I just wish they'd release what they have on Kaspersky. All they've given us is vague assertions.
The only specific thing I know is that a CIA contractor took some CIA tools home had Kaspersky installed, and had it setup to auto-submit samples, so naturally it detected the hacktools and submitted them...
But the implications have been that Kaspersky has been actively used to spy on US agencies and companies. But again no technical information has been published, which would be hugely damaging to Kaspersky's reputation.
There's three possibilities:
- They're right and Kaspersky is working for Russian intelligence (but the US aren't releasing technical information for unknown reasons).
- They're doing this to promote American and European alternatives which can be manipulated by Western intelligence (e.g. exclude state sponsored malware from definitions).
- It is just a "red scare" within the US DoD, and they aren't releasing technicals because they have no technicals. It is just playing Telephone between analysts using vague assertions and feeding off of one another (see Iraq War).
All I am asking for is "Here's a technical paper explaining exactly what we caught Kaspersky doing." If we got that and it held up, I'd be fully onboard.
This is pretty much word-for-word what I think about the blacklisting of Huawei, except with an additional twist: we know there are objections to their corporate governance model because it is believed to include investment/board direction from ex-PLA seniors and therefore is held to be too close to a state-actor, and not transparent. But do we get told technical real, live, believable information about the risk side of their fiber or technology which is the headline reason? No. we do not. we get five-eyes FUD.
I want to see the technical paper too, but for Huawei.
We know from the Snowden leaks that the NSA had access to (Huawei founder/CEO, and ex-Chinese intel employee) Zhengfei's email back from 2010. They also got access to Huawei's source code repository.
By 2012 US five-eyes allies were banning Huawei from critical infrastructure projects[1].
Doesn't take a lot of reading between the lines there to speculate that they really did find some stuff.
No. this is exactly wrong. speculation is useless. We know on equal terms, Cisco and Juniper probably had backdoors because of the NSA. Do we stop using them?
The joke here is, that the Chinese don't share intelligence with anyone else: arguably, if they do see our packets, less people see them because the NSA share with their strategic partners, and with the FBI!
Any combination of these 3 factors could be true simultaneously. But as with most rumours, ask, who benefits?
If it's plausible that some Western companies might cooperate with Western intelligence, then it's equally plausible that a Russian company may cooperate with its home country's intelligence. Regardless of whether it's true, the Western allies' intelligence community benefits from discouraging Kaspersky's use either way: either by driving usage to products they can influence, but their adversaries can't, or by avoiding exposure of first-party malware to an actor they can't influence.
Imagine you are the head of the security apparatus in a totalitarian regime and you find out that a well respected international company from your country produces a piece of software that is installed in millions of computers over the world with admin privileges. Wouldn’t you lean on them? How can you not?
I have lived under a totalitarian regime (not Russia) and I can tell you that the security apparatus doesn’t fuck around. There is no asking, only cooperation, or else...
The Russians are also good at spook games, I mean, the dude is KGB trained. They don’t need to compromise the source code with backdoors that someone can find, they just ask Kaspersky to be a tiny bit more aggressive in their sample vacuuming for example. Or they just don’t do anything and sit on it, knowing that one day they can call to collect.
I personally believe Kaspersky is compromised, IMHO. I just don’t see a way that it can’t be.
I agree. You don't do business in Russia without cooperating fully with the Russian Government. I'm fully on board with the whole "red scare" perspective and saying Kaspersky just got caught up in the wrong place at the wrong time in geopolitical arguments. Being realistic though, it's silly to think the Russian gov't would allow them to operate fully independent with no oversight. They absolutely have a hand somewhere in Kaspersky, the only question is how deep a role they are requiring Kaspersky to play. Kaspersky is a fantastic company with very well respected programs, and for a vast majority of its userbase, Kaspsersky products do just fine. I did find it entertaining that the founder said he didn't really care about losing the US market, because the US accounted for very little of their overall profits.
If this is true, they probably got details from a spy who told them. They dare not give away any information because that would give away the spy. Thus they only dare to make vague accusations (including some false ones to divert attention from what they really know) to the public. They will know that this leaves accusations of the other two, but there is no alternative.
Of course that is if this is true, I don't know. It could well be a scare tactic.
> I just wish they'd release what they have on Kaspersky. All they've given us is vague assertions.
That's probably what they have. But imagine you're a Government Official and the Member of The Press asks you: "Do you know that your office is running software produced by Russians? The same Russians that hacked our elections?! And not just by any Russians, but Russians with links with Russian Government, which includes Russian Military, Russian Intelligence Service and controls Russian Nukes?!"
