Israeli Spies 'Watched Russian Agents Breach Kaspersky Software' (bbc.com) 194
Israeli spies looked on as Russian hackers breached Kaspersky cyber-security software two years ago, according to reports. From a report: The Russians were allegedly attempting to gather data on US intelligence programs, according to the New York Times and Washington Post. Israeli agents made the discovery after breaching the software themselves. Kaspersky has said it was neither involved in nor aware of the situation and denies collusion with authorities. Last month, the US government decided to stop using the Russian firm's software on its computers. The Israelis are said to have notified the US, which led to the ban on Kaspersky programs. The New York Times said that the situation had been described by "multiple people who have been briefed on the matter."
I don't know who's spying who (Score:5, Insightful)
So Israel was spying on the US and saw that Russia was spying on the US.
Great. Wish they'd both die in a fire.
Re:I don't know who's spying who (Score:5, Informative)
It's kind of like that time that particularly famous traitor aired our own dirty laundry and it turned out that we spy on all of our allies.
Re:I don't know who's spying who (Score:5, Insightful)
Re: I don't know who's spying who (Score:5, Insightful)
Re: (Score:2)
Out of the 100s of destination that he could have reached from Hong Kong, he chose to fly to Russia. He had state help to reach Russia, and if his final destination was really that South American country, he made a calculated decision that it was OK to be stuck in Russia and to apply for 'asylum'. The 40 days in the airport was just for show.
Re: (Score:2)
Re:I don't know who's spying who (Score:5, Insightful)
Snowden is a hero. He proved without a doubt we were being lied to.
There is plenty documenting the events leading up to his residing in Russia, including the timing of his passport being revoked, so perhaps you should rethink that. Do you really believe that bravery means waiving your right to a fair trial and letting yourself be shipped off to a CIA blacksite to be tortured?
Re: (Score:2)
Agreed. Snowden is a fairly stereotypical hero. And that's a compliment.
Re: (Score:2)
Hello token troll (Score:2)
Re: (Score:2)
s/traitor/hero/
That should fix it
Re: (Score:2)
On a side note, I'm curious what your opinion of Quakers might be.
Re: (Score:2)
Snowden would have been a patriot had he limited his disclosure to the illegal spying on US citizens. He crossed a line and should pay for it. Don't even get me started on Bush.
Re:I don't know who's spying who (Score:5, Insightful)
Re: (Score:1, Interesting)
But they didn't report the security flaw to Kaspersky??
Re: (Score:1, Insightful)
The Israelis notified the US that they were able to breach Kaspersky on their systems. The Russians did not. Speaks a lot about the intent. Not sure how you missed that.
Yeah, like that time I told my friend that I fucked his wife when he wasn't around.
He was super upset and then I'm all like, "Well, at least I told you, unlike your brother."
See, it's all about intent with these things.
Re: I don't know who's spying who (Score:2)
With friends like this, who needs enemies (Score:2)
Re:With friends like this, who needs enemies (Score:4, Insightful)
Your timeline is wrong, and you are basically stating that the Israelis were only there to steal information from the US. Do you actually know this, or is this just pessimistic conjecture?
Even if they were only there initially to steal data (big if), we live in a world where everyone spies on everyone. It is what spy agencies do, it is their entire purpose. It makes no sense to expect not to be spied on, but it does make sense that allied agencies would inform you if non-allied agencies are successfully intruding into your systems.
Re: (Score:2)
Hi neighbour. You should really get your money out of First National. We didn’t rate their security at all when we cleaned them out.
Re: (Score:3)
Hi neighbor. You should really stop using Equifax. We were able to break in easily, and noticed other people were as well. By the way, your Equifax data has (obviously) been compromised. Might want to look into that.
Re: (Score:2)
Well yeah, if you prefer data as an analogy for data. Sheesh, just make it really obvious....
Re: (Score:3)
Re: (Score:2)
You're begging the question [fallacyfiles.org].
Re: (Score:2)
Notifying the US to the end of them banning the software you are trying to use to spy on them would be shooting yourself in the foot, especially if you've spent resources finding a brand new method to break in. Your theory doesn't make sense.
Re: (Score:2)
You presume that Kaspersky is the only software on US Defense systems that's exploitable?
