Russian government hackers exploited antivirus software to steal U.S. cyber capabilities

[red_elk]

I think the main risk is that due to being located in Russia, Kaspersky is vulnerable to pressure from Russian government, which may indeed have nothing to do with "hacking". As far as I understand, most(?) antiviruses create a depository of users' files in a cloud. Kaspersky may have been forced to give up access to this depository - either through threats, extortion or bribery. In short, this is a vulnerability that would have nothing to do with the code of their products, which could very well be up to every industry standard.

So, we are in agreement.
If a leak of classified information was due to legitimate activity of antivirus, Kaspersky can't be blamed for that.
Vulnerability in this case would be on users side - regardless of antivirus they should not let their secrets be uploaded in a cloud.

 

[Yeekim]

So, we are in agreement.
If a leak of classified information was due to legitimate activity of antivirus, Kaspersky can't be blamed for that.

Why couldn't they be blamed for giving a third party access to files this third party shouldn't have access to?

Yes, it would be extremely unprofessional/stupid for anyone in possession of confidential info to make such info accessible to Kaspersky in the first place.
Which is why it makes sense for US authorities to refrain from using their product - not because their product might not act as advertised, but because it behaves exactly like advertised.
I agree though that "Russian government hacking" is a lazy way to describe the risk.

 

[hobbsyoyo]

If the first part is true, it makes complete sense to presume that Russian intelligence would wish to exploit this.

It's not a question of if - this is fundamentally how anti-virus software works, which is why they have the potential to be so damaging. I've pretty much stopped listening to people who claim there's no evidence the Russians are messing with Kaspersky AV software. There's still people claiming there's no evidence of Russian meddling in our election too.

The fact that there's such an easy backdoor route for Russian spies to access everyone's networks should be a major cause for concern and prompt some sort of action even if there is no evidence of it having happened.

 

[red_elk]

Why couldn't they be blamed for giving a third party access to files this third party shouldn't have access to?

They could be blamed in case if they did it.
By your logic, just because Microsoft is an American company, we can automatically assume it is leaking Russian intelligence secrets to US government, through their operating system.

Yes, it would be extremely unprofessional/stupid for anyone in possession of confidential info to make such info accessible to Kaspersky in the first place.
Which is why it makes sense for US authorities to refrain from using their product - not because their product might not act as advertised, but because it behaves exactly like advertised.

No, their problem is not in the fact that they used Kaspersky software. If they used British or Chinese antivirus instead, they would have the same security issue.

The fact that there's such an easy backdoor route for Russian spies to access everyone's networks

Again, if antivirus has backdoor granting unauthorized access to your private network or files, it can be detected.
In fact, giving current media scandal, it's pretty much guaranteed that Kaspersky products behavior was analyzed by security specialists in all details. What kind of information it sends, where, etc.

 

[Ryika]

It's not a question of if - this is fundamentally how anti-virus software works, which is why they have the potential to be so damaging. I've pretty much stopped listening to people who claim there's no evidence the Russians are messing with Kaspersky AV software. There's still people claiming there's no evidence of Russian meddling in our election too.

The fact that there's such an easy backdoor route for Russian spies to access everyone's networks should be a major cause for concern and prompt some sort of action even if there is no evidence of it having happened.

It's one thing to say that there is a danger from ANY AntiVirus software, which is entirely reasonable. It's also reasonable to not use AV products from Russia for government agencies just in case Russia has a way to take influence.

It's another thing to say that Russia "did this successfully" and even that Kaspersky had an active part in it, especially when the people who claim this to be the case are as vague as possible to make it as hard as possible to actually test their claims. And when the people who were hacked have already proven themselves to be morons who don't know how to not open themselves for hacks of any kind. How do you not see how ridiculous it is to just believe this?

 

[Yeekim]

No, their problem is not in the fact that they used Kaspersky software. If they used British or Chinese antivirus instead, they would have the same security issue.

Chinese - yes.
British - yes in theory. In practice, I'd say Brits are a lot less likely to spy on their allies and I believe British companies to be better protected against underhanded pressure from their government than Chinese or Russian ones.

 

[Zelig]

If one was worried about Israeli government being interested in their hidden data, it would be eminently sensible to avoid IT-security products from Israel.

Like Intel processors? Good luck with that.

I've pretty much stopped listening to people who claim there's no evidence the Russians are messing with Kaspersky AV software. There's still people claiming there's no evidence of Russian meddling in our election too.

