Archive for Kaspersky

Kaspersky Denies It Pwned NSA Staffers Computer

Posted in Commentary with tags on November 16, 2017 by itnerd

The ongoing saga of under siege antivirus maker Kaspersky continues. When we last talked about this, the company had put out a report that said that it accidentally swiped NSA documents off a staffer’s computer. Well, they’ve now released a report that basically tries to paint a story that it wasn’t them who did the swiping. While you can read the report for the full details, the company now claims that Russian hackers installed software on the computer in question to access and steal sensitive data. On top of that, the company claims that the user of this computer disabled his Kaspersky antivirus software to install pirated software which led to additional pwnage. Thus the implication is that the US are mad at the wrong group of Russians.

I am really not sure this is going to make this issue go away as I have to think that their reputation is completely destroyed at this point. Thus while this report might make for some interesting reading for a bit, it won’t change anyone’s mind in terms of how the company is viewed.



Kaspersky Says It Obtained NSA Hacking Tool Source Code Via Their AV Software

Posted in Commentary with tags on October 26, 2017 by itnerd

Well, this doesn’t look good.

Kaspersky who is under siege because they are allegedly working with Russian spies, and who have spent months denying that had to admit to something that will make them look like they are working with Russian spies. They have admitted that it obtained the source code of National Security Agency (NSA) hacking tools via anti-virus software running on a PC in the US. They put out a statement that detailed what they found when they looked into the claims that they were responsible for stealing these tools. In short, they found that they did steal these tools because the Kaspersky AV software running on the PC in question thought it was a new and different strain of the Equation malware source code. So it promptly scooped it up and sent it back to Mother Russia for analysis.

The bottom line from the company: We did it but it was accidental.

I’m not sure that’s going to calm the waters here seeing as this plays into part of the narrative that Kaspersky are the bad guys. So I suspect that if they want to get people to trust them again, they are likely going to need to do better than this.




Should You Uninstall Kaspersky From Your Computer?

Posted in Commentary with tags on October 12, 2017 by itnerd

With the revelation that Russian spies have been using the beleaguered Kaspersky anti-virus software for years to troll for secrets, the question is, should you uninstall it from your computer or is it safe to leave on your system.

My answer would be to uninstall it. Instructions on how to do that can be found here.

Here’s my logic. Despite the company’s repeated denials of any connection to the Russian government, it doesn’t make sense to have this potentially dangerous piece of software on any system that you own given what we now know. Now let me be clear, the chances are low that Russian spies are going to be targeting you. But why take that chance? Dump it and be safer.

Besides, there’s a ton of other AV software that’s out there. If you run Windows 10. For Windows 7, look at downloading Microsoft Security Essentials. If you run Windows 8 or later, you get Windows Defender as part of the OS. On the Mac side, macOS does come with rudimentary malware protection. But I tend to recommend Sophos Home For Mac as that is pretty lightweight and provides great protection.

Oh, by the way, all the above won’t cost you anything more than your time as they are all free.

The fact is that given what we now know about this situation, you have to assume the worst and protect yourself accordingly. Perhaps this is paranoia at work here. But these days you can never be too careful.



Israeli Spies Pwned Kaspersky & Caught Russian Spies Using AV Tool To Pwn Others

Posted in Commentary with tags on October 11, 2017 by itnerd

This isn’t going to be good news for Kaspersky who has been battling accusations that their anti-virus software is used by Russian spies to spy on the west. According to the New York Times, Israel pwned Kaspersky. In the process of doing that, they discovered that Russian spies were using the anti-virus software as a gateway to pwn others:

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

How do we know that it was Israel? Well, there’s this:

Kaspersky Lab did not discover the Israeli intrusion into its systems until mid-2015, when a Kaspersky engineer testing a new detection tool noticed unusual activity in the company’s network. The company investigated and detailed its findings in June 2015 in a public report.

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010.

Kaspersky reported that its attackers had used the same algorithm and some of the same code as Duqu, but noted that in many ways it was even more sophisticated. So the company researchers named the new attack Duqu 2.0, noting that other victims of the attack were prime Israeli targets.

Among the targets Kaspersky uncovered were hotels and conference venues used for closed-door meetings by members of the United Nations Security Council to negotiate the terms of the Iran nuclear deal — negotiations from which Israel was excluded. Several targets were in the United States, which suggested that the operation was Israel’s alone, not a joint American-Israeli operation like Stuxnet.

If this report is accurate, then Kaspersky is done like dinner in most places on planet Earth. There’s no way that anyone will install their software. Though I will say that the employee who got pwned by Russian spies needs a kick in the you know where for allowing this to happen.