I presume that there are hundreds, if not thousands of ways to breech US Defense systems. I also presume that it is extremely unlikely that the Israelis only had that one, single way in, the entire time before they notified the US of the security vulnerability. If your point is that Israel is not our ally because they spy on us, I've got news for you. Everyone spies on everyone. The fact that they notified the US at all is a pretty good indicator of who's "side" they are on.
For all I know, they specific told the US so they'd switch to another AV software which Israelis spies knew was vulnerable.
Why the hell would the US switch
Re: I don't know who's spying who (Score:2)
Re: I don't know who's spying who (Score:1)
Uhh did you read the fucking summary, you fucking imbecile?
They were spying on Russia. They notified the US. The only reason you might be upset is if you are a Russian...
Re: I don't know who's spying who (Score:3, Funny)
Russians, on Slashdot? I'm shocked, shocked I tell you. Please say it ain't so. Next you'll be saying they pretend to be American or Canadian or Polish or British. No this is impossible, my mind cannot accept it.
Re: (Score:2)
Didn't you know? Since November of 2016 everyone in the US is Russian.
Re: (Score:2)
No, they had our back...
Re: (Score:2)
And since the US spies on all of it's allies, should they die in a fire as well?
Re: (Score:2)
Whatever. Spying performs a perfectly fine function, preventing surprises and believing your biases. Think of it as data collection for a theory about the "other side". Would you rather Russia have no information about U.S. military programs? Those well-adjusted, non-paranoiac KBG retreads?
Hard to say (Score:2)
If Kaspersky did not know. Its not like Russia has a free press to investigate those things. Oh crap.
Any AV vendor (Score:5, Insightful)
Re:Any AV vendor (Score:4, Funny)
Once you realize you install it on Windows 10, you start to relax again. It's like having a ticking bomb in a plane that lost its tail and is plummeting towards the ground with a few 100 mph. Does it matter that there's a ticking bomb next to you?
Comment removed (Score:5, Funny)
Re: Any AV vendor (Score:2)
When the bomb issues you a ticket, does it explode, too?
Re: (Score:3)
I know, I know, but try to argue that with the TSA idiots. No clue about statistics but think they're king of the airport.
Re: Any AV vendor (Score:2)
Re: (Score:2)
Last time I flew with Delta I felt like I stepped into a time machine. The seats looked like out of a 70s airplane catastrophe movie and the beehive hairdo of the attendants didn't really comfort me either.
When that tech looked at the engine shook his head and went away I wanted to get off.
Re: (Score:2)
The plane crash probably kills me, the bomb exploding definitely kills me. Yes it matters: there is a small difference between probably and definitely.
However, with Win10 it's the other way around: there is a bomb exploding while your plane lost its tail and is plummeting down. Given that the explosion of the bomb already killed you, do you still care that the remainder of the plane is crashing?
Re: (Score:2)
Given the seemingly substantial increase in the risk that computer users cannot trust software that they have acquired regardless of source, what needs to change about the architecture and/or operation of computer systems (hardware and/or software) to reduce this risk? The risk has always been present, but the threat appears to have increased significantly (by which I mean that there is a greater probability that someone is trying to attack through this attack vector), which increases the risk accordingly.
Inb4 Russian apologists (Score:5, Interesting)
Here's an old story [wired.com] you might find apolitically interesting. We knew way before the election that Kaspersky was KGB trained and a Putin loyalist. You can read my comment history of you're an actual skeptic rather than a Russian botnik. But I also recommend anyone who doubts Putin's viciousness to hear the story of how he murdered his way into office from this PBS Documentary [youtu.be].
As a sidenote, I'm a slashdot reader from more than a decade ago, and I've been really disappointed to see the amount of denialism present on this issue. I remember this as a place for pragmatic, intelligent, realistic people. And here's the reality: Putin is at war with you, he doesn't give a shit about you or your family or even his own citizens' families, and he actively hopes that you are confused about what he is doing, or denying it entirely.
Re: (Score:3, Insightful)
Re: (Score:1)
Re: (Score:2, Troll)
Yes, in fact, on all social media (almost) the only thing I talk about is the Putin-Trump bromance. But I also like puppies, Mediterranean cuisine, late-night talks, long walks on the beach, and visiting Saint Petersburg to make new friends.
