Russian spying tales using Kaspersky.
How Israel Caught Russian Hackers Scouring the World for U.S. Secrets
https://www.washingtonpost.com/world/na ... story.html
https://www.consumerreports.org/privacy ... ata-hack-/
https://www.tomsguide.com/us/is-kaspers ... 25983.html
.
Is Kaspersky Antivirus a spy platform?
Hi perdido.
It looks a lot like defamation or a smear tactic. It's as old as the world. Of
course, this being a spy story, no real examples or proof or evidence can
be released to the public for security reasons. (Ha-ha.So what else is new.)
Hey let's start a rumor ! How about... "Consumer Reports and the White
House are like peas in a pod." So the White House told CR to write an
article to smear Karspersky software.
See. That was so easy. You just say it, no proof needed.
As to the reasons, well, let's get our imagination going. Maybe:
-- pres. Trump thinks Kaspersky is bringing in too much money into Russia
-- some software engineer at Norton's is jealous of Russian talent and his
uncle works in the NSA
-- some official at Kaspersky accidentally put the horns on an official in the
Mossad during a business trip in Israel (Israeli women can be so
beautiful...), and this is Mossad's revenge. (For those who don't know, if
your wife has "put the horns on you", it means she slept with another guy.)
Anyway, it shouldn't concern me, because
1) I'm Canadian;
2) I'm running a Linux box;
3) there are no national secrets on this box, I swear!
4) my wife is faithful!
Have fun imagining things!
~~~~~~~~~~~~~~~
PS,
Almost forgot the obvious:
-- The US has a very "Buy American" president, so God forbid the US
Public Service would be using Russian software for anything! "Find any
reason to get Karspersky software off American gov't computers!", said
Pres. Trump in a rage.
-- And so we dust off narrow-mindedness off the list of very sad human
behaviors.
It looks a lot like defamation or a smear tactic. It's as old as the world. Of
course, this being a spy story, no real examples or proof or evidence can
be released to the public for security reasons. (Ha-ha.So what else is new.)
Hey let's start a rumor ! How about... "Consumer Reports and the White
House are like peas in a pod." So the White House told CR to write an
article to smear Karspersky software.
See. That was so easy. You just say it, no proof needed.
As to the reasons, well, let's get our imagination going. Maybe:
-- pres. Trump thinks Kaspersky is bringing in too much money into Russia
-- some software engineer at Norton's is jealous of Russian talent and his
uncle works in the NSA
-- some official at Kaspersky accidentally put the horns on an official in the
Mossad during a business trip in Israel (Israeli women can be so
beautiful...), and this is Mossad's revenge. (For those who don't know, if
your wife has "put the horns on you", it means she slept with another guy.)
Anyway, it shouldn't concern me, because
1) I'm Canadian;
2) I'm running a Linux box;
3) there are no national secrets on this box, I swear!
4) my wife is faithful!
Have fun imagining things!
~~~~~~~~~~~~~~~
PS,
Almost forgot the obvious:
-- The US has a very "Buy American" president, so God forbid the US
Public Service would be using Russian software for anything! "Find any
reason to get Karspersky software off American gov't computers!", said
Pres. Trump in a rage.
-- And so we dust off narrow-mindedness off the list of very sad human
behaviors.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
Kaspersky's explanation:
http://www.zdnet.com/article/kaspersky- ... rom-us-pc/
http://www.zdnet.com/article/kaspersky- ... rom-us-pc/
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
The truth here is that this particular charge is probably true, but deniable. That is hardly the whole story.
Any antivirus which depends on scanning for files which match a database of signatures and uploads suspect files to servers managed by the company that created it can be used this way. The major requirement is that the code sent to any particular machine can be customized. This is easy when the vendor's licensing has a product key for each paying customer, and there are different versions of protection software from the same vendor. (Sound like an unusual situation?)
Nothing stops you from slipping in a signature (pattern) that matches any kind of file you want. There may well be a switch in the code to allow or prevent uploading suspect files, but if the code is not accessible to you, you can't tell if changing this really stops the antivirus from uploading files in every case. I suspect it does not. There must be some form of problem reporting software in every such product, because problems are constantly arising.
By using the antivirus pattern matcher to fish for specific files, on a particular machine, and causing it to upload those it finds, you can crack any machine without having an explicit backdoor. It is even possible for the company involved to deny subverting the system. If the information simply leaks to attackers the operation will be deniable.
An even simpler way is to stop installation of a signature for a threat intelligence professionals can control. Such zero-day threats arise all the time. Once a system is cracked, and you have collected passwords, you can remove all traces of compromise and reinstall the missing signature. You will now have the same access as the person at the keyboard, except for pushing the power button.
The problem here is with national laws forcing companies to cooperate with intelligence services. This is normally seen as a matter of defense, but nothing prevents the information obtained from being used offensively.
The current model of IT security is fatally flawed.
Any antivirus which depends on scanning for files which match a database of signatures and uploads suspect files to servers managed by the company that created it can be used this way. The major requirement is that the code sent to any particular machine can be customized. This is easy when the vendor's licensing has a product key for each paying customer, and there are different versions of protection software from the same vendor. (Sound like an unusual situation?)
Nothing stops you from slipping in a signature (pattern) that matches any kind of file you want. There may well be a switch in the code to allow or prevent uploading suspect files, but if the code is not accessible to you, you can't tell if changing this really stops the antivirus from uploading files in every case. I suspect it does not. There must be some form of problem reporting software in every such product, because problems are constantly arising.
By using the antivirus pattern matcher to fish for specific files, on a particular machine, and causing it to upload those it finds, you can crack any machine without having an explicit backdoor. It is even possible for the company involved to deny subverting the system. If the information simply leaks to attackers the operation will be deniable.
An even simpler way is to stop installation of a signature for a threat intelligence professionals can control. Such zero-day threats arise all the time. Once a system is cracked, and you have collected passwords, you can remove all traces of compromise and reinstall the missing signature. You will now have the same access as the person at the keyboard, except for pushing the power button.
The problem here is with national laws forcing companies to cooperate with intelligence services. This is normally seen as a matter of defense, but nothing prevents the information obtained from being used offensively.
The current model of IT security is fatally flawed.
The way I read this story - and Kaspersky's explanation - is this:
- If you work for Israel or for the NSA creating tools that breach the privacy of citizens computers then it's best not to use Kaspersky antivirus as it is capable of identifying the trojans you are creating, and sending that development code back to Kaspersky for analysis.
The antivirus spotted the nature of the illegal code in use on the NSA employees computer and then did exactly what it is supposed to do and isolated the bad code and uploaded it to Kaspersky to feed it's signature back into the antivrus database.
Caught in the act NSA !
(how surprising ! )
Every decent antivirus is a "spy platform". Thats what they do - identifying bad code, from evil people and evil states, running in YOUR computer. Stick with the tame antiviri if you don't really want to know what the NSA is up to...
https://usa.kaspersky.com/about/press-r ... y-us-media
- If you work for Israel or for the NSA creating tools that breach the privacy of citizens computers then it's best not to use Kaspersky antivirus as it is capable of identifying the trojans you are creating, and sending that development code back to Kaspersky for analysis.
The antivirus spotted the nature of the illegal code in use on the NSA employees computer and then did exactly what it is supposed to do and isolated the bad code and uploaded it to Kaspersky to feed it's signature back into the antivrus database.
Caught in the act NSA !
(how surprising ! )
Every decent antivirus is a "spy platform". Thats what they do - identifying bad code, from evil people and evil states, running in YOUR computer. Stick with the tame antiviri if you don't really want to know what the NSA is up to...
https://usa.kaspersky.com/about/press-r ... y-us-media
-
perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
CIA wrote code 'to impersonate' Russia’s Kaspersky Lab anti-virus company, WikiLeaks says
Wikileaks drama alert: CIA forged digital certs imitating Kaspersky Lab
"Eugene Kaspersky, chief exec of Kaspersky Lab, sought to reassure customers. "We've investigated the Vault 8 report and confirm
the certificates in our name are fake. Our customers, private keys and services are safe and unaffected," he said."
All in all I would not be suprised if Kaspersky is an innocent bystander being victimized by the USA deep state swamp.
.
Wikileaks drama alert: CIA forged digital certs imitating Kaspersky Lab
"Eugene Kaspersky, chief exec of Kaspersky Lab, sought to reassure customers. "We've investigated the Vault 8 report and confirm
the certificates in our name are fake. Our customers, private keys and services are safe and unaffected," he said."
All in all I would not be suprised if Kaspersky is an innocent bystander being victimized by the USA deep state swamp.
.