Is It Lights Out For Kaspersky After Latest NSA Disaster?

[tao]

How long can Kaspersky survive the assault on its business in America?

 

It's already been thrown out of Best Buy stores, is close to being expelled from U.S. government networks and even private industry are being told to stop using the Russian company's anti-virus tools. Then yesterday another bombshell, the biggest so far regarding the company's alleged links to Russian government hackers: an NSA employee was compromised by Russians who allegedly used Kaspersky to determine there were files of interest related to the intelligence agency's cyber operations on the victim's computer.

 

Nail after nail has been put in Kaspersky's American coffin, but is it going six feet under on these shores? Not yet. There's enough wiggle room left open by the reporting, largely and understandably based on anonymous sources, for the Russian security giant, led by billionaire CEO Eugene Kaspersky, to keep alive. Just.

 

To recall the accusations in the WSJ's report: in 2015 a substantial but unspecified number of files were stolen from an NSA contractor's PC. The hackers were alerted "to the presence of files that may have been taken from the NSA," the report noted, citing according to anonymous sources.

 

A subsequent Washington Post article confirmed this leak, the third major breach of sensitive NSA data in the last decade after the Edward Snowden and Harold T. Martin III incidents, the hacked party was a Vietnamese national who worked in the NSA's elite hacking division, Tailored Access Operations. Previous reports suggested he was a contractor. The government investigation is ongoing.

 

A billionaire's fury

 

There's little detail on what role Kaspersky or its software played in the breach. In the worst case scenario for Kaspersky, it would've actively colluded with the Russian government, purposefully passing on data collected by its antivirus systems to pinpoint which computers contained NSA cyber tools, most likely those it researched, such as those produced by the Equation Group. Kaspersky Lab was the first to detail the tools of that latter crew, widely believed to belong to the NSA and which a shady crew called the Shadow Brokers claimed to have stolen. The group subsequently leaked cyber tools, most notoriously those targeting Microsoft Windows that ended up being adapted to spread the WannaCry ransomware.

 

Or it may be that whoever hacked Kaspersky in 2015 managed to pilfer that information and pass it on to the Kremlin's digital sleuths. The hackers might also have exploited Kaspersky as a way into the contractor's PC; researchers have found multiple vulnerabilities in the anti-virus in recent years, including recent finds by Google and one hole that tricked Kaspersky into funnelling stolen data out of a hacked computer via its own cloud. Finally, it's possible Russian spies intercepted the data after it was flagged on the user's PC by Kaspersky and sent to the company's Russian servers for analysis, a typical process in anti-virus systems.

 

But there's no evidence indicating any of those three scenarios happened, and Eugene Kaspersky, who's repeatedly been the subject of reports linking him to Russian intelligence agencies, didn't give much credence to them. Quite the opposite.

 

Not long after Thursday's story broke, the chief issued another vociferous response, having previously defended his company and his reputation on Forbes. He labelled the report "sensationalist," and at the heart of his defense was his note that Kaspersky has to have deep access to a computer's files in order to determine what was malicious. It appeared to the CEO that a Kaspersky tool did its job in finding possible NSA malware (he also cited the Equation Group research, but didn't link it to the agency) and that some added "fictional" information made it seem like the company was somehow complicit in helping Russian government hackers.

 

"While protecting our customers, we do – as any other cybersecurity vendors – check the health of a computer. It works like an X-ray: the security solution can see almost everything in order to identify problems, but it cannot attribute what it sees to a particular user," he wrote. "If our technologies detect anything suspicious and this object is identified as malware, in a matter of minutes ALL our clients no matter who and where they are, will receive protection from this threat.

 

Citing a tweet from former GCHQ cyber specialist Matt Tait that Kaspersky could've simply detected NSA spy tools on the infected computer, the CEO added: "The new allegations look to me like that: someone just took this process of how we deal with a threat, added some fictional details, and here we go – the new C level movie script is ready."

 

Kaspersky also issued an official response, questioning the anonymous sources in the WSJ report and reiterating it had no inappropriate ties to government. "The only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight," the company said.

 

Western defenders?

 

But Kaspersky isn't definitively done in America. It has its supporters in the west, despite the government's apparent antipathy. Former NSA staffer and long-time cyber specialist for the U.S. government, Jake Williams, said the allegations were "certainly damning if true." But he feared confirmation bias on behalf on the analysts who looked into the hack of the contractor's PC.

 

"I would be skeptical of any forensic analyst who says they can tie the theft of files on the machine to Kaspersky software. Now if the intelligence community has additional collection that proves those files were collected by Kaspersky, then that's something else entirely," Williams told Forbes.