Re: (Score:2, Interesting)
He doesn't remember it as anything. His account was registered 8 years ago and made one post. Then an account registered on another website associated with the same email address was compromised, and some US lobbying company like Media Matters bought the log in information as part of a list off the dark web. Hence the 8 year gap between the accounts first post (and only one not about Russia) and all of the ones from the last 6 months.
Re: (Score:3, Interesting)
He doesn't remember it as anything. His account was registered 8 years ago and made one post.
Jesus Christ you are right. Look at the account! https://slashdot.org/~Sarcasmooo! [slashdot.org]
One post in 2009 about using an adblocker. [slashdot.org]
Then nothing until May of this year. 11 political posts nearly all of which talk about Russia.
What data breaches happened in May or had leaked information up for sale in May? Spotify, Instagram, Verizon, Yahoo of course, there are so many.
We should be talking about this.
Re: (Score:3, Informative)
Hey wow, look at these well-upvoted anonymous cowards who don't know that Slashdot comment history doesn't go back that far, but Google does. Here I am all young and shiny, in a thread from 2004 [slashdot.org].
Is this a joke? (Score:2)
Seriously, if something like this came up in a cheesy 80s action show I'd switch channel.
Re: (Score:2)
Your rant reminded me in a strange way of the first 20 seconds of this show's intro [youtube.com].
Occam's Razor (Score:5, Insightful)
Kaspersky's AV solutions scan files, and transmit data back to their servers if found to be malware. If nothing else, they can send back lists of files on machines that are scanned, etc.
The transmission is done thru TLS-encrypted channels.
The Russian Government, like most major governments, do their best to monitor all of the traffic they can. See the recent Wikileaks documents on "Peter-Service" for some details.
If the Russian gov't has obtained, one way or another, copies of Kaspersky's TLS keys, then they really don't need cooperation to see everything that's coming down the pipe. They can also probably MITM the connection and take control of the AV application, without Kaspersky's knowledge.
It is called "plausible deniability" for Kaspersky and fairly trivial in a country where the use of strong encryption requires a license from the gov't.
There are numerous current news articles about our (American) Justice Department is salivating over the possibility of that being possible in the U.S.
Re: (Score:2)
If the Russian gov't has obtained, one way or another, copies of Kaspersky's TLS keys, then they really don't need cooperation to see everything that's coming down the pipe. They can also probably MITM the connection and take control of the AV application, without Kaspersky's knowledge.
That's a very interesting thought, considering that Kaspersky has offered to make their source code available for scrutiny. In the scenario your describe, the vulnerability would arise outside of the code itself.
Re: (Score:2)
Don't be fooled by offers to make source code available for closed-source products. If they don't deliver the product EVERY TIME with source, that you then compile and use -- instead of the other binary they provide -- it is fairly useless.
Updated code is/was a popular way to get malware into Google's Play Store for Android. The benign app was vetted by Google, allowing it in. Once installed, it phoned home and installed "updates" that change the function to something more malicious.
Properly executed MITMs
Re: Occam's Razor (Score:2, Insightful)
Tell that to LavaBit!
Well, then... (Score:5, Insightful)
Re: (Score:2)
Kaspersky? Sounds kinda Russian to me!
They're probably part of RINNT - the Russia Israel Neo Nazi Trump conspiracy!
What an odd, backwards comment (Score:2)
It isn't so bad for /. readers but what about those friends and family who are more-and-more at risk?
This comment is just bizarre and completely backwards. The only people who care about this stuff are people on places like Slashdot. Friends and family who don't work in IT are not losing any sleep over this at all. I can give you my complete guarantee on that. The people who actually do care are few in number.
Re: (Score:2)
Re:Well, then... (Score:4, Insightful)
So who can we trust, then? Symantec? McAfee? Windows Defender? Please. It looks like we either have to swallow the fact we're going to be entertaining uninvited guests or we'll have to try to live without our security blankets.
You can't trust Microsoft to start with, so stop using their products. Linux or one of the BSDs are far more trustworthy.
Windows is your "security blanket", not the AV product.