Bad equivalence, since the first group includes security experts (see Graham Cluley, for one), the second group includes only quacks.

 

[red_elk]

Chinese - yes.
British - yes in theory. In practice, I'd say Brits are a lot less likely to spy on their allies and I believe British companies to be better protected against underhanded pressure from their government than Chinese or Russian ones.

You didn't understand my point.
In described situation, their problem is security malpractice. Because antivirus should not be able to access sensitive information and upload it anywhere. Regardless if it's Russian or British.
British company might just as well sell this information to anybody including Russian intelligence.
The solution would be to fix security breach, and if they didn't, they should blame themselves instead of antivirus whose only fault is that it's doing its job properly.

 

[Yeekim]

Like Intel processors? Good luck with that.

Might be unfeasible due to Intel's market position? I don't think it invalidates my point though.

 

[plarq]

Those who use Kaspersky have trust in Russian government by default. It is no news that Kaspersky Labs are related with FSB and cracking down cybercrimes in Russia.

 

[Zelig]

Those who use Kaspersky have trust in Russian government by default. It is no news that Kaspersky Labs are related with FSB and cracking down cybercrimes in Russia.

Those who use Symantec have trust in American government by default. It is no news that Symantec Corporation are related with FBI and cracking down cybercrimes in America.

 

[red_elk]

I definitely have more trust in Russian government than in American one - but I'm also sure that neither of them is interested in spying into my personal files

 

[plarq]

That is for sure.

Those who use Symantec have trust in American government by default. It is no news that Symantec Corporation are related with FBI and cracking down cybercrimes in America.

That is also quite true.

I definitely have more trust in Russian government than in American one - but I'm also sure that neither of them is interested in spying into my personal files

The problem is that Chinese and Russian governments are only interested in security, while the US government is also interested in your tax return...

 

[uppi]

Chinese - yes.
British - yes in theory. In practice, I'd say Brits are a lot less likely to spy on their allies and I believe British companies to be better protected against underhanded pressure from their government than Chinese or Russian ones.

Err...where have you been living the last 5 years? The Brits were quite heavily involved in all those spying-on-allies operations that have been revealed.

 

[FriendlyFire]

So, we are in agreement.
If a leak of classified information was due to legitimate activity of antivirus, Kaspersky can't be blamed for that.
Vulnerability in this case would be on users side - regardless of antivirus they should not let their secrets be uploaded in a cloud.

In Soviet Russia, Retrieving classified and personal information then uploading it to cloud is fault of user
Again Russians government hackers used a backdoor in Kaspersky to search for documents and then steal them

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

known to have stolen classified documents from a National Security Agency employee

provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.

The question is how complicit is Kaspersky was with Russians hacking
Given that Kaspersky was widely suspected of assisting Russian intelligence well before this incident, the backdoor might well have been placed there deliberately

Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems. They provided their N.S.A. counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.

 

[Zelig]

In Soviet Russia, Retrieving classified and personal information then uploading it to cloud is fault of user

This is a vacuous statement. This is how AV works. Nothing to do with Russia.

Again Russians government hackers used a backdoor in Kaspersky to search for documents and then steal them

A security flaw is not a "backdoor".

 

[red_elk]

In Soviet Russia, Retrieving classified and personal information then uploading it to cloud is fault of user

Yep, if user gave consent to uploading his information on the cloud, it's his fault.
Antivirus searches for malware, it has no idea whether this malware classified or not.

Again Russians government hackers used a backdoor in Kaspersky to search for documents and then steal them

Nope, they didn't. If there is a backdoor, it can be proven by audit.
Kaspersky essentially placed his company as a bet.

 

[Yeekim]

Those who use Symantec have trust in American government by default. It is no news that Symantec Corporation are related with FBI and cracking down cybercrimes in America.

https://www.rt.com/news/402511-putin-foreign-software-security/

 

[red_elk]

https://www.rt.com/news/402511-putin-foreign-software-security/

That's what US should have done if they were indeed concerned about security.
Without hysteria and name calling.

 

[Zelig]

https://www.rt.com/news/402511-putin-foreign-software-security/

Politics on both sides. I don't particular care what people who aren't security experts have to say on the topic of security.

As the saying goes "There are two types of actions when it comes to security - those that make us look secure, and those that actually improve security."