 

"As it stands, this sounds like it could be a case of confirmation bias. The contractor took classified documents home, those documents were found to have been compromised, and when it was discovered they were running Kaspersky on their machine an analyst said 'aha, it was Kaspersky that enabled hackers to compromise the machine.'"

 

Thomas Rid, a professor at Kings College London who's worked alongside Kaspersky researchers, concurred there weren't enough facts to kill Kaspersky. "Not if you're assessing the evidence on its merits," he added. "But that is so old-fashioned."

 

< Here >

 

 

[knowledge-Spammer]

i think it is Lights Out For Kaspersky in usa now lets see  what good it do

[steven36]

Quote

linuxlady01 3 points 21 hours ago

A computer that holds nsa top secret tools that runs antivirus ???!!! Did they run windows and surf the net while doing work classified work too ? Facepalm so sad !

 

Quote

highlow33 6 points 21 hours ago

Honestly it wouldn't surprise me from my experiences with "top" FBI security "experts". I think those positions rely more on being able to lie convincingly and telling the higher ups what they want to hear while also good at throwing people under a bus.

 

Quote

linuxlady01 2 points 21 hours ago

Omg! I wish you were kidding, that's actually scary. Glad I don't work for them, that sounds like a horrible work environment.

 

Quote

Cmdr-data 5 points 21 hours ago

It was his home computer.

 

Quote

linuxlady01 3 points 21 hours ago

What the actual f*ck ! That's our governments bad imo. How do we know that he didn't just sell the knowledge and blame a politically popular target?

Quote

Hellman109 1 point 16 hours ago

Exactly, he could have sold those secrets and used a scapegoat.

 

 

 

[pc71520]

Relevant Thread

[Jogs]

Many times OSes are compromised to hack someones computer, does that mean everyone stops using the OS? Then, Windows and Android should then be thrown out of every PC and mobile.

[straycat19]

19 hours ago, adi said:

I would be skeptical of any forensic analyst who says they can tie the theft of files on the machine to Kaspersky software.

 

I would be skeptical also, if I didn't know anything about forensics, and wasn't aware of what all those unseen little 0s and 1s can tell a forensic investigator.  I didn't get to see that computer but I know from experience that scanners/systems produce log files, and those files can contain file names, and the log files can also tell an investigator when they were accessed.  Then there are other log files that can tell an investigator where the access came from by correlating the date/time of the access and the connections at that time.  What you can't see those log files?  Probably not, which is why a forensic image is take of the drive and then special software is used to pick up pieces of files that are left in currently unused areas of the drive.  I have been able to recover data off a drive that was deleted 6 years prior to the incident that resulted in the drive being collected.  Sometimes it requires looking at a bunch of gibberish before  you see one or two sentences or phrases and as you continue reading more data comes to light.  When all the data is put together a definitive picture can be made of who, what, where, and when.  It's not that the investigator has psychic powers, just that the software used has become so advanced that there is very little that can be hidden on a computer in this day and age.

[Whoopenstein]

I'm thinking the governments listen in on the same addresses that software uses to update their definitions. It probably has nothing to do with Kaspersky. Although it's kind of funny that the names of files scanned should be uploaded with statistics. Then again, if a file sets off the AV, the name is probably uploaded. Maybe the guy had some special tools in his files.

[banned]

In today's day and age it's common practice for AV vendors to constantly collect data and phone home. But what difference does it make when your OS already does the same thing... Don't trust Kaspersky? Who DO you trust?

[steven36]

12 hours ago, banned said:

In today's day and age it's common practice for AV vendors to constantly collect data and phone home. But what difference does it make when your OS already does the same thing... Don't trust Kaspersky? Who DO you trust?

I guess that sort up too you and who do you trust  and were you are from. Many  people from the USA  rather have there own government snooping on them than a outside government doing it . I rather not have nether  spying on me .Not everyone trust Microsoft with there Info so they use Linux . Many privacy lovers don't use windows at all . But there is just as much chance of you getting hacked visiting some website as using Kaspersky as a home user.

 

But  fact is regardless if any of it true are not,  the damage is all ready done  and i don't never think Kaspersky will ever be able too recover from this in the USA from what i hear from others in the USA . They  don't want too use it because its not in there best interest too be spied on or hacked by outside entities .  Them saying they still have people in the USA  that support them ,blah, blah, blah is just words and don't heal the damage already done witch made lots of people think about should they use there products or not as far as the people in the USA go.