Re: (Score:2)
Yep, if true this sounds really bad. I've got to say though that the agencies should've at least tried to notify Kaspersky of the breach without giving away too much just to see how they react. That would've made things clearer. But in the end it doesn't matter whether through malice or incompetence, if this is true this means Kaspersky isn't just sending your data to the Russians but also the Israelis, making it even worse. I wonder who else managed to hack them. Personally I use Clam on a liveCD to scan m
Re: (Score:2)
No silver lining for Kaspersky (Score:5, Insightful)
Ignorance is bliss (Score:2)
Re: (Score:2)
âRussian Agentsâ(TM) (Score:1)
Re: (Score:2)
So much Latin, so I'll have a go as well (Score:2)
Quis custodiet ipsos custodes?
In related news ... (Score:4, Informative)
Size != Power ... on the Net (Score:5, Insightful)
Man, if you`re a nation of 350 million people who invented the Internet and have a larger security budget than the rest of the world put together, it must totally burn you to be hacked by a half-starved, half-drunk nation of 150 million.
But not as much as being told about it by a nation of 8 million.
Guys, we don`t agree with all your foreign adventurism and neo-colonialism, but if you`re going to run around the planet just making enemies hand-over-mailed-fist, you really need to up your cybersecurity game. You have WAY too many of your human IT resources trying to figure out how to out-snapchat SnapChat.
And hire Snowden back. That guy could run a computer.
Re:NPR advertising Kapersky this am (Score:5, Informative)
NPR does admit that Kapersky is an underwriter in their stories... They were also early to bring up the connection between them and the Russian government. It seems NPR is respectable enough to not let Kapersky money get in the way of good reporting.
Re:NPR advertising Kapersky this am (Score:5, Funny)
I disagree.
Only Briebart and Fox is unbiased if you ask any Trump supporter. If any news outlet talks about Russia it is a lie by the libtards and part of the fake news if it doesn't agree with their ideology.
Re: (Score:2, Flamebait)
If you rely on one news source that conforms to your ideology then it doesn't matter if you watch; Fox, Brietbart, CNN, MSNBC, or NPR. You will be in an echo chamber and are susceptible to fake news and lies.
Re: (Score:3)
It's true that watching only news that conforms to your ideology makes you susceptible to being misinformed.
What is also plain as day to anyone who is not in an echo chamber is that not all news sources are equally ideological/fake.
It's not impossible for NPR to become a propaganda network in the future, and I would hope as many NPR consumers as possible would notice such a shift and repudiate it, a blind NPR consumer is probably going to be pretty well informed compared to a blind Fox News consumer at the
Re:NPR advertising Kapersky this am (Score:5, Interesting)
This issue is not immune to the scientific method. Much of the approbation for Fox, and kudos for NPR, comes from the Knowledge Networks study almost 15 years ago:
http://www.pipa.org/OnlineRepo... [pipa.org]
It IS possible for everybody to agree on a few simple facts, no really. Then you can survey news consumers for whether they are right on those really simple facts, and find which consumers have the best score. In this 2003 poll, you actually had the amazing stat that people who watched a lot of Fox had lower scores than the Fox fans who watched a little - a lot of watching actually subtracted from your factual knowledge. And NPR listeners had the highest score.
This study should be repeated yearly, about multiple news stories, and the results should be common knowledge. News sources should be competing on whether their viewers get 80% of 90%, not whether they get 90% or 25%.
Re: (Score:2)
Do you have a more recent study?
Forgive me, but getting a few simple facts right or wrong does not address the issue of fake news and susceptibility of lies to both viewers and organizations. Again, you can tell lies by telling nothing but the truth.
I think you are trying to have a different conversation.
Re: (Score:2)
A more recent story? Not being tasked as your research assistant, no, I've only got the story I came in with. Google is your friend.
And, by the way, did you have some reason for anybody to imagine that the editorial direction or fact-checking standards of Fox news have changed since 2003? I don't recall any major changes of senior staff in that time until Ailes was forced out in disgrace - he set ALL the standards around there, nobody crossed him. WHY would he have changed any standards in his late 60s
Re:NPR advertising Kapersky this am (Score:5, Interesting)
You can tell lies by telling nothing but the truth.
I don't think Fox News can... If they can, they aren't. They seem to resort to normal lying quite regularly.
NPR is only slightly better but not much. It's nauseating to listen to them. What they report on and how they report on it is very one sided. Too much emotional manipulation. Too many loaded questions. Too many attempts for "gotcha moments" instead of understanding any position. Too many one sided arguments and token opponents. Too many fallacious arguments; strawmen and appeals are the norm.
