Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Government Security United States Politics

Officials Fear Russia Could Try To Target United States Through Kaspersky AV (go.com) 173

Russia's growing aggression toward the United States has deepened concerns among U.S. officials that Russian spies might try to exploit one of the world's most respected cybersecurity firms to snoop on Americans or sabotage key U.S. systems, according to an ABC News investigation. From the report: Products from the company, Kaspersky Lab, based in Moscow, are widely used in homes, businesses and government agencies throughout the United States, including the Bureau of Prisons. Kaspersky Lab's products are stocked on the shelves of Target and Best Buy, which also sells laptops loaded by manufacturers with the firm's anti-virus software. But in a secret memorandum sent last month to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions, the Senate Intelligence Committee raised possible red flags about Kaspersky Lab and urged the intelligence community to address potential risks posed by the company's powerful market position. "This [is an] important national security issue," declared the bipartisan memorandum, described to ABC News by congressional sources.
This discussion has been archived. No new comments can be posted.

Officials Fear Russia Could Try To Target United States Through Kaspersky AV

Comments Filter:
  • by Anonymous Coward on Tuesday May 09, 2017 @03:05PM (#54386851)

    LOL,wait, there are people who think Kasperesky isn't compromised? ROFL. Using a respected and renowned cybersecurity first to as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

    • by Anonymous Coward on Tuesday May 09, 2017 @03:19PM (#54386975)

      LOL,wait, there are people who think Kasperesky isn't compromised? ROFL. Using a respected and renowned cybersecurity first to as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

      Also, are there people who think Microsoft isn't compromised? ROFL. Using an operating system with the highest market share as a cover seems like a no-brainer to me. I've assumed they were compromised years ago, quite frankly.

      • Also, are there people who think Microsoft isn't compromised?

        Probably somewhere, but there have been indications that Microsoft has been working with the NSA for a looooong time. Also, I know it sounds ridiculous, but there is a back door in Intel chips that allows you to access them, even when the OS is not installed. I know that sounds crazy, I thought so too, at first.

        Also, Google secretly hands your emails over to the NSA without telling you.

        • by DrYak ( 748999 ) on Wednesday May 10, 2017 @06:50AM (#54391261) Homepage

          Also, I know it sounds ridiculous, but there is a back door in Intel chips that allows you to access them, even when the OS is not installed

          Technically:

          1 - it's not in the Intel *CPU*, it's in the Intel *Server Motherboard Chipsets*.
          By design, Intel ME (Management Engine) is a useful tool so sys-admin can remotely access and checks servers (or enterprise workstation) whose OS won't even respond anymore. (e.g.: to diagnose early boot process steps, oversee a firmware update, etc.)
          It' basically a small embed CPU core running a micro embed Linux and featuring a web server for the interface and a sort of VNC server and port forwarder/remote device mapper.
          In practice, this service is done very sloppily and bugs are constantly found that enable exploit and un authorized acces.

          2 - Intel ME has equivalent in other manufacturer called IPMI. e.g.: most of the AMD server motherboard features that one.
          Again, like with Intel ME, cirtical exploitable bug are regularily found in IPMI, meaning it similarly easy to circumvent access control.

          A big chunk of these exploitable bugs in both Intel ME and IPMI are very probably due to sloppy programming for product rushed to the marker.

          But given how many bugs are discovered, and how juicy light-out-management is as a target, there bound to be a few "not so honest mistakes" among these bugs.
          But these not-quite-accidental bugs aren't only to be blamed on US agencies.

    • by Anonymous Coward

      Yeah, people who A: rely on evidence, B: know what they're talking about, C: Don't guess and D: Don't say "ROFL" about the situation, you dipshit.

      " there are people who think Kasperesky isn't compromised? ROFL "

    • so true. duh. a decade ago I said to my colleagues, well, most of the antivirus tools are made out of the US with some US sales offices. it's okay. we need to authorize a certain degree of wiretapping by our telecoms to sniff our phones for a scammer script / calls and disconnect the call immediately for us much like we authorize anti-virus tools to block incoming malware. i wonder how long that novel idea will take.
  • by Anonymous Coward

    They are secure because the USA has TLAgencies that help protecting the American people.

    • Re: (Score:2, Insightful)

      by piojo ( 995934 )

      That's cute, but have you heard about Russian propaganda about the US? One of the ways Putin maintains power is by rousing hatred against the US. Fortunately (for now), another way he stays in power is by painting himself as a peace-broken. (Remember, he controls the Russian media.) So there is quite a lot of aggressive sentiment toward the US, but that won't necessarily translate into war.

  • We're all just one automatic upgrade away from infection. ...which now that I think of it, is true for any AV product.

    • Ummm. Duh! Yeah!

      I thought all the AV companies actually also created the need for AV programs!
      Isn't that where most malware comes from?!
      • Ummm. Duh! Yeah!

