I wonder how that is something the FBI should be doing. I always thought the US had it's somewhat-secret-security agencies divided between foreign and local, spying and acting, and public and government tasks. (which is why they have so many of them?)
If this was a problem for the country, wouldn't it be DHS's job? And if there was an issue to be looked in to, it's FBI's job. And if there is something about spying to figure out if someone is doing something, there is the CIA and the NSA depending on where they need to look?
On top of that: wouldn't this be something that should simply be looked at internally at agencies and if there is an actual problem, resolve it for the country by issuing a law or directive or bill or whatever name they put to rules the US-based companies have to follow?
In addition to being law enforcement, the FBI is also a domestic intelligence and counterintelligence agency. This would fall under their counterintelligence mission.
This is correct, FBI have aided in the securing of many private sector systems in the past. When a few critical flaws in the consumer credit network (eg visa,amex) were detected it was with the FBI's assistance and they oversaw the implementation of improvements.
Securing domestic computer networks and products from foreign attack surely fits within the FBI's jurisdiction. Obviously there's some overlap with the NSA in this mission (but not DHS -- they have very little in the way of computer crime experts), but this doesn't seem weird to me.
Basically: US law enforcement is telling US companies that Kaspersky products are likely compromised by Russian intelligence. Surely foreign law enforcement is issuing similar warnings about Symantec and McAfee products being compromised by the NSA.
NSA is DoD systems, DHS is other governmental systems and some critical private sector systems, FBI is counterintelligence investigations. They all overlap and help each other.
NSA is under Intelligence Community[0]. I think Defense Intelligence Agency is DOD's intelligence branch.[1] But my own wiki link is saying both NSA and DIA don't have parent agencies so idk..
Both the NSA and the DIA are under the DoD. Both are intelligence agencies and are part of the IC. All of the IC members fall under the Director of National Intelligence (DNI). The NSA and DIA differ in their missions. The NSA is primarily focused on Signal Intelligence (SIGINT) whereas the DIA is focused on Human Intelligence (HUMINT), mostly pertaining to foreign militaries.
President Obama issued a policy directive making the FBI the lead agency in cybersecurity response. This is a response.
> In view of the fact that significant cyber incidents will often involve at least the possibility of a nation-state actor or have some other national security nexus, the Department of Justice, acting through the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force, shall be the Federal lead agency for threat response activities.
This isn’t really a comment about Kaspersky, because I don’t know if the implication that they are involved in Russian cyberespionage is true or not. However, in general, the FBI is very involved in tracking the different groups associated with nation state cyberespionage. One of the most common ways that a large company in the private sector finds out that it has been compromised is via FBI notification. Not even close to the same situation here, but it does illustrate that domestic network security falls within the scope of their operations.
Whether the federal government should be lobbying against a private companies’ products is a more complicated issue. I think, if it could be demonstrated that there is sufficient evidence to link them to unethical behavior, it might be appropriate.
With the oligarchy in Russia being what it is, it's not a stretch to think that any large company based in Russia is a proxy for the government. At the very least, the executives of that company could be pressured by the state security apparatus.
Pretty much anyone with money in Russia crosses the Putin government at their own peril. There are numerous cases of Russian billionaires in opposition to Putin losing their companies to supposedly trumped-up charges of tax evasion and subsequently dying in jail under suspicious circumstances.
My impression was that the charges are rarely trumped up; it's just that everyone remotely successful does it (so it's hard to be competitive without) and the law is enforced very selectively.
This kind of FBI involvement predates DHS, and has been continued in part because of the way the programs evolved.
Much of the US critical infrastructure is owned and operated by private industry. For that reason, a collaboration between the FBI and private industry was formed in 1996, called Infragard [0]. Today, there are chapters in each of various regions of the US, each with an FBI coordinator who facilitates the communication between feds and local industry.
There are many agencies responsible for foreign intelligence collection in the US. The NSA does SIGINT, CIA is more operational and HUMINT, and there's also military intelligence and special purpose agencies like the National Geospatial Intelligence Agency.
It's worth noting that the NSA is DoD while the CIA is State Dept.
They do have somewhat orthogonal missions (HUMINT vs SIGINT) as others have commented, but never underestimate each piece of the government wanting their own agents.
Responsibilities of various pieces of the federal government are usually well-delineated but without clean taxonomic hierarchy. The hierarchy only gets cleaned up years or decades after things get spun up and it takes a massive reorganization effort. Single entities with two (or more) responsibilities often aren't worth the effort needed to split up, and thus never fall anywhere cleanly. Even to this day the department that investigates counterfeit currency is also responsible for bodyguarding the president.