Of course, you could start explaining that doing business with Russian government (aka "links") is not weird for a Russian company, especially a major one and near-monopoly on the local market, and you can not declare every Russian a spy just because Russian spies exist and sometimes even mess with some American interests, even though nothing of the sort happened in the election - you can try to do all that and earn a headline "Government Official N. Is Soft on Russia - Idiocy or Corruption?" And God forbid it turns out you visited an industry conference in Russia 3 years ago or attended, among other 500 people, a reception which (unknowingly to you) was paid by a Russian oligarch living in New York...
Or you can ban Kaspersky software - which has a bunch of viable local alternatives anyway - and earn a headline "Government Official N. is Exercising Reasonable Prudence in the Face of the Red Threat". Which one would you choose?
> They're doing this to promote American and European alternatives which can be manipulated by Western intelligence
Could be but more likely they are just opportunist and doing CYAing.
> It is just a "red scare" within the US DoD, and they aren't releasing technicals because they have no technicals.
Rem acu tetigisti.
> All I am asking for is "Here's a technical paper explaining exactly what we caught Kaspersky doing
>even though nothing of the sort happened in the election
you seem very certain of that, which appears to be at odds with the Mueller investigation and investigations undertaken on FB, Twitter and Reddit posts/ads from russian based accounts. So what exactly are you saying did not occur?
Ah, excellent, this demonstrates rampant confusion created in this area very well.
> Mueller investigation and investigations undertaken on FB, Twitter and Reddit posts/ads from russian based accounts
Ads most definitely happened. Though the valiant effort by Mueller's team is mostly wasted because a) publicly speaking about US politics while being Russian is not a crime, neither is astroturfing or failing to disclose vested interest (both are routinely done in advertising and politics), and trying to imply otherwise would run straight into the 1st amendment, which SCOTUS still has pretty healthy respect for; and b) even minor financial irregularities, that are crimes, which Mueller inevitably discovered (I mean, can you imagine a campaign run by thoroughly corrupt Russian government that won't have financial irregularities? even many US campaigns are full of them if you look close enough...) are not prosecutable since none of the perpetrators are anywhere US law can reach them.
However, the ads definitely existed. Moreover, it is also a definite fact that there were multiple hacks of both DNC and RNC computer systems, some of them might have been perpetrated by Russian groups. As a result of those, some dirty laundry definitely got aired.
> what exactly are you saying did not occur?
"hacking elections". Which is a commonly used phrase, and it is both vague and misleading. There is no indication that any component of electoral system per se was hacked, so direct meaning - implying the genuine voting preferences of Americans were subverted - is definitely false. We may only talk about persuasive effects of the Russian actions, but even then there's not much.
There is no indication that a minuscule-budgeted and hamfistedly-executed (I mean, have you seen them? they are hilariously bad) Russian ads changed anything in relation to the elections. The airing of dirty laundry that followed the email hacks may have had some influence, but it is in line of long-standing tradition of leaks and whistleblowing that has existed in US politics since forever - a lot of secret things become public eventually, to the major embarrassment of people who would rather not have them published. I haven't heard any of the leaks referred to as "hacking the election" - in fact, many are lauded as valiant efforts in informing public about the misdeeds of the powerful.
So summarily, nothing is left from the claim that "Russians hacked the elections" in any meaningful sense. The most one could claim is "Russians tried to influence the elections, mostly without success, but it is possible they uncovered some dirt on some of the politicians that may have influenced some voters".
Ah ok, so I agree that they didn't actively interfere with the voting process itself, however there still appears to have been collision between the trump campaign and foreign agents, which is illegal and is what the Mueller probe is looking into.
And Russians are using products produced by Google, the same Google that has deep relationship with government and military contracts. With your reasoning, every countriy should ban products of GAFA.
In that case we even know, that US companies are be forced to cooperate and are legally barred from reporting it. Any foreign government using commercial US software for sensitive information is at least reckless.
Well, it's not my reasoning, but in general same logic of course would apply to other governments - if some government perceives the US to be a hostile power, they would be wary of American companies and US-made hardware/software.
This is my exact question too. From my pretty shallow experience with cutting edge virus and malware research, Kaspersky Labs has been one of the most professional and cogent researchers. If you want to try to undercut a group as profoundly honest and useful as Kaspersky, you need a heck of a lot of evidence to back up your claim.
They're never going to give you that technical paper, not unless the Kaspersky story gets a lot bigger than a public ban on Kaspersky's software in USG networks. All you're asking for is for them to compromise sources and methods and reveal publicly the extent of what they know about Russian network SIGINT. It's not going to happen.