It doesn't seem like you are defending Fox, so I won't bother pointing out all the BS on their side. But I honestly don't see any of what you are talking about with NPR. Can you cite any of the stuff you are describing from NPR?
If you think they are fair and balanced then perhaps you are already in an echo chamber. When I listen to them I don't feel like I am becoming better informed but rather learning talking points from a emotionally manipulative propagandist with an agenda.
It's possible. But I think I would have to only consume NPR and sources like it to be really be in an echo chamber. And honestly I think the term "fair and balanced" is basically meaningless after Fox News claiming this as their slogan for so long. It means different things to different people. To some people, being fair and balanced means being equally critical of "both" sides of an argument regardless of merit or how many sides there even are.
What I will say about NPR is that it is not often (I can't even remember the last time) when they reported something as fact that turned out to be false. Yes, the media can be deceptive with which facts they decide to report and which to omit. But omitting facts does not prevent those facts from being reported by other media outlets. What relevant facts did NPR omit? I haven't seen any.
Re: (Score:2)
They seem to resort to normal lying quite regularly.
A lot of media orgs do but normal lying isn't as effective these days.
Can you cite any of the stuff you are describing from NPR?
I listen to them most days to and from work. NPR does a better job than some and they don't always do a bad job. TBH, I am too lazy to find you specifics for something I don't care enough about to try and convince someone on /.. You can disregard my opinion if you like.
What relevant facts did NPR omit?
You can tell lies with the truth. Propaganda, manipulation, and deception are more effective with the truth. It reminds me of conspiracy theories; there is always a grain
Re: (Score:2)
A lot of media orgs do but normal lying isn't as effective these days.
It seems to be much more effective than what I would have imagined looking at polling data. When I saw the data of percentages of Fox News viewers that actually believe various false claims they make (many of which are already widely debunked and quietly redacted on Fox News e.g. pizza gate, etc), my takeaway is that most of those viewers just believe whatever they are told by Fox News.
I listen to them most days to and from work. NPR does a better job than some and they don't always do a bad job. TBH, I am too lazy to find you specifics for something I don't care enough about to try and convince someone on /.. You can disregard my opinion if you like.
I'm open to being convinced. I don't need a comprehensive list or anything. How about just the most egregious example of
Re: (Score:2)
Not the OP, but it's probably Tom Ashbrook's On Point, or the Diane Rehm Show that he is thinking of. Don't listen much to the latter, but Tom Ashbrook has a clear bias for most of the stories he covers. That doesn't (usually) stop him from trying to challenge his guest(s), but it does often set the frame of the discussion. So if you are sensitive to that, you might come away thinking it was fairly one-sided. For example, listen to this one,
http://www.wbur.org/onpoint/20... [wbur.org]
His guest is attempting a thoughtf
Re: (Score:2)
I've actually never heard this show. I don't actually get this show on my local NPR affiliate station (KPBS in San Diego). I'm honestly not sure if NPR affiliates are (or should be) considered "official NPR media" or not. I know I considered some of the "local" shows to be representative of NPR (e.g. "To the point" (KCRW), "Here and Now" (WBUR)), but I honestly don't know how widespread these shows are on other NPR affiliates across the country. We may be judging the merits of "NPR" based on completely
Re: (Score:2)
Alright I listened to the show.
A little background for me: I have been arguing the point that the guest was making for years (especially about the mortgage interest deduction and school districts being unfair and keeping people poor), and I did read an article about this book already and found myself basically agreeing with it.
I think both forms of presentation (i.e. a debate between "equal" sides, vs. a host interviewing a proponent of something, and offering some challenges) have their merits. I feel lik
Re: (Score:2)
I didn't really notice a bias. It sounds like you are describing a pattern of bias which may not be easy to see by listening to only one interview.
It's hard to pick out a single representative show. Like I say, overall Tom Ashbrook tries to do a thoughtful show, so in that way he is very good. He doesn't just yell into the mic the way Rush Limbaugh does, but there is a bias there. I think I noticed it more over the last year because he was having more political shows for a while. The bias is subtle, because it is more in the ways he asks questions and directs the conversation, or in how he responds to comments by viewers than it is in the subject matt
Re: (Score:2)
Well, I do agree that it is not a typical partisan talking point, which is good. But I disagree with the characterization of people seeking good communities for their families as being "hoarders".
