaisnt terrorists though should be heard, and taken seriously by "the west". The time of the Soviet Union has passed, this is not a communist state anymore.
The West has screwed up bigtime after 1990. Some like the military or those communist-eater die-hards, will sure like that we have another cold war up our back. It is not only Russia that has to change.

The irony is that the bloody hands of the regime are too busy competing for power to actually, purposefully prosecute the self marginalized opposition, which is not a threat to the regime, yet made into martyrs by western observers when they fall victims to the internal regime friction.

I switched to protonmail.ch. One week later I recieve on my last remaining gmail mail account a message from Google 'we've noticed' Im not using their service anymore. thats just freakin creepy.

Ahh, the good old witch hunt with a touch of Putin demonisation.

Yea, you get allegations about Kaspersky doing something bad, but like the other cyber stuff (remember the scandal surrounding companies that made software for voting machines?) it has not been substantiated in the end, or in some cases they were outright debunked.

p.s.

Demonisation of Putin never gets old for some reason, heh.

P.p.s. if you read the article:


You would notice that the article is not about Russian Goverment coercing Kaspersky into conducting illegal/unethical activities, but about the danger of AV software in general based on how it is a single point of failure due to its special status/rights on the system and the projection of domestic US experience:


Regardless, is it really in the interest of the US government, or any government, to continue using suspect technology. Yes, there is no absolutely definitive evidence to prove Russian government collusion with Kapersky, but there is an abundance of circumstantial and other evidence of collusion to make trusting the word of the Russian government and Kapersky on this matter and to make continued use of the tech an unacceptable risk. There is the additional consideration of the very strong possibility there is much more to the US side of the story than what has been made public; the US may be acting on sensitive intelligence and may be holding back what they really know so as not to compromise cointel operations. The Flynn/Russian collusion case is an example: when the story first broke, a lot of people doubted it because it seemed idiotic individuals or organizations involved in such conduct would use unsecured channels to communicate; however, once details of the matter were divulged, there was a very strong impression Flynn and other alleged participants were blindsided and surprised by the extent of the detail, leading to a deduction the participants had, indeed, been using what they thought were secure channels and didn't know US agencies had compromised those channels. The Kapersky case may be similar: the participants may have thought they covered their tracks and are now faced with the strong possibility they have been compromised by methods of which the US is not inclined to 'tip their hands'...

Consider this: a great many posts have appeared in these forums over the years by members who have decried various software that may be spying on them and their online activities, some even removing the offending software and urging others to likewise; is it any less reasonable for the US government to likewise rid itself of potentially tainted software until the producers of the products can definitively assure their products are benign? I don't know about you, but I do my own due diligence when it comes to what I use and never blindly accept the word of the producers their products are 100% safe and myself blindly use them; and I expect the same care and attention from my government when it comes to national security. Tell me you, if offered a software download of which you are unfamiliar, would just blindly go ahead and install it just based on the assurance, by the publisher, the software is benign?; I'm pretty sure you'd at least run a Google check on the software first. The recent action is akin to that: the US government has merely done their due diligence and have declined to used very questionable software...






<O>

It makes sense for state to avoid any single points of failure ( land as such any AVs), in fact there is a drive in Russia to avoid use of Microsoft products in state institutions, but it seems like bad practice to work on a smear campaign against a software developer.

So if the US declines to use Kapersky and cites security concerns as a reason, that's a smear campaign; but if RU declines to use MS products, its not a smear campaign against a software developer? Seems like a very big double standard, there. But then, again, the RU government does have a well-documented and long track record of being ethically challenged. Glass houses, pots & kettles, etc. ...





<O>

My point wasnt that it is wrong to refuse to use certain software for whatever potential security liabilities you may get, but about how coverage of the said refusal grew into a smear campaighn against a Russian software company, as a part of the greater witch hunt.

It almost appears that western (particularly US) mass media would post anything they could find that would demonise Russia, for example this WP publication here:
https://www.washingtonpost.com/amphtml/news/global-opinions/wp/2017/10/09/how-putins-russia-uses-soviet-era-tricks-to-evoke-racist-white-fears/
(and it's criticism here: https://irrussianality.wordpress.com/2017/10/10/centering-the-russian-slav-by-destroying-russian-culture/)

If the suit fits... :03:





<O>

Now lets go for those chips made in China that fill the mainboards of Americna military equipment and weapon systems.

