Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Government Privacy Security

Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data (wsj.com) 267

WSJ has a major scoop today. From a report: The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool (could be paywalled), according to current and former U.S. officials with knowledge of the matter. The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company's knowledge, the program searched for terms as broad as "top secret," which may be written on classified government documents, as well as the classified code names of U.S. government programs, these people said. The Wall Street Journal reported last week that Russian hackers used Kaspersky's software in 2015 to target a contractor working for the National Security Agency, who had removed classified materials from his workplace and put them on his home computer, which was running the program. The hackers stole highly classified information on how the NSA conducts espionage and protects against incursions by other countries, said people familiar with the matter. But the use of the Kaspersky program to spy on the U.S. is broader and more pervasive than the operation against that one individual, whose name hasn't been publicly released, current and former officials said. This link should get you around WSJ's paywall. Also read: Israeli Spies 'Watched Russian Agents Breach Kaspersky Software'
This discussion has been archived. No new comments can be posted.

Moscow Has Turned Kaspersky Antivirus Software Into a Global Spy Tool, Using It To Scan Computers For Secret US Data

Comments Filter:
  • I told you so! (Score:1, Insightful)

    by Anonymous Coward

    I've been telling you people that Kaspersky is nothing more than a tool to send the KGB (now FSB) your files for over a year.

    You won't have seen my warning unless you brows at -1 because Slashdot is infested with Russian sock-puppets, idiots, and traitors.

    • Re:I told you so! (Score:5, Insightful)

      by Anonymous Coward on Wednesday October 11, 2017 @01:27PM (#55351183)

      I wouldn't be surprised if AV made in the USA does the same, just sending copies to a different three letter agency.

      • by sabri ( 584428 )
        "Could be paywalled" is Slashdot's equivalent of "additional fees may apply".

        Ergo, on Slashdot, "Could be" means "is".
      • Re:I told you so! (Score:4, Interesting)

        by NettiWelho ( 1147351 ) on Wednesday October 11, 2017 @01:36PM (#55351269)

        I wouldn't be surprised if AV made in the USA does the same, just sending copies to a different three letter agency.

        Windows 10 Defender absolutely does this. The description however promises that if the file is a "personal document" it asks for your permission first.. Upon asked what count as personal document microsoft has anwsered it means a file created with "default windows 10 apps".

        • Why would Microsoft bother with Defender to do this when they already own your whole computer with Windows?
          • Why would Microsoft bother with Defender to do this when they already own your whole computer with Windows?

            Defender is the perfect cover for something that scans your shit and sends hashes of found files to some outside entity because that what it literally does in the first place.

            • And the Windows Kernel does the very same every time you ask an application to load or save a file so there is no need to implement this in Defender and risk missing an opportunity (i.e that some people don't install it).
      • It's not clear that it's exactly sending it to the Kremlin directly, nor would it have to. If they have anything like what we have, they simply tap the internet traffic. Our government almost certainly does something similar. Kaspersky told us back in 2015 that they caught a Stuxnet-like malware invading them, so there's some credibility to this one, though there's not a lot of info other than anonymous rumors repeated by the press.

        It's fair to criticize both spying apparatuses for that, mind you. I don

    • Which just goes to show, being paranoid doesn't mean someone isn't really out to get you.

    • Re: (Score:2, Informative)

      https://hardenedlinux.github.i... [github.io]

      00 ME: Management Engine

      First introduced in Intel’s 965 Express Chipset Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip (for Core 2 family CPUs which is separate from the northbridge), or PCH chip replacing ICH(for Core i3/i5/i7 which is integrated with northbridge).

      The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are c

    • I always browse at -1 with all comments loaded. And I put more stock in AC posts than others.

    • by h4ck7h3p14n37 ( 926070 ) on Wednesday October 11, 2017 @03:49PM (#55352175) Homepage

      Regarding the NSA contractor, it sounds like Kaspersky AV was working as designed. It detected the malware the contractor was working on and sent the file back to Kaspersky Labs for analysis. It sounds to me like the NSA's security policy needs some work if a contractor can download classified files to a non-secure computer.

      Now as far as Kaspersky AV scanning for classified documents, that's certainly plausible but where's the evidence? Not running the software on sensitive computers sounds like good policy, but there's a lot of software that shouldn't be run on those types of systems. That being said, how do we know all foreign made computers themselves haven't been compromised at the factory?

      • It's just more BS, fed by natsec goons and their IT camp followers who see an opportunity to steal market share from competitor who actually has best AV product. Taking the anonymous story at face value, it still tells a story about how not just Russian FSB but Israeli intelligence hacked Kaspersky. Yet there is no concern over this Israeli hacking, despite long history of such Israeli spying including against Iran nuclear negotiations trying to use that info to feed back to collaborators in US to sabotage
    • Slashdot is infested with Russian sock-puppets, idiots, and traitors.

      What about the people who read Slashdot and who are patriots - but Russian citizens?

      If your'e walking the streets of America you might have fair grounds to think that the next person you meet is likely to be an American. When you're walking the streets of the internet, you've no grounds for continuing with such a belief.

  • It also has daily updates for my pleasure.
  • It's the weaponization of something considered a base necessity to the functioning of computers. It's the equivalent of poisoning a city's primary water supply. Yes there are others but this one is well known and been used for so long that many are dependent on it for what it provides.

    • by Mordaximus ( 566304 ) on Wednesday October 11, 2017 @01:19PM (#55351103)

      It's the weaponization of something considered a base necessity to the functioning of computers. It's the equivalent of poisoning a city's primary water supply. Yes there are others but this one is well known and been used for so long that many are dependent on it for what it provides.