        I thought all the AV companies actually also created the need for AV programs!

        Isn't that where most malware comes from?!

        I'd like to think not, but I guess it's a possibility. Sometimes the constant nagging by my antivirus product to buy more expensive coverage (which is impossible to turn off) feels like malware. Especially when I'm doing work (like editing photos) that takes up the entire screen, and the AV ad pops up over the control sliders. It's enough to make one consider keeping the AV turned off and the network cable unplugged while doing serious work.

        Then there was the hilarious but almost certainly untrue rumor t

  • Russia this, Russia that - seems like the left really fears them for something despite being Soviet themselves.

    • by geek ( 5680 )

      Anything to deflect from their own transgressions, like stealing an election from Bernie Sanders.

      • It's better for their image that they were 'hacked' and thus victims, rather than have it be that one of their own turned whistleblower and exposed them to Wikileaks. A lot of clues point that leaker as being Seth Rich, and sadly, he isn't talking.

        • The same people accusing Russia of being the culprit are the same ones responsible for his Soviet-like disappearance.

    • ah yes, Jeff Sessions, the notorious "leftist".

    • by AHuxley ( 892839 )
      After all the news about gov US plain text documents facing the internet and staff walking out to give documents to the waiting media?
      "Russia did it" is about all that can be attempted to cover up for the total lack of domestic crypto and staff vetting over decades.
    • by piojo ( 995934 )

      Russia this, Russia that - seems like the left really fears them for something despite being Soviet themselves.

      They are the world's most powerful dictatorship. Putin has been fairly successful in pretending not to be a dictator, but the more of his critics and opponents he kills, the more obvious the charade becomes. If that's not enough cause for concern, Russian-language propaganda against the US is. (Russia's media is controlled by the state.) If that's not a cause for concern, Russia's annexation of other countries (and the world's failure to respond) is.

  • I remember when much the same concerns were raised about Chinese networking equipment. (If memory serves, being supplied into a large project in Australia).
    This was before the Snowden revelations.

    So, we now know that really what they were doing was preserving the supply of US networking equipment that could be pwned.

    Thus, one wonders if the same thing is happening here?

  • McCarthy AV (Score:5, Funny)

    by lactose99 ( 71132 ) on Tuesday May 09, 2017 @03:16PM (#54386945)

    Are you now or have you ever been a member of Kapersky Lab?

  • In capitalist America, US President downloads software.

    In soviet Russia, software uploads choose US President.

  • by Anonymous Coward on Tuesday May 09, 2017 @03:18PM (#54386963)

    And what about Microsoft, Apple, Google? Should Russia fear all these companies as well and ban them?

    • And what about Microsoft, Apple, Google? Should Russia fear all these companies

      Yeah, probably.

    • by AHuxley ( 892839 )
      Russian secrets are safe on paper in vault, in a building, behind a real wall in a very secure science city.
      No open computer networks with plain text files, no foreigners or illegal migrants getting security related jobs, no new contractors.
      Just real staff working hard all day who are vetted and trusted.
      Russia trust paper files and its own gov/mil. The USA always trusts the new team of contractors.
  • by Anonymous Coward

    ...with this red scare stuff. Hillary lost because she was an inferior candidate.

    • It was a choice between a turd sandwich and a giant douche
      I guess the American people wanted a douche instead of a turd.

  • We are amidst the beginnings of a new cold war. I have a lot of respect for Kaspersky. Being so close to the Kremlin doesn't made me feel warm and fuzzy, but they have always spoken out against state actors. I wonder if they will respond directly to this as they have always seemed to be a fairly open company with regards to data breaches and cuber security risks. https://www.scmagazineuk.com/i... [scmagazineuk.com]
    • I have a lot of respect for Kaspersky.

      Why, you don't remember the time when AVP was good? Because it was. But now it's the bloatiest of AV. Why would you respect it today?

      Being so close to the Kremlin doesn't made me feel warm and fuzzy, but they have always spoken out against state actors.

      Talk is cheap.

      • so your rebuttal to my comment is a superlative and a catch phrase? I respect Kaspersky because they are an open company the talks about threats openly, discusses relevant topics and provides insight most other companies keep close to the vest. I suggest you read their blog. you might feel the same way. Just because I respect them doesn't mean I use their products and it doesn't mean I feel they are completely divorced from the Kremlin. Just means i respect them and that they are probably trying to do the
  • Just open a dictionary.
  • I haven't used anti-virus software in years. I only have Windows Defender and Malwarebytes installed on my Windows PCs.
    • Re: (Score:3, Informative)

      by geek ( 5680 )

      I haven't used anti-virus software in years. I only have Windows Defender and Malwarebytes installed on my Windows PCs.

      Read the first sentence you wrote. Then read the second one. You now have my permission to feel stupid.

  • It's okay. Obama told me the Russians weren't a threat.