[knowledge-Spammer]

people say Kaspersky will never  be able too recover   i think it will recover    not in the usa but  will recover    for me i like to just have kis for russia and let people from usa use things like windows defender and no good things like that or norton  if people want to feel safe then sure use a usa program if u think it make u more safer sure do as u think is best 

[steven36]

20 minutes ago, knowledge said:

people say Kaspersky will never  be able too recover   i think it will recover    not in the usa but  will recover    for me i like to just have kis for russia and let people from usa use things like windows defender and no good things like that or norton  if people want to feel safe then sure use a usa program if u think it make u more safer sure do as u think is best 

That's the problem  China don't trust the USA  or Russian software  and everything from the USA that is used in Russia  already has to be audited and passed by you're Government to even be used there.. no one trust no one . But the media  are the ones who hurt Kaspersky the most in the USA  rumors spread like wildfire.

[knowledge-Spammer]

2 minutes ago, steven36 said:

That's the problem  China don't trust the USA  or Russian software  and everything from the USA that is used in Russia  already has to be audited and passed by you're Government to even be used there.. no one trust no one . But the media  are the ones who hurt Kaspersky the most in the USA  rumors spread like wildfire.

But the media  are the ones who hurt Kaspersky the most in the USA

its ok  we all see what usa is doing   we have are turn  to hurt  usa   all the times usa media   say russia hackers 

i do not think usa boss understand what can happen when play games like this  with no real proof and lies

but its ok we wait  for are go to hit back   sad games  all this for what ?

[steven36]

6 minutes ago, knowledge said:

But the media  are the ones who hurt Kaspersky the most in the USA

its ok  we all see what usa is doing   we have are turn  to hurt  usa   all the times usa media   say russia hackers 

i do not think usa boss understand what can happen when play games like this  with no real proof and lies

but its ok we wait  for are go to hit back   sad games  all this for what ?

Norton is no threat  anymore  they have a very small  home user base even in the USA. The big threat remains the same too all 3rd party Anti-malware.  It is another one in the USA is called Windows Defender no one even has to install it  , it's free and  made by the same company that makes Windows and Most Windows 10 fanboys love it .  3rd party Anti-malware  has done had it's rain on earth and is slowly being replaced by baked in products .

[knowledge-Spammer]

2 minutes ago, steven36 said:

Norton is no threat  anymore  they have a very small  home user base even in the USA. The big threat remains the same too all 3rd party Anti-malware  is another one in the USA is called Windows Defender no one even has to install it  , it's free and  made by the same company that makes Windows and Most Windows 10 fanboys love it .  3rd party Anti-malware  has done had it's rain on earth and is slowly being replaced by baked in products .

but norton still have backdoors no ?

all windows 10 users use Windows Defender  no ?

it's free and  made by the same company that makes Windows  and windows not spy on users no ?

kis was just looking for bad code or hacking tools   and make sure its users are safe    when people say or said kis takes the hacking tools  who make them tools not kis  and yet kis is the bad guys  funny how people think

 

[steven36]

36 minutes ago, knowledge said:

but norton still have backdoors no ?

all windows 10 users use Windows Defender  no ?

it's free and  made by the same company that makes Windows  and windows not spy on users no ?

kis was just looking for bad code or hacking tools   and make sure its users are safe    when people say or said kis takes the hacking tools  who make them tools not kis  and yet kis is the bad guys  funny how people think

 

None of this matters like what Banned  said Windows  is all ready spying on us , so why would it matter  if you're antivirus does? If you was really worried about the USA spying on you would not be using windows no way .

 

You're Government may audit what they use in Government but the stuff  you download from vendors off the good old WWW  has not been audited . We as consumers can't really audit software unless it's open source we don't have the same benefits as Government  and we could be installing anything and that's  why they have a TOSS for you too read before you install it and if you do it's on you then.

 

People  sold there privacy out too Google ,  Facebook and others years ago for a like button , free info and programs . The ones who care about privacy is maybe 1 out of  10 users and Microsoft was late too the party is all.  And hardly no one reads the TOSS before they use stuff on the web or  install  stuff  but when they hit agree they agreed to  it.

 

 

[knowledge-Spammer]

y usa not remove kaspersky from this page ?

https://support.microsoft.com/en-gb/help/18900/consumer-antivirus-software-providers-for-windows

 

[tao]

Because Kaspersky anti-virus is rated at the top -- the best, perhaps.  And who doesn't like the best?  

[sam3971]

2 hours ago, knowledge said:

y usa not remove kaspersky from this page ?

https://support.microsoft.com/en-gb/help/18900/consumer-antivirus-software-providers-for-windows

 

 

They are not going to remove it here because M$ still has Kaspersky as an authorized partner. The only difference is that Kaspersky was removed from Gov machines and the FBI is recommending the private sector to stop using it. M$ can still push whatever they want.

[UnknownOne]

Maybe it's time for an open source anti virus / malware.. when this happen I will use one, until then If I had to choose I would use the one's the government's don't want you too

[BioHazard]

I will continue to use Kaspersky  and don't care about what US government says  

[pc71520]

52 minutes ago, BioHazard said:

I don't care about what US government says.  

Count me in.

[nIGHT]

On 10/7/2017 at 9:46 PM, straycat19 said:

 

I would be skeptical also, if I didn't know anything about forensics, and wasn't aware of what all those unseen little 0s and 1s can tell a forensic investigator.  I didn't get to see that computer but I know from experience that scanners/systems produce log files, and those files can contain file names, and the log files can also tell an investigator when they were accessed.  Then there are other log files that can tell an investigator where the access came from by correlating the date/time of the access and the connections at that time.  What you can't see those log files?  Probably not, which is why a forensic image is take of the drive and then special software is used to pick up pieces of files that are left in currently unused areas of the drive.  I have been able to recover data off a drive that was deleted 6 years prior to the incident that resulted in the drive being collected.  Sometimes it requires looking at a bunch of gibberish before  you see one or two sentences or phrases and as you continue reading more data comes to light.  When all the data is put together a definitive picture can be made of who, what, where, and when.  It's not that the investigator has psychic powers, just that the software used has become so advanced that there is very little that can be hidden on a computer in this day and age.

 

Very true. A simple firewall can log the the protocol, local and remote ip., the corresponding program using the connection, time and many more.

There are softwares that also help "sniff" the actual data and files these programs are accessing and sending to the web, and logging all the details of local and remote ips and the duration of the connection, the type of connection, time of file access, etc.

They come in so many forms like firewalls, proxy, anti-malware/security/hips, or just a MITM appliance.

You don't need to be a forensic expert just to see and understand how these things connect to one another.

What he is saying above is when an actual disassembly of the program will reveal its guilt or innocence, if it has included a hidden code for backdoor/hacking of the victims computer to where this software was installed..

But even on a user level knowledge, with the use of scanner software mentioned above, one can also tell whether these dots connect. Might!

Note that if it reveals its innocence on a user level way, this doesn't mean it doesn't have a hidden code for backdoors when thoroughly dissassemble and analyze. User level way is only useful to prove its guilt and not of its innocence, so trust the forensic expert on this..

In short, straycat19 knows a lot about forensics and he is just being very nice in his reply while trying to educate us. I like this guy.

straycat19 is one of the NO BS member here, he is frank and straight to the point, so listen to his recommendation.

"Believe the one showing you a solid proof, through disassembly and analysis/forensics of code and logged data, than just empty words."

[knowledge-Spammer]

it will be Lights Out forUS media in russia soon if usa keep trying to hit  rt

and the internet censorship starts

 

[RejZoR]

So much drama for nothing. It's lights out for Kaspersky only for idiots who don't understand how things work. Of course Kaspersky cooperates with Russian version of NSA. Kaspersky is Russian company. Do you people think McAfee, Symantec or Microsoft don't work with FBI, CIA and NSA as an American security companies? Of course they do. Do you see Russian officials going mad over people using American security products? I don't. It's how security firms operate if they want to be efficient at catching cyber criminals. It's just funny to observe people going mad over Kaspersky doing the same thing EVERYONE else is doing. But Russia is bad and USA saves the world? No, they can all be equally dirty and equally as trusted. I know Eugene Kaspersky from professional work (not in person) and I know he's a top notch security expert employing one of the most brilliant security minds. Pretending otherwise is just retarded and shows massive ignorance. The only others running around panicking are the retarded mainstream media which is so dumb I'm surprised anyone actually still watches those idiots...

 

If you like Kaspersky, keep using it. They know their stuff and they have quality programs. If you don't trust Kaspersky, then neither should you Symantec or McAfee...

[pc71520]

19 hours ago, RejZoR said:

Do you people think McAfee, Symantec or Microsoft don't work with FBI, CIA and NSA as an American security companies?

Of course they do.

Well, Uncle Sam forgot about it...

19 hours ago, RejZoR said:

If you don't trust Kaspersky, then neither should you trust Symantec or McAfee...

 

19 hours ago, RejZoR said:

But Russia is bad and USA saves the world?

According to Hollywood...