I don't think they much care whether the median HN commenter buys the narrative that Kaspersky has been suborned by Russian intelligence. The people whose opinions about this really matter --- from what I can tell, uniformly --- do buy that narrative.
At the same time releasing what exactly they know might itself seem problematic. Telling the other guy exactly what you know about his methods might not be the right choice as far as being an intelligence service goes.
But even all that aside, do you take a chance on a company like Kaspersky who operates inside an oppressive state where you know the government can assert some a powerful influence on its people with no recourse for their people to push back or go public (heck if they leave the country the outcomes don't look so good).... and pretend they're just like any other software company and proceed to install it on sensitive systems?
I think if there were no action the common response would be "OMG how can you play dumb and install that stuff at the DOD (or wherever)?"
I think the most telling thing is that the whole 'Kaspersky is evil' stuff started shortly after Kaspersky outed the "Equation Group" (which has always been implied to be the NSA) and the US Cyber Command, along with dozens of bits of malware created by them. The amount of damage outing our malware caused is really difficult to imagine. It certainly destroyed the malware's usefulness, likely led to conflicts with the hardware manufacturers the "Equation Group" was targeting, may have led to political conflict with the groups being targeted (which included for instance foreign media and banks), and much more. The explanation could be as simple as something between revenge and trying to make an example of any company that would out our malware.
Really?
You are asking a country that says -
- I have nukes and even used them, you can't
- I can do cyber warfare, you can't
- I can murder civilians, you can't
- I don't need to respect treaties, you must.
They don't need to have technical reasons though. As there are perfectly reasonable malware detection/intrusion prevention alternatives, the "sufficient risk" to justify this is really low. taking one that's not from an arguably autocratic also arguably adversary is a no brainer imho
If you know any Russians in the US, talk to them and see if they trust the developers back home to not be compromised in direct ways. If the feedback you get is ho-hum, then maybe it's okay, if the feedback you get is different, then think about why that might be the case.
Because if they are plugged in to the sw development industry in Russia they might have better insight into how things work there, hand in glove: at least a more nuanced perspective.
>>All I am asking for is "Here's a technical paper explaining exactly what we caught Kaspersky doing." If we got that and it held up, I'd be fully onboard.
You do not have to be onboard. Those that banned them, know what you're asking and then some. But let's ask this question: If Russia wanted, could they pressure Kaspersky to do Russia's dirty work? Fraud charges, tax fines...and outright assassinating a C level exec so the next one learns. Russians play by different rules, let's accept it, and software that could be controlled by them has no place in US Govt computers.
By that logic though, all foreign software should be banned. Heck, all non-source-code-audited software, even domestic should be banned. I mean, if they believe Russia interfered with US elections, what's the stop them from interfering with a US software company or getting enough influence to do so?
But it seems completely obvious to me that every release of additional information must by its very nature undermine the personnel, tools and techniques used to get that information. Occasionally that might need to be done, but to not mention these pretty clear counter-arguments seems shortsighted.
In this case, there's plenty of reporting of leaked reports about what is supposed to happen. TLDR: The Israeli's had access to Kaspersky's network and saw them accessing classified US document and passed that information back[1][2].
Who knows if that is true? If it is, and the Israeli's didn't agree to the leaks I imagine they'd be pretty unhappy.
It's also interesting that some five-eyes allies like Australia haven't[3] yet[4] banned Kaspersky, but other NATO allies have[5].
As for what the Israelis think they saw, Kaspersky had a totally reasonable explanation that made for a far less interesting story - aside from the report on the Israeli malware, which was pretty slick. I don’t have any specific information about Kaspersky (and I’m an anonymous internet comment, so I should not be given much weight anyway), but everything about Kaspersky’s version of the events is consistent with how AV companies work.
I just don’t buy it. Based on what I know about what kind of flimsy intel it takes to extrapolate to irrefutable proof to support what someone wants to be true, and how products in this space work (I have direct experience here, with competing products) it rings of chasing ghosts.
Personally, I think if Kaspersky is compromised, I don’t think it would be from the top down, but rogue insiders. And I don’t think they are unique in that regard.
There is indeed a catch 22 with providing proof. On one hand, you can’t burn an important intel source. On the other hand, we can’t take their word for it. Intel analysts never have the full story, and even with the best of intentions, their interpretations can be extremely wrong. According to Hayden, former Director of NSA, they were certain that Iraq had WMDs. According to him, it turns out that they were just wrong. Oops.
They're actively monitoring the CIA, FBI, and NSA because as far as large state actors go, these are very dangerous groups. Why shouldn't they look at every government spy agency including us if their job is to actually protect the computers installing their software?
