Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Crime Government Security United States

FBI Warns US Private Sector To Cut Ties With Kaspersky (cyberscoop.com) 173

An anonymous reader quotes CyberScoop: The FBI has been briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security, current and former senior U.S. officials familiar with the matter tell CyberScoop... The FBI's goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say.

The FBI's counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In light of successive cyberattacks against the electric grid in Ukraine, the FBI has focused on this sector due to the critical infrastructure designation assigned to it by the Department of Homeland Security... The U.S. government's actions come as Russia is engaged in its own push to stamp American tech giants like Microsoft out of that country's systems.

Meanwhile Bloomberg Businessweek claims to have seen emails which "show that Kaspersky Lab has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly admitted" -- and that Kaspersky Lab "confirmed the emails are authentic."

Kaspersky Lab told ZDNet they have not confirmed the emails' authenticity. A representative for Kaspersky Lab says that the company does not have "inappropriate" ties with any government, adding that "the company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."
This discussion has been archived. No new comments can be posted.

FBI Warns US Private Sector To Cut Ties With Kaspersky

Comments Filter:
  • by Anonymous Coward

    For months trying to destroy this company in an attempt to validate their bogus claims of russian hacking.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Out of all the text at the end of the article:

      The issue of a code audit was dismissed as a “publicity stunt” earlier this year by Jake Williams, an ex-NSA employee who has called the U.S. government’s efforts against Kaspersky “purely political.”

      • Maybe...I would take the words of ex-employees with a grain of salt.
        • I would take even the claim that he's an ex-employee with a grain of salt!

          He could just as well be a guy they found at the homeless shelter and cleaned up to read a script.

          I mean, wouldn't the sort of person who would be working at the NSA know that that employment is secret, and that nobody with two brain cells to rub together would believe you if you told them, because if it was true you wouldn't tell them.

          If somebody who used to work there writes a book on their deathbed, maybe. If somebody is blowing th

    • Maybe...but it is well known that Eugene Kaspersky is Vladimir Putin's sauna buddy. I guess they talk about more than just how hot and sweaty they are.
  • Cum grano salis (Score:5, Insightful)

    by sehlat ( 180760 ) on Saturday August 19, 2017 @08:10PM (#55050067)

    Given that the FBI has repeatedly made it plain that they want unrestricted and owner-involuntary access to every piece of hardware on this planet, I'd take any cybersecurity recommendation they make with a grain of salt the size of the Benjamin Franklin [wikipedia.org].

    • Re:Cum grano salis (Score:4, Insightful)

      by fustakrakich ( 1673220 ) on Saturday August 19, 2017 @08:48PM (#55050165) Journal

      Kaspersky can make a great advertising campaign out of this.

      *Banned in the US for refusing to whitelist government malware*

      • by gweihir ( 88907 )

        Pretty much my take also.

      • by Anonymous Coward

        I hate to rain on your conspiracy theory, but if that were actually true then Kaspersky could just point to the actual backdoor in the US products.

        • by PPH ( 736903 )

          Kaspersky could just point to the actual backdoor in the US products

          Using this same logic, the FBI could point to the actual backdoor in Kaspersky's products.

      • Re: (Score:3, Interesting)

        by Zemran ( 3101 )
        I completely agree. I read this and think that I am now far more likely to use Kaspersky that I was before and I think many large businesses will think the same. The greatest cyber threats in recent years have come from the NSA, not Russia. There is a smear campaign under way and we are entering a new cold war that we may well lose. Europe have no intention of losing Russia as an ally because now they trade with them they see them as they are rather than as the propaganda paints them. This is not the 5
        • I read this and think that I am now far more likely to use Kaspersky that I was before and I think many large businesses will think the same.

          And that's exactly what the government wants you to think. Kaspersky is really a triple agent, working for our side, along with Snowden. He's coming back with a treasure trove, real soon now...

        • by Anonymous Coward

          So the sanctions which the EU placed on Russia are just a friendly reassurance, are they, and nothing to do with Russia invading Ukraine?

        • by sjames ( 1099 )

          It's interesting how the claim that they messed with our election. They sort ofdid since they only exposed one side, but they didn't exactly manufacture the dirt, they just exposed it for all to see.

          If what Russia did rises to the level of interference with the election, then what the FBI did certainly does too.

          It's really sad that we've come to a point where between the Russian government and the American government, Americans are genuinely unsure who the bad guy is.

    • Re: (Score:3, Insightful)

      by Dracos ( 107777 )

      Agreed. This sudden vendetta against Kaspersky suddenly feels less like they did something and more like they refused to do something the government wants.

    • by gweihir ( 88907 )

      Probably indicates that Kaspersky is not collaborating with the FBI, but doing their job. Of course, they may be collaborating with Russian intelligence instead. So to be sure to find government malware, run both Kaspersky and an FBI-approved scanner.

      • Re: (Score:3, Insightful)

        by green1 ( 322787 )

        If you're an average citizen, you're far safer with a foreign power watching you than a domestic one. The foreign one is unlikely to be able to do anything about things they don't like.

        Now if you're the one who runs the domestic spy agencies that's a different story, but for the rest of us, I always assume someone's watching, I always just hope it's nobody who has any power over me.

        • by Anonymous Coward

          Yeah, it's not like the Russians were able to poison Litvinenko in London because they didn't like what he was saying or anything is it.

          The idea that Western security agencies are so bad that it's better to have foreign agencies spy on you is a myth that just needs to die. Western intelligence agencies have a lot to answer for, but at least they're not as bad as the likes of the FSB who will basically nail anyone who disagrees politically, or is gay, or otherwise different, with anything from a beating, to

          • Litvinenko was a totally average citizen with no special reason to fear Russia, sure. You think the FSB goes after foreigners for insulting Putin or being gay? No, they only go after domestics, and escaped domestics who have influence in Russia, and possibly Georgians or Ukrainians. (It's the CIA that has true worldwide reach, but will only mess with you if you're a prominent politician opposing US policy in your country.) 99.999999999% of Americans or UKians are of no interest to Russia, but considerable i

    • by nmb3000 ( 741169 )

      Given that the FBI has repeatedly made it plain that they want unrestricted and owner-involuntary access to every piece of hardware on this planet, I'd take any cybersecurity recommendation they make with a grain of salt

      That may be true, but do you really think the Russian government is less interested in this same thing? I don't like FUD without evidence, but if you really fear the motives and reach of the US government, then you'd best be even more very worried about Russia as well.

      And, ask yourself this: Would you trust a Chinese software company headquartered in Beijing more or less that Kaspersky, headquartered in Moscow, or Symantec, headquartered in Mountain View? At this point if you distrust one, you'd probably

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        At least of the three, the US is still democratic and answerable to Congress.

        ... which is answerable to lobbyists, which are answerable to multinational corporations, which are answerable to the private banking system (of which the Federal Reserve and similar institutions in most other 1st-world nations are members).

        Russia is among the few BRICS nations. Brazil, Russia, India, China, South Africa. They said "hell no" to the private bankers running everything. It's no coincidence there is a concerted propaganda effort against Russia. The truth is, Putin is a chess player. He's o

      • by sjames ( 1099 )

        OTOH, I am less likely to say, do, or know anything that the governments of Russia or China give a crap about. Certainly nothing they care enough about to actually launch a covert operation in the U.S. to actually do anything to me.

        But as for U.S. government, all it takes is for me to see a cop commit a crime.

  • Better idea. (Score:4, Insightful)

    by Gravis Zero ( 934156 ) on Saturday August 19, 2017 @08:14PM (#55050077)

    Cut all ties with Microsoft and you won't even need ties to Kaspersky Lab. We should all cut ties with Microsoft.

  • I wonder if Russia can fight that at World Trade Organization's dispute settlement body? This is a flavor of protectionism US vowed to end when signing WTO treaties, after all.
    • by Dunbal ( 464142 ) *

      I wonder if Russia can fight that at World Trade Organization's dispute settlement body?

      What's the point? The US has proven time and again that it simply ignores WTO decisions (where it has lost to Nicaragua, Antigua and more recently the EU) when they become inconvenient. The WTO is meant to happen to OTHER people.

      • If US ignores the ruling, WTO will probably grant Russia the right to ignore intellectual property rights of US firms. It did in the past for Antigua if I recall correctly.

        The difference is that Antigua is not full of high-skilled programmers that could turn leaked Windows sources into a rival commercial product.

        • If US ignores the ruling, WTO will probably grant Russia the right to ignore intellectual property rights of US firms. It did in the past for Antigua if I recall correctly.

          The difference is that Antigua is not full of high-skilled programmers that could turn leaked Windows sources into a rival commercial product.

          The WTO generally does not operate in that manner.

          If Antigua was a signatory to the WTO, they agree as a condition of membership to respect and support the enforcement of the IP rights of other members.

          What they will do, is if a harm is determined, is to give the harmed party the right to impose specific sanctions. Exactly what those sanctions are are left to the harmed party, rather than specified by the WTO. They do have to be reasonable, that is, in general equivalence with the harm done by the first (lo

          • by xlsior ( 524145 )
            The WTO generally does not operate in that manner.

            If Antigua was a signatory to the WTO, they agree as a condition of membership to respect and support the enforcement of the IP rights of other members.


            The WTO generally operates by having signatories follow the rules and abide by its rulings in the case of disputes -- but if a member country breaks the rules and does not fulfill their obligations, it's still an option that's on the table to force members to abide by the agreement.

            The US violated trad
    • Nope. The FBI's recommendation has absolutely no legal force. Any company that takes its advice does so voluntarily.

      Further, the FBI isn't targeting all Russian security companies, just one high profile company. And despite the "Fake News" trolls coming out in the comments here, there's been serious doubts expressed about Kaspersky ever since Putin's control over the company increased after he started attacking their management in Russia, including arresting and charging the company's computer incidents

      • ...not exactly in tune with US interests.

        Given what we've seen constituting "US interests" over the last couple of decades or so regarding the actions & behaviors of US TLAs towards the digital/online security and privacy of US citizens and the Constitutionally-guaranteed civil rights they have and are currently violating, that's a selling-point not a downside.

        Strat

  • claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security

  • Is this the same FBI that was sure Iraq had WMDs? We all know what happened thereafter.

    The report, while seemingly convincing, was a pile of lies. [scribd.com]

    Sadly, after so much life had been lost. Folks continue to pay for the mistakes. why should we put any stock in these statements?

  • Symantec and the like have outright admitted cooperation with US spooks. At this point, if I were in charge of security I would be buying all computer hardware from outside sources like Huawei and Kaspersky, at least they've indicated unwillingness to cooperate with US stooges and Chinese/Russians infiltration would both be easy to detect and any positive evidence would seriously damage their reputation. Symantec and Microsoft have plainly given NSA and even BSA access to their information.

    • Symantec and the like have outright admitted cooperation with US spooks.

      In other news, protectionism is all the rage in any nation's trade policy. It's much more sensible to appease your home government than a foreign one. General Motors and Ford are implying Toyota exhibits greater fealty to the Japanese government than to the wishes of their American counterpart.

      Crazy how much power we still afford imaginary lines on the earth.

  • by Dunbal ( 464142 ) * on Saturday August 19, 2017 @08:37PM (#55050133)
    Government is telling you which software to use. You wouldn't want people to think you were a terrorist, would you?
    • No, they're recommending which software not to use.

      The police department often recommends not drinking and driving.

      The weather service recommends wearing suitable clothing during a weather event.

      The department of fish and game recommends keeping a tide table with you when fishing in salt water.

      Are you scared of rain gear and safe driving yet?!?

  • by LeftCoastThinker ( 4697521 ) on Saturday August 19, 2017 @08:38PM (#55050139)

    Maybe the question to ask Kaspersky is what exactly would an inappropriate relationship with the FSB look like according to them? It seems like there is some pretty damning evidence that a bad actor state (Russia) has been working closely with Kaspersky in a way that violates the expectation of most of the free world. If Kaspersky is serious about clearing it's name, it should clearly define and limit it's relationship with the FSB and the Russian government. Unfortunately for Kaspersky, being based in Russia, a country without a constitution or bill of rights limits what they can actually back up with action, unless they shift the bulk of their organization out of Russia, and I don't see that happening.

    • by Dunbal ( 464142 ) *
      How about you apply those same standards to US firms and the CIA/NSA?
      • When the US wants to take over and rule the rest of the world, I would be happy to, until then your moral equivalence falls flat...

        • So now you are going from "haven't invaded another country in the past few months" to "take over and rule the rest of the world"? That is, at the same time, moving the goal posts and a strawman argument. You are not a thinker, dude. You are a wannabe demagogue.

          • Your professor clearly failed to teach you logic (or you were taught what to think instead of how to think). Take a seat because school is now in session:

            No, it is not moving the goal posts. Recent invasion for the purpose of occupation and assimilation is a huge red flag indicator of a nation looking to further it's power and holdings by military action (AKA take over the world in common vernacular). Please show me any evidence that the USSR did not want to take over the world? Where is the evidence th

            • by Luthair ( 847766 )

              Iraq war: Rogue dictator threatened the US with WMD after kicking out legally required UN nuclear inspectors for several years. Afterwards we removed 200 tons of yellow cake uranium, multiple mobile bio/chem labs and his chemical weapons were later located being used by Asad, Saddams allies in Syria. The US set up a democratic government and trained an Iraqi army to facilitate the Iraq people having their own governance and sovereignty as well as building billions of dollars of infrastructure.

              You should really do some reading because this doesn't match reality at all. https://en.wikipedia.org/wiki/... [wikipedia.org]

              You've also entirely skipped the USA attempting and causing regime changes.

              • I have a news flash for you: Wikipedia does not always reflect reality, especially when you get away from the hard sciences. If you think it does, you will end up ignorant and brainwashed.

                Regarding Iraq, I don't need some half whit liberal shill on Wikipedia to tell me what he read from some other half whit liberal, which is what is actually on Wikipedia:

                "Seymour Hersh writes that, according to a Pentagon adviser, "[OSP] was created in order to find evidence of what Wolfowitz and his boss, Defense Secretar

    • by Kjella ( 173770 )

      Maybe the question to ask Kaspersky is what exactly would an inappropriate relationship with the FSB look like according to them?

      NSL.

    • by Zemran ( 3101 )
      Nearly every country has a constitution, Russia is no different. http://www.constitution.ru/en/... [constitution.ru] Kaspersky is in Russia and has a relationship with the FSB just as US security companies have a relationship with the NSA. I trust Kaspersky far more than I trust Microsoft etc. because they are far more open about their relationships and what they do. If they want to remain trusted the last thing they should do is move out of Russia.
      • There is again a difference between having a constitution in theory and in practice. You are extremely naive if you think there is equivalence between the NSA and the FSB. As far as I am aware, the US hasn't spontaneously invaded any neutral countries recently, or mounted massive cyber attacks against said countries, shot down commercial airliners etc...

        • Seriously? "I am the good guy here, I haven't killed anybody since last Thursday", that is your argumentation? Dude, you are not only uneducated, you are downright brainwashed.

          • One of us sure the hell is brainwashed.

            On the one hand you have the US, the equivalent of a police officer. Not perfect, but clearly a force for good in the world. The US saved millions of lives in WW2, South Korea, etc. at our own expense of blood and treasure. After WW2, we didn't plunder and annex the losing countries. We created stable democracies where people live in peace and freedom in Japan and Germany. We tried to create peaceful democracies in Iraq and Afghanistan and spent billions to rebuil

    • Seriously, what are you smoking? First of all, most countries in the world have a constitution, Russia is no exception. Second, why would you even care about FSB unless you live or visit Russia and plan to commit federal crimes there? FSB is more or less like FBI, foreign intelligence is not on their task list.

      • Having a constitution in theory and having a constitution in practice are two very different things. I suggest you educate yourself on the actual political state of Russia. You are dangerously naive if you think there is any equivalence between the FBI and the FSB.

        • It is not that I am naive, it is that you are uneducated, like you have already shown with saying that Russia has neither a constitution nor a bill of rights, and now just trying to cover it up with semantics. Yep, you are uneducated, because you also don't know that the FSB doesn't do foreign intelligence, that is the job of the SVR. The only real difference between the duties of the FSB and the FBI is that the FSB is also responsible fоr the border and the coast guards. The rest - the fight aga

          • I have an experiment for you:

            1. Go to Russia
            2. Become a Russian citizen (you can skip this if you want).
            3. Start writing for a Russian news outlet or blog
            4. Criticize Vladimir Putin

            Let me know how well that constitution limits the power of the government or that bill of rights protects you from living out your days in a Siberian work camp.

  • Offers to see code (Score:5, Insightful)

    by Tyrsal ( 3692357 ) on Saturday August 19, 2017 @08:39PM (#55050145)
    Considering Kaspersky has been distressed enough about this negative publicity to directly offer both the FBI and CIA access to it's source code and these offers have been rebuffed, I'm not exactly sold on anything the FBI has to say here as being anything more than a stunt
    • by Anonymous Coward

      about ClamAV (Cisco), McAfee (or whatever it is called now.), Symantec (Garbage since the Norton buy and ruination.), and Defender (Microsoft, who according to the EULA for Windows, nevermind Defender, can scan all your files and report believed infringing files to whoever they want as well as remotely access any of your files for any reason including Law Enforcement usage.)

      Given all of these, and Kaspersky's overall good (but definitely not perfect) reputation as an AV company dating back 15+ years, they s

    • by chill ( 34294 ) on Saturday August 19, 2017 @10:07PM (#55050409) Journal

      Access to source code is meaningless. You need to be able to match it to the different binaries, otherwise how do you know what you're looking at is what is actually executed?

      With complex code that uses dynamic libraries, and is updated sometimes DAILY like anti-malware software is, there is no benefit from viewing source that you don't compile and maintain yourself.

    • Kaspersky has been distressed enough about this negative publicity to directly offer both the FBI and CIA access to it's source code

      What does AV software do? At the end of the day, what does it do? Essentially it deletes files. It recognizes something is malicious, and it has complex scripts that removes it. That's what the software does, and that's what the source code was written to do. So now lets say you want to take down the electric grid of some power company, and your AV software is running on their computers. You push a virus definition file that flags critical files on those computers as malicious and the AV software deletes

  • ... sever ties with the NSA.

  • Well between Microsoft, Apple and now Kaspersky seems there are little trust with Proprietary Software with vendors outside of the country of origin. And who knows what is embedded in modern cell phones.

    Maybe this will finally convince people and businesses to move to Free Software. And more importantly, convince companies like Nvidia to release source of their drivers and firmware. one can always hope :)

  • And meanwhile, someone weaponized a couple exploits developed by the NSA, and, lo and behold, Wannacry is born...

    Coño, no te jode?!

    I live in Venezuela. If I have to get spied, I will better be spied by the most efficent and cost effective solution. If Kaspersky's products cathes the most Virii (NSA developed ones included), then that's the solution I'll use...

    And, as an aside (or full disclosure, as you preffer), I worked for Huawei a long time ago, and I do freelance technical training for them from t

  • So they've finally started giving the same advice I started giving my clients over a month ago. Boy, these guys are just Johnny-on-the-spot, aren't they?

    • Hell, I've been saying it right on this website for years, and I've got the downvotes to prove it. ;)

  • ... public sector and the goddam government sector?

    When the shit hit the fan, I'd download Kasperky's stuff just long enough to haul an infected computer out of the ditch because it was some good shit.

  • I guess this one really works!!
  • Again, since Washington apparently need demons to distract us from the other ones we already know about, lets choose the ones who could possibly have been our allies instead. Microcosm for the entire US-Russian relationship. Fucked up.
  • all the time is, if and when you really are telling the truth, you can't get anyone to believe you.

    It is a simple lesson the US Government has failed to grasp.

    I don't trust my own government any more or less than a foreign one at this point.

    As a result, I've simply tuned it all out.

    • I don't trust my own government any more or less than a foreign one at this point. As a result, I've simply tuned it all out.

      If you consider US and Russian governments equally bad, I don't think you have ever been tuned in. To illustrate, when people here (in Eastern Europe) are "concerned" with political climate in the US, they fear that it will turn into something like Russia.

      • Well, I live in Eastern Europe, in city called Moscow. And I frankly don't see anything different wrt US vs Russia. Both countries are equally based on Western European groupthink ideology. Both in ideology and in practice there's no difference whatsoever, at least as far as ruling elites are concerned. They could be as well coming from same nation.
        • Play your word games in Russian, in English the place "Eastern Europe" does not include Moscow, which instead is in Russia. Which is mostly not even in Europe, but is certain not Eastern Europe. Is it in the east part of Europe? Probably, but eastern Europe and Eastern Europe have an important lexicographical difference that completely changes the meaning.

          • If you check the map then Moscow most definitely is located in eastern part of Europe, and attaching any other meaning to it is deceptive, capitalization or no. Sometimes Eastern Europe also rather confusingly refers to Slavic dominated part of Europe, but even then Moscow still belongs there.
            • If you check the map then...

              Right. But, there was enough information in my post to tell you that I already have read maps. And so knowing what you know now that you've considered the map, you can go back and read my words and understand them this time. Well, you at least have some chance to.

              There is a very obvious meaning of my words that doesn't require you to assume mistakes. When you assume mistakes just to make it match up with your own thinking you guarantee you won't comprehend words other people say.

              • No, even if I look at whole context it still makes no sense to exclude Russia. Like who else would care more about situation here, or actually know about it for that matter, other than people living in Moscow?
          • As a native English speaker, I think you're the one playing word games.

            https://en.wikipedia.org/wiki/... [wikipedia.org]

            Moscow is a major political, economic, cultural, and scientific centre of Russia and Eastern Europe, as well as the largest city entirely on the European continent.

            Saying it's in Russia and therefore "certainly" not Eastern Europe is like saying Hawaii is in the United States and certainly not the Pacific Ocean.

            • No, you're picking out a city as a proxy for a county so that your point looks better. That is clearly a word game.

              Try it again but only use the names of countries, and you'll at least be responding to what I said.

              Not only is it just word games, it is really weak word games.

              Like, did you really not know that the phrase "Eastern Europe" with the word Eastern capitalized is referring to a know group of countries, and that you could look that list up on the internet? Historically they were mostly defined by th

        • Well, I live in Eastern Europe, in city called Moscow. And I frankly don't see anything different wrt US vs Russia.

          As the folk saying goes, menshe znaesh, krepche spish.

  • By comparison, so is a bottle of water in an airport, so that claim doesn't actually carry much weight anymore.

  • The solution is to just open source licence the source code and publish in a Reproducible format [reproducible-builds.org]. The Virus matching data and backend can be kept a proprietary service. This could open up a new business model, scanning source code for potential hostile actions and vulnerabilities.

It is the quality rather than the quantity that matters. - Lucius Annaeus Seneca (4 B.C. - A.D. 65)

Working...