  • They might make it aggressively scan everything repeatedly so that your PC is slug-city. ...Oh wait, that's McAfee.

  • Not saying they aren't (probably are, everyone else is), but let's put it this way: "All those who believe they have an uncrackable product / network / service, take one step forward."

    You'll notice the smarter / older people taking a step back when they hear that.

  • by Cyberpunk Reality ( 4231325 ) on Tuesday May 09, 2017 @03:38PM (#54387127)
    Spying jokes aside, if the NSA (and the greater intelligence community) had pushed for good security practices from the beginning instead of cultivating an environment that made their spying easier, we wouldn't have to worry about this. The US government needs to realize that it cannot have it's cake and eat it too.
    • by StormReaver ( 59959 ) on Tuesday May 09, 2017 @04:28PM (#54387555)

      Along those lines: I'm far more worried about being targeted by our own Government than by the Russians. The U.S. Federal government has shown itself time and again to be, at best, no better than the Russians where our rights and freedoms are concerned:

      1) Continual erosion of the Constitution.
      2) Ignoring the Constitution when following the law becomes inconvenient.
      3) Spying on American citizens.
      4) Systematic molestation by Federal officials at airports.
      5) Lying to the American public as a matter of standard policy (though that is implied in the other four).

      The Russians are WAY down on the list of things we Americans have to worry about at home.

    • by AHuxley ( 892839 )
      The NSA wants to be the shield and sword of all things cyber.
      For that to work the world has to accept junk US crypto, low security OS and US brands helping the clandestine services.
      The UK and GCHQ had a much better way. Work with the UK mil and other clandestine services to get things done in secret.
      The NSA needs to tell the public about its role, get funding, tell congress to give more funding, support all its contractors, allow contractors to offer ever more staff and services.
      Then report back on eve
  • Why would any "key U.S system" have Russian AV software installed? A key function of AV software is to be able to intercept pretty much anything that happens.

  • Simple solution: what do Russian opposition parties/organizations use? If they trust Kaspersky, it's probably pretty safe. If I were Russia, I wouldn't bother with it though. Too obvious.
  • They want their cold war back.

  • Aww come on! (Score:4, Insightful)

    by Applehu Akbar ( 2968043 ) on Tuesday May 09, 2017 @05:19PM (#54387915)

    Why don't the Democrats have done with it and just re-convene the House Un-American Activities Committee? Given today's political alignment, this could even include restarting the old John Birch Society campaign against dental fluoride. What was old is new again.

    • Why don't the Democrats have done with it and just re-convene the House Un-American Activities Committee?

      Who says they won't? Well ,maybe they won't. The general rule in these things is ' Any Resemblance to Actual Previous Events is Entirely Coincidental. Because We Changed the Names.'

  • If the NSA, CIA, FBI and Five eyes all can see my Pr0n browsing history, why can't the FSB joint the fun too?

  • US software (Score:4, Insightful)

    by manu0601 ( 2221348 ) on Tuesday May 09, 2017 @08:25PM (#54389131)
    This is a stupid move from US, with its world-dominating software industry. Following the same logic, most countries in the world should ban Windows.
  • by Tom ( 822 ) on Wednesday May 10, 2017 @05:30AM (#54391033) Homepage Journal

    McCarthy called, we wants his paranoia back.

    Funny how nobody noticed how very suddenly everything from elections not going the favorite way to bad weather is Putins fault. Let's conveniently ignore that he's been running Russia one way or the other for twenty years.

    Assuming that much of this stuff is either fabricated or wasn't important some years ago and is dragged up now - the question is why? For what purpose is the public fed the old "Russia is evil" meme again? What are we being prepared for?

    • Another war to feed the American industrial military complex, what did you expect?
      Why are you even surprised? America has been at (almost) constant war since the American civil war.

      America is building tanks it doesn't need (or want) just so that they can keep the factory running in case they need to ramp up production
      http://www.military.com/daily-... [military.com]

      Why would any country do that unless the intention was to go to war in the future.
      We have to defend against Russian aggression I can only see American
    • by ebvwfbw ( 864834 )

      It's the Democrat's birther joke. The joke's on them. No evidence at all... yet they keep saying there was Russian involvement, etc. Even Dianne Feinstein said recently there is no evidence. So if you see someone saying the russins are coming.. they're a really good mark. They're really gullible.

  • Over the past 10 or 15 years, I have tried nearly all of the major (and some not-so-major) AV programs out there.

    The absolute best I have yet used is in fact Kaspersky (Total Security and the Small Office Suite).
    There has never been an instance over the past 3 years of having Kaspersky fail to fully protect all the PCs under my guard (~22 at last count).

    Other AV programs have ALL allowed an infection through at one time or another: AVast, Eset, AVG, McAfee, Norton, TrendMicro, ...

This is an unauthorized cybernetic announcement.

Working...