This is essentially the same reasoning why other governments and their constituents shouldn't trust American tech companies. That's pretty well established thanks to some notable leaks.
No actual technical mechanism has come out suggesting how Kaspersky is spying, only that it could. We've seen technical mechanisms which impact US firm's hardware such as Cisco and how they're embedding that malware into specific target's endpoints (postal intercepts). We've also seen firmware updates go out to US company's industrial hardware which MIGHT have needed the companies help to produce.
I'm yet to see anyone publish an article talking in technical terms about what Kaspersky is meant to be doing. All people keep repeating is that one of the top executives has Russian military experience. But technical facts are more key here than anecdotes or fear mongering. I'd stop using them tomorrow if someone can show me why, but even the FBI/DHS/NSA hasn't produced a paper on it or done a presentation at Blackhat.
Let's talk actual facts here. Software or even hardware isn't magic, if you can show that Kaspersky is evil show it already.
The true reason why the FBI wants to get rid of Kaspersky: since American agencies do not have access to data of Kaspersky but do have access to all data of American antivirus vendors, they want everybody to switch to American vendors.
Define data? Eugene Kaspersky volunteered their source code. It's true that won't be an on-going effort and that back-doors are hard to detect through the millions of lines of code, but it's one hell of a sign of confidence.
Edit: Not dismissing the Russian scenario, but this is McCarthyism 2.0 as far as I'm concerned.
Edit 2:
"FBI officials point to multiple specific accusations of wrongdoing by Kaspersky, such as a well-known instance of allegedly faking malware."
Ok, if they are bringing that incident up, this really does mean they have nothing and are grasping at straws. This is referring to a time when Kaspersky trolled competitors who were stealing their signatures, and they made some fake detections. It's the antivirus equivalent of "Trap Streets" used by mapmakers. It doesn't create any kind of back door or weakness.
The whole av industry is shady business - never know for sure whether some stuff is planted on purpose or is a result of a hack. (I used kaspersky stuff 20+ years ago - just don’t have much respect for this industry in the first place. Also using kaspersky av in us gov settings or any critical business ops is just plain clueless)
In the Lansing area all the municipalities using Kaspersky are being advised by the feds to drop it as quickly as possible. It was front page news a few days back.
US laws do not give much protections to citizens of other countries so the American rule of law is irrelevant for them; American and Russian government agencies have equal authority to spy on them etc., though of course geopolitics makes the two far from equivalent in real-life threat analysis terms for any particular place/org. (What US citizens can count on here is a separate and I guess muddier question.)
It is actually quite difficult to intentionally ignore nation state malware from certain regions, because attributing the origin is not something a private entity can accurately do with confidence.
I am more concerned about the US government because I am an US citizen and I believe the US government does not align with me politically. So I would rather give my data to the Russians.
"Microsoft's antimalware research director, Dennis Batchelder, told Reuters in April that he recalled a time in March 2013 when many customers called to complain that a printer code had been deemed dangerous by its antivirus program and placed in "quarantine."
"Over the next few months, Batchelder's team found hundreds, and eventually thousands, of good files that had been altered to look bad."
"Batchelder told his staff not to try to identify the culprit"
This last part seems incredibly suspicious.. perhaps it was Microsoft trying to discredit Kaspersky
Aside from all the innuendos and made-up proof, the one true statement you can make here is that Kaspersky is not, nor ever will be, providing backdoor services for the FBI.
I was surprised to hear an ad for Kaspersky on NPR this morning. I know there's a disproportionate number of ads for Barracuda and other security services, but I was curious about an entity in the news running ads. The hosts didn't mention any connections to current events.
Seems to me like all the Chinese-made equipment everyone (including FBI) is using is a much more credible threat. This looks like they're just piggybacking on a witch hunt.
Disclosure: I am Russian-American, but always voted against Putin. Not that it mattered, of course.
super surprised this thread isn't filled full of hate for our fed Intel teams. The IC works incredibly hard to keep us safe. Maybe this Presi and his hate for the IC is changing minds about our IC.
If this was a problem for the country, wouldn't it be DHS's job? And if there was an issue to be looked in to, it's FBI's job. And if there is something about spying to figure out if someone is doing something, there is the CIA and the NSA depending on where they need to look?
On top of that: wouldn't this be something that should simply be looked at internally at agencies and if there is an actual problem, resolve it for the country by issuing a law or directive or bill or whatever name they put to rules the US-based companies have to follow?