I alwqays considered that to be a very stupid ideal. Mainboard malware infection already in th factors, was the future already years ago. I am pretty much sure that onboard drivers for mainboards and hard drives are being abused by now already by routine. Digital sleepers, so to speak.

I also think since two years that Microsofts deliberate penetration of secuirty and pirvctesphere with W10 is not only business policy, but also wanted and maybe even ordered by the US government.

It is publicly admitted NSA policy to make very computer on the planet accessible for American intel whenever that is seen as desirable. Said the back then boss of the NSA in a public hearing or before acommittee already over one year ago.

I am not surprised if the Chinese use software for Android or Russia uses such tricks as well. The question is to what degree Kaspersky actively supported and agreed to the cooperation with the Russian intel service, or had his software being hijacked or abused without his knowledge, or against his will.

Welcome to war. In the digital realm, its a hot war since many years already. I wonder how anyone could be surprised any more.

Avoid computer services that fall unde ramerican or Russian or Chinese legislation, be alarmed regarding all others. In emaisl I only write what I would not mind to also write on an open tpurist photo postcard: harmless, empty phrases, nothign that has any meaning. Thats why I write emails almost never.

Do not think for one second that TOR is safe. It makes it a little bit more time consuming and difficult for "them" to track you, but right by that you make yourself suspicious and attract even more attention. Even so-called bridge-points to enter TOR, do not provide you fall anonymity and protection. Hide yourself in background clutter, or send your info - from mouth to ear, personally. There is no safety in the digital world, so do not get your inner life exposed to it, so to speak.

Now lets go for those chips made in China that fill the mainboards of Americna military equipment and weapon systems.

I alwqays considered that to be a very stupid ideal. Mainboard malware infection already in th factors, was the future already years ago. I am pretty much sure that onboard drivers for mainboards and hard drives are being abused by now already by routine. Digital sleepers, so to speak.




Haha, I never thought about that. Interesting times ahead :arrgh!:

Unfortunately US is both ahead in cyberwarfare and reluctant to enter into an arms control regime of some sort.

We really need to catch up.

[No virus news

Unfortunately US is both ahead in cyberwarfare and reluctant to enter into an arms control regime of some sort.

Would be a waste of ink and paper. Could not be controlled in any way. Could not be enforced - not even by own government in own country. Impossible.

Noone said that it would be easy.

Though I guess US, especially back in 2015, felt that it didn't need to do arms control due to how significant their advantage was (and still is), in additional to soft operations (data gathering and influence) we could remember OG/stuxnet.

No, not "not easy". Impossible. And I mean it. Impossible. No control can be imagined that is capable to overwatch such a treaty or law. Missile silos can be checked. Biological research centres can be had an eye on. Chemical facilities can be monitored. Weapon factories can be observed. But when all it takes for your task to get accomplished, can be carried in a suitcade home, can be done in the basement of your house, can be done on just any computer device in the world, than control is not "not easy", but impossible.

From a professional perspective, Kaspersky is no more "risky" to use than Symantec or McAfee. While there is a LOT of political noise in the US over "Russia", the fact is that every AV product out there is (by security professionals) seen as both a pivotal security barrier AND a source of failure.

When a product is evaluated, its activities (both active and passive) are closely monitored, tested, prodded and as much as possible, reverse engineered. No application that is as complex as modern AV (especially those that focus on "real time protection) is going to be error free. The same is the case for modern operating systems. This is why every build of every significant security package is put through the wringer.

If you go digging deep enough into the subject of the supposed Kaspersky "hack" - the answer of what occurred - and how - is actually simple and very likely would be found on the major players in AV here in the US. It actually just "did its job"....

Let me give a quick synopsis:
Kaspersky, like most other AV software packages, can heuristically detect activity (or the potential activity) that other software may take. If a piece of software is scanned and noted to be designed to take certain actions (such as inject code), yet it does not match any known virus signature, it is deemed an "unknown" threat. Just like McAfee, Symantec and most other packages, Kaspersky AV will (assuming it is set up to do it) send a copy of the suspect code to its maker for in depth analysis. This is what allows AV makers to update virus definitions to protect against emerging threats. It is NO different than any other well respected AV maker practices.