This is getting into a different debate, which I am happy to get into. I don't think people in the 20% are hoarders for trying to be more successful for themselves and their families, and I don't think the Richard Reeves is saying that either. I think what makes them "hoarders" is supporting policies which disproportionately benefit them. People in the top 20% are reliable voters. They have a lot of power to decide tax laws, etc.
It's easy to bin people into groups like "the 20%" without recognizing that they have their own struggles.
It is easy to do that, but I think he actually did specifically recognize t
Re: (Score:2)
I don't think he wants housing to be more expensive. I know I certainly don't. The policy of having a mortgage interest deduction is actually artificially raising housing prices.
That is very debatable.
Either eliminate the restrictions that force kids to only be able to attend their local public schools, or ensure that every public school has equal resources.
Two points:
1) Busing kids around is expensive, and impractical on a large scale. Schools need to be local for a lot of other reasons too, such as integration into the community and to facilitate interactions with parents.
2) If you had said "ensure every public school is of comparable caliber", I would agree, but you are assuming money is the only issue. It isn't.
I really don't see a good reason to support a policy that only benefits the top 20%.
Every policy benefits only a fraction of people. You need to consider each policy individually
Re: (Score:2)
That is very debatable.
The ability to pay lower taxes by owning a home is something that's valuable. Adding this value to every house makes them more desirable. If we took away the mortgage interest deduction, it makes less financial sense to own a home (at current prices), which will lower demand and cause house prices to fall to a new equilibrium point.
I'm open to debate on this topic. I don't have an economics degree or anything.
Two points: 1) Busing kids around is expensive, and impractical on a large scale. Schools need to be local for a lot of other reasons too, such as integration into the community and to facilitate interactions with parents.
I'm not saying we should bus kids around. All I am claiming is that the current system of only
Re: (Score:2)
I'm trying to teach my kids to notice things like this, think about why something is being talked about, not just what they are saying.
Re: (Score:2)
Re: (Score:3)
It's true that you should listen to multiple sources from multiple viewpoints, but you also need to keep in mind that not all subjects have a "both sides." If Media Outlet A had a report saying "Many scientific studies show evolution is real" and Media Outlet B had "Scientists Wrong; World Created 5,000 Years Ago", there wouldn't be a comparison. You couldn't simply say "well, that's a difference of opinion and both are equally valid." One has mounds of scientific evidence on their side and the other is bas
Re: (Score:2)
Yes, listen to multiple sources. There are always two sides if there wasn't it wouldn't be controversial, would it?
Sometimes it's a difference in narrative. "AGW is real and backed by science" vs. "The political solutions to combat any environmental impact of humans and the costs involved". There will always be loudmouth idiots on both sides and using only the idiots to represent a position is as much a strawman as lighting hay effigies on fire.
For your example, media outlet A reports "many scientific studi
Re: (Score:2)
Sometimes it's a difference in narrative. "AGW is real and backed by science" vs. "The political solutions to combat any environmental impact of humans and the costs involved". There will always be loudmouth idiots on both sides and using only the idiots to represent a position is as much a strawman as lighting hay effigies on fire.
Agreed. Some (or a lot) of this has to do with the headline-grabbing nature needed to advertise a news story. But I think the real issue is that every policy decision, at least in the short-term, creates winners and losers, even if the winners become less so over time and the losers eventually recover. Nobody wants to be the loser. Everybody wants to be the winner. So those that stand to "lose" by the establishment of some kind of energy policy will argue either that AGW is not a significant problem, or if
Re: (Score:2)
Re: Wait a minute....! (Score:3)
Re: Hypocritical Governments (Score:2)
Re: Hypocritical Governments (Score:2)
Re: (Score:2)
Re: (Score:2)
https://www.washingtonpost.com/world/national-security/israel-hacked-kaspersky-then-tipped-the-nsa-that-its-tools-had-been-breached/2017/10/10/d48ce774-aa95-11e7-850e-2bdd1236be5d_story.html [washingtonpost.com]
Re: (Score:2)
My laptop is AMD based, you insensitive clod.