Are they actively monitoring? Kaspersky's job is to stop known malware and make some guesses about potential unknown malware. Actively monitoring TLAs sounds like a waste of time/money in that scenario. TLAs will be more interested in specific targets and will likely know what protection they have to work around. If they need a specific solution for a specific person they can spend some time making sure Kaspersky doesn't detect it. (It's not that hard)
Virtually none of their customers will be safer if they did the monitoring. If anything widespread actually gets released, they'll likely know from telemetry.
Exfiltrate what? We're talking about unknown new vulnerabilities. They'd have to: 1. Find out which computer they're interested in. 2. Find out which files they're interested in. 3. Somehow figure out when they're not in a sandboxed, monitored lab. 4. Exfiltrate via public network.
Without testing ground and inside knowledge that doesn't sound easy considering any detection would cause... what we have now.
A normal office near which I worked had a malware lab with isolated and logged networking, actual green/red painted sides of the room, dedicated fancy storage, etc. They would know if anything's being uploaded by the AV. NSA likely has a much tighter setup.
And again - what's Kaspersky's gain in that situation?
You can exfiltrate whatever you want. By installing Kaspersky you've installed a program with root access that may or may not have a backdoor connection to the FSB. These antivirus applications scan for vulnerabilities and also send back telemetry data as well as hashes and maybe even the code of unknown executables.
They're talking about sanctions against the company[0] and have been advising US businesses in certain sectors move away. Not to mention trashing them on the news for months.
I agree with not using foreign AV on US Government computers. Even if for no other reason than the Russian government could storm into Kaspersky HQ and demand private keys to sign a malware update (e.g. right before a conflict).
I just want to see technical explanation for the ongoing negative PR against the company, particularly as it relates to private Western businesses and individuals. Why should I, as a technical person, advise my company to move away from Kaspersky with no technical information in hand? On the face of it Kaspersky is (was?) a well reputed and effective piece of defensive software.
So Assad was winning with non chemical weapons but every time he basically heard Obama or Trump was gonna leave him alone he gassed his own people just to invite retaliation.
And Russia made a long shot bet against the favorite candidate that all the polls said would win because, in the likely event that she won and found out, they would have a pissed off US President and public.
Predictable. No word yet on whether the evil witch floats or not.
The entire thing is a fairly transparent attempt to gin up some anti-russian sentiment in the wake of a growing presidential scandal under active investigation that keeps turning up damning evidence. At best it pulls the administration out of the fire for a few days but frankly all its doing is insisting the US is open for business until we find a big enough bus to throw you under for our own political gain.
Same with Huawei. Its difficult to cast an outright ban on import as anything less than telecom players waving their hands and crying red-scare to an audience of congressmen that are either old enough to remember duck-and-cover drills or ancient enough to have actually participated in some of the clandestine blacklisting and CIA funded government overthrow in central America.
The US generally isn't a topic open for criticism on HN. Which is fine, since it's a US site run by a US company, and never claims to be a bastion of free thought and critical thinking.
If you count military bases, Syria, Iraq, Afghanistan are the most recent ones that come to mind. Camp Bondsteel in Kosovo is another example
At least in the Crimea they had a referendum...
One can make semantic arguments about wether any of those are annexation, but speaking as an US citizen, I think it would be quite ignorant to ignore that the US consistently subverts the national sovereignty and territorial integrity of countries when it suits their needs.
Who needs proofs when it comes to Russia. It's mordor according to the american media and deep state. Everything that stems from it represents Dark Lord aka Putin. Let's just keep inventing stories about it until we all eventually believe our own lies. Maybe inventing more stories about how good we are and how evil they are will make our beliefs stronger like it has always worked throughout history.
The only specific thing I know is that a CIA contractor took some CIA tools home had Kaspersky installed, and had it setup to auto-submit samples, so naturally it detected the hacktools and submitted them...
But the implications have been that Kaspersky has been actively used to spy on US agencies and companies. But again no technical information has been published, which would be hugely damaging to Kaspersky's reputation.
There's three possibilities:
- They're right and Kaspersky is working for Russian intelligence (but the US aren't releasing technical information for unknown reasons).
- They're doing this to promote American and European alternatives which can be manipulated by Western intelligence (e.g. exclude state sponsored malware from definitions).
- It is just a "red scare" within the US DoD, and they aren't releasing technicals because they have no technicals. It is just playing Telephone between analysts using vague assertions and feeding off of one another (see Iraq War).
All I am asking for is "Here's a technical paper explaining exactly what we caught Kaspersky doing." If we got that and it held up, I'd be fully onboard.