Now - the claim was (and I do not doubt it) that certain "tools" originating from within the US NSA were what was found on Kaspersky's network. Given that such tools would have been designed to perform tasks like code injections, memory reads and modification, elevated privilege executions, etc. - these "tools" would have by their very nature been "flagged" for being suspect. Symantec and McAfee would likely (and probably have - but we aren't checking THEIR networks) have done the same thing. And when suspect code is found, a copy gets transmitted "home" for analysis. So basically Kaspersky software did its job - and that somehow turned it into a "spy" company?

Nope.

The greater concern was the requirement by the Russian government for all software source code. That does allow intelligence arms with highly technical resources to look for exploitable vulnerabilities - and that has apparently been used with Kaspersky. A problem? Yes. However, Kaspersky has (apparently) done its best to mitigate security holes when found - and the Russian intelligence arms aren't the only ones finding those.

Did it make sense for the US government to stop using Kaspersky based on this - yes. Then again - it made sense that they shouldn't allow code samples to be transmitted by computers that might have "tools" on it that are (for all intents and purposes) forms of malware - regardless of the AV maker.

That does NOT make it a "bad" AV package or one that normal people should avoid.

In fact - if you want to use the argument that it is - perhaps you should stop using Windows. After all - M$ has been providing Windows OS (and Server OS) source code to the US Government since 2003 (check the WSJ for info). The only surprise to me that Russia wanted to get away from M$ was that it took them 13 years to figure out that they should.

The reality is that outside of governmental use, Kaspersky remains a highly respected AV package with great testing results. Facts should outweigh the political spin that is used to push a specific perspective.

I am no fan of Putin or the Russian government. I spent 8 years identifying silhouettes of red equipment just so I could help kill it. But being in the security field, I don't much care to see a good company with a good product - a product that did exactly what it was designed to do - get cratered because it is politically expedient.

I'll touch on Skybird's concerns in my next post...

Board level chip programming is a esoteric art in some ways. Yes, there is cause for great concern should unknown vulnerabilities be "built in" to chips. However, while it is a real threat, it is one that is not only known - but one that has been exploited - as we saw years back with Stuxnet. Most professionals agree that Stuxnet was a joint project between the US and Israel. Even if the US did not play a role in its creation, US intelligence DID see the results. So it is safe to say that the US intelligence apparatus is well aware of how PLC's can be a source of vulnerability.

Does that mean we are secure? No. In the technology world, there is no "guarantee" of security any longer (really never has been - threats have changed and are MUCH more pervasive today though). However, when you know of a vulnerable spot in your armor, you examine it and find ways to "harden" it. Rest assured that PLC firmware revisions across entire industries and sectors are generally examined with a fine tooth comb. Again - no "guarantee" - but IC chips are not the unguarded back door that some people fear.

Skybird's point on the dangers of "suitcases", portable high power technology and ultimately, miniature weaponized items (whether IED's, chemical or bio weapons and small "dirty bombs") are much more serious and infinitely more difficult to control.

After all - to be successful the intelligence arms have to be right 100% of the time - the bad guys only have to "get lucky" once.

With that said - that does not mean that government should put security above the rights of its people.

Another prominent example, are concerns about HDs. These devices have inbuilt hardware controllers, drivers stored on a ROM. The concern is that from factory on these drivers build onto and into the hardware, may be corrupted and provide backdoors. Another example are chips on mainboards who hold drivers and operate on such a profound level that they simply would evade any detection software like virus scanners and the likes.

The problem thus is already the factory. It may have been attacked and infiltrated, or it may obey secret government orders. You maybe get you hardware already corrupted right out of the factory, you must no longer catch up an infection or malware attack. You already bought the malware as an intentional design feature of the hardware.

---

If it would be so easy to detect vulnerabilties in foreign-made chips that maybe are used in control boards of missile warheads or in a fighter radar, then you would not need to buy these chips from another rivalling nation, becasue then you would have needed to understand that chip architecture so thoroughly that actually you could have build and produced it yourself. Money, cheaper production of military chips in China than in the US, I do not buy as an argument here. No more.