There’s also one other thing. Since a nation state or anyone else pwning anti-virus software so that they can use it as a bride to pwn a network has gone from being theory to fact, anti-virus vendors are going to let a lot less people look at their code. Symantec was the first to do this with its CEO Greg Clark telling Reuters this week it will no longer let governments inspect its source code. That will help, but seeing as the Russians and Israelis were in the Kaspersky network for up to 2 years, it cannot be the only line of defense.

Meanwhile, let us watch the fall of Kaspersky as I cannot see a scenario at this point where they survive this.

BREAKING: US Government Bans Kaspersky Software

Posted in Commentary with tags on September 13, 2017 by itnerd

The ongoing battle between the US Government and Kaspersky software took a new turn today. The Washington Post is reporting that the latter has been banned from the US government over fears of espionage:

Acting Homeland Security Secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal government networks while giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

Now this has been going on for months as evidenced by these posts on the subject. But this is a major escalation. And one that is sure to get a response from not just the software company, but the Russian government too. In terms of the former, this is what they had to say:

In a statement to The Washington Post on Wednesday, the company said: “Kaspersky Lab doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company. The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it’s being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts.

“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia,” the firm said.

I would recommend watching this story as it’s going to get interesting. Very interesting.

Kaspersky Punted From Feds List Of Approved Vendors

Posted in Commentary with tags on July 13, 2017 by itnerd

Following up on this story from yesterday which suggested that Russian antivirus company Kaspersky had ties to Russian intelligence, it seems that Kaspersky has a full blown crisis on its hands as it has apparently been removed from the US government’s list of approved vendors:

The delisting represents the most concrete action taken against Kaspersky following months of mounting suspicion among intelligence officials and lawmakers that the company may be too closely connected to hostile Russian intelligence agencies accused of cyber attacks on the United States.

Kaspersky products have been removed from the U.S. General Services Administration’s list of vendors for contracts that cover information technology services and digital photographic equipment, an agency spokeswoman said in a statement.

Here’s why this happened:

The action was taken “after review and careful consideration,” the spokeswoman said, adding that GSA’s priorities “are to ensure the integrity and security of U.S. government systems and networks.”

Translation: We don’t trust Kaspersky.

You have to wonder how much of this comes from actual proof that the company and how much comes from politics? Either way, it’s not a good situation.

If You Run Kaspersky Products, You MAY Want To Switch To Something Else

Posted in Commentary with tags on July 12, 2017 by itnerd

Bloomberg has made a stunning accusation that Russian based antivirus company Kaspersky has a tight relationship with the FSB which is the Russian spy service. And I do mean TIGHT:

Internal company emails obtained by Bloomberg Businessweek show that Kaspersky Lab has maintained a much closer working relationship with Russia’s main intelligence agency, the FSB, than it has publicly admitted. It has developed security technology at the spy agency’s behest and worked on joint projects the CEO knew would be embarrassing if made public. The previously unreported emails, from October 2009, are from a thread between Eugene Kaspersky and senior staff. In Russian, Kaspersky outlines a project undertaken in secret a year earlier “per a big request on the Lubyanka side,” a reference to the FSB offices. Kaspersky Lab confirmed the emails are authentic.

The software that the CEO was referring to had the stated purpose of protecting clients, including the Russian government, from distributed denial-of-service (DDoS) attacks, but its scope went further. Kaspersky Lab would also cooperate with internet hosting companies to locate bad actors and block their attacks, while assisting with “active countermeasures,” a capability so sensitive that Kaspersky advised his staff to keep it secret. In this case, Kaspersky may have been referring to something even more rare in the security world. A person familiar with the company’s anti-DDoS system says it’s made up of two parts. The first consists of traditional defensive techniques, including rerouting malicious traffic to servers that can harmlessly absorb it. The second part is more unusual: Kaspersky provides the FSB with real-time intelligence on the hackers’ location and sends experts to accompany the FSB and Russian police when they conduct raids. That’s what Kaspersky was referring to in the emails, says the person familiar with the system. They weren’t just hacking the hackers; they were banging down the doors.

Given the current political climate in the US, this is simply stunning if true as Kaspersky products are extremely popular. But it’s a safe bet that with this news, Kaspersky products may become very unpopular very quickly. Thus it won’t shock you that the company has issued a statement in response to Bloomberg’s report. Here’s part of it:

Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime. In the internal communications referenced within the recent article, the facts are once again either being misinterpreted or manipulated to fit the agenda of certain individuals desperately wanting there to be inappropriate ties between the company, its CEO and the Russian government, but no matter what communication they claim to have, the facts clearly remain there is no evidence because no such inappropriate ties exist.

So, what’s true and what’s “misinterpreted”? Who knows, but it’s a safe bet a lot of people are trying to find out as we speak.