      If running an antivirus is a base necessity, you've chosen your operating system poorly.

    • by Train0987 ( 1059246 ) on Wednesday October 11, 2017 @01:21PM (#55351127)

      Act of war? Spy services spy. That's why they exist and every country has spy services. How this is a shock to anyone is beyond me. Do you think that the NSA hasn't exploited every single A/V provider, hell, every single online anything?

      • Act of war? Spy services spy. That's why they exist and every country has spy services. How this is a shock to anyone is beyond me. Do you think that the NSA hasn't exploited every single A/V provider, hell, every single online anything?

        Well fuck then. Why don't you get a clearance, then get some Top secret stuff and march right over to the nearest Russian embassy and hand it to them .They'll appreciate it, and since "spy agencies spy" It'll all be good, no problem, and mybe the people you stole teh information from will give you a promotion.

        Sorry, I get this way when people make abysmally stupid remarks. The problem Boris, is that when you get caught, you then suffer the Ire of the nation you committed treason against. Sometimes the spy

    • by Anonymous Coward

      I hope most Americans consider it as such. I am tired of living but don't want the world to go on after I'm gone since I don't like missing out on things.

    • AV is not necessary to the base functioning of a computer. It is poorly designed OS architectures and architectures brought forward from antediluvian hardware which made AV a need in the first place. In reality, you are far better off with a signed executable mechanism, an ad blocker, and your web browser in a VM or container than you ever will be with AV software. Mainly because AV doesn't catch the latest stuff.

      Yes, AV sells, but it is more of a legal checkbox than something useful for an active defens

    • by rtb61 ( 674572 ) on Wednesday October 11, 2017 @09:44PM (#55353809) Homepage

      Keep in mind the reality of the story. The Israeli spy agency whilst commuting criminals acts reports that Kaspersky is harvesting 'spy tools', not harvesting the target computer of it's data but harvesting the tools ie getting a copy of that virus and it settings, plus the type of data it sends and where it sends it and hopefully where it came from. Isn't this what they are meant to do, get those hacking tools, analyse them and break them but then no story like an old story https://www.youtube.com/watch?... [youtube.com] and now twisted to attack Kaspersky why, because they were doing to good a job perhaps and exposing NSA and CIA activities and are being punished for it. This is not even a Russia propaganda thing, this is punishing a security company for exposing NSA/CIA/MOSSAD criminal activities.

      As for Israel claims of hacking, well, the spy vss spy crowd is always obvious, they always lie, it is their nature. They claim online hacking, than it is a lie, Kaspersky you have for profit Mossad moles with offshore tax haven bank accounts, want to find them, track where they went for holidays, tax haven stays are a pretty solid indicator of criminal activity. In fact any security company, any where in the world, should advise it's staff that stays in tax havens will be considered a sign of criminal intent, it is, just the way it is.

  • by Anonymous Coward

    We know already. Yes, there are some denialists but who cares. Give us some news.

    Also, if you are of no interest to the Russian government but are afraid of NSA snooping, maybe it's time to install Kaspersky.

  • by Anonymous Coward on Wednesday October 11, 2017 @01:22PM (#55351133)

    WSJ has a major scoop today.

    From a report

    according to current and former U.S. officials

    How many times are we going to let this go? Every week there is something else.

    Shocking news to grab your attention by a series of reputable outlets that have changed ownership or management in the last few years. From a report, sounds so official. With vague anonymous sources that are official in some way.

    I am not saying this is entirely "fake news". That rarely exists whole-cloth, but just look into it a little closer when it looks like a duck and quacks like a duck.

    The US government, and by extension the media sources that make their money by having cooperative contacts within it, got pissed off at Kaspersky for exposing their dirty Stuxnet secrets. Double points for Kaspersy being Russian at a time when anything remotely critical of Trump is made of ad impression gold.

    So now they set the hounds against Kaspersky and we have to put up with a media blitz. Story after story with no real proof other than "trust us, we are the media and government" when we should be doing the opposite for the same reason.

    • The Wall Street Journal (WSJ) has been owned by Murdoch since the 90's if I recall correctly. That's near on 30 years. Apparently you and I have a different opinion of what recent means. But I know, downplay it, for all anyone knows you could be one of the Russians paid to spread propaganda on the internet.

      • From wiki:
        "Three months later, on August 1, 2007, News Corporation and Dow Jones entered into a definitive merger agreement.[24] The US$5 billion sale added The Wall Street Journal to Rupert Murdoch's news empire, which already included Fox News Channel, financial network unit and London's The Times, and locally within New York, the New York Post, along with Fox flagship station WNYW (Channel 5) and MyNetworkTV flagship WWOR (Channel 9).[25]"

    • by Jahoda ( 2715225 )
      I am not saying this is entirely "fake news". That rarely exists whole-cloth, but just look into it a little closer when it looks like a duck and quacks like a duck.

      The US government, and by extension the media sources that make their money by having cooperative contacts within it, got pissed off at Kaspersky for exposing their dirty Stuxnet secrets. Double points for Kaspersy being Russian at a time when anything remotely critical of Trump is made of ad impression gold.


      Oh look, an AC shilling for Ru
    • Yep, had the same reaction. Please show proof. The software is almost publicly available, let's show where in the code there is this "top secret" filter.

      Not saying it's true or not, but this is very serious accusation and Kaspersky has explