Ramblings of an old Doc
a pattern is emerging
Published on October 7, 2017 By DrJBHL In Personal Computing

 

Spy vs. Spy vs. Spy. "Who's on first?"...one's tempted to ask.

How did it all get started? This incendiary piece. Summary:

"The unnamed contractor removed the material from the NSA and stored it on a home computer that ran a version of Kaspersky AV. The material, according to the unnamed sources, included "details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying, and how it defends networks inside the US." Sometime in 2015, the material was stolen by Russia-sponsored hackers who "appear to have targeted the contractor after identifying the files through the contractor's use" of the Kaspersky AV. The breach was discovered in the first three months of 2016.

The post continued:

US investigators believe the contractor's use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

Investigators did determine that, armed with the knowledge that Kaspersky's software provided of what files were suspected on the contractor's computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter." - WSJ

The history's a bit longer though:

In September 2015, Google Project Zero researcher Tavis Ormandy said his cursory examination of Kaspersky AV exposed multiple vulnerabilities that made it possible for attackers to remotely execute malicious code on computers that ran the software. If the hackers had knowledge the NSA contractor was using the Kaspersky AV, it's at least feasible they exploited those vulnerabilities or similar ones to identify the sensitive materials and possibly also steal them. - Ars Technica

They were subsequently patched, as were defects (similar) in other security software). In July 2016, along with Wikileaks material and actual hacking tools caused Congress to request material on Kaspersky from various agencies, and wanted to bar the Pentagon from using Kaspersky's software. Now, all agencies (the whole Federal gov't.) forbidden to use Kaspersky's software on any of its computers. 

My pov? Let's go back to the beginning: How did a contractor get the NSA files onto his computer (which also had Kaspersky software)? Seems to me NSA's security sucks, too...not just the whole leaky sieve that is the US government.

Some biographic info on Kaspersky: Eugene Kaspersky studied cryptography, programming and mathematics at an academy operated by the KGB, the FSB’s Soviet-era predecessor, then worked for the Ministry of Defense. Well, that's the way Russia works...

At the risk of angering Jafo, I'm not getting Kaspersky on my machines...not that I think the Russians give a tinker's damn about me, any more than any other American citizen.

 

Sources:

https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108

https://www.reuters.com/article/us-usa-kasperskylab-probe/exclusive-congress-asks-u-s-agencies-for-kaspersky-lab-cyber-documents-idUSKBN1AD2H0

http://www.chicagotribune.com/news/nationworld/ct-kaspersky-cyber-russia-spy-agency-20170703-story.html

http://www.politico.com/tipsheets/morning-cybersecurity/2017/07/26/whats-next-in-congress-for-the-pentagon-kaspersky-lab-ban-221535

https://arstechnica.com/information-technology/2017/10/the-cases-for-and-against-claims-kaspersky-helped-steal-secret-nsa-secrets/

http://thehill.com/policy/cybersecurity/350492-trump-admin-bans-kaspersky-software-in-federal-agencies

 

 

 

 


Comments (Page 2)
2 Pages1 2 
on Oct 08, 2017

Roswell actually happened in Kentucky. The aliens discovered whiskey then invented duck tape and named it Kentucky Chrome. That's what they found in Roswell, the aliens planted it so no one would notice how much whiskey they swiped.

on Oct 08, 2017

Gratified you all found the topic worthwhile my efforts.

on Oct 08, 2017

Au contraire, Doc.  

on Oct 09, 2017

DRJBHL,

Your efforts are always appreciated as I'm sure all will agree. Keep doing what you do best, keeping our collective heads screwed on straight.

on Oct 09, 2017


keeping our collective heads screwed on straight.

Most of the Collective's heads are screwed on straight... but yours?

When you go off on various tangents and waffle on a bit - orright, a lot - I have to wonder if you were missed when the 'screwing on' took place.   Not suggesting you're crackers or anything, but if I were you, I wouldn't hang around when people are looking for something to go with their cheese and whine.

Oh, and Doc, I do appreciate what you do.  I've gained some very useful information from reading your posts, so thanks a bunch for taking the time and effort for the great articles you bring us.

   

on Oct 09, 2017

starkers

missed when the 'screwing on' took place

It was crowded. So I waited until after lunch.   

on Oct 09, 2017

Ah, that was when you had fallen asleep on a full belly and the 'screwers' had moved on to the next queue.

on Oct 10, 2017


the_Monk is having a nice cold beer about now.

 

 

on Oct 11, 2017

You should find this interesting... the origin of the warning to the US government came via Israel.

https://www.usnews.com/news/technology/articles/2017-10-10/israeli-spies-found-russians-using-kaspersky-software-for-hacks-media

 

on Oct 11, 2017

Yeah, it's amazing just how on the ball Israel is when it comes to espionage, etc.  Not only is Israel often the first to expose spying and hacking to the world, it is pretty much on the ball with discovering what rogue nations are up to regarding the development of nuclear and other weapons of mass destruction.

on Oct 13, 2017

it just means no one has said anything about other security suite being exploited for similar effect. yet.

as for israel, they were hacking kaspersky and found someone else doing the same thing. bet they are real happy someone decided to tell the whole world about it, quite simply because kaspersky was founded by a russian. did us gov ban symantec over cert failures? nevermind the big contract just given out to equifax despite security failings.

on Oct 18, 2017

I feel like most of this is being blown way out of proportion. In the connected world we live in you really don't need to hack any one person to get their secrets. 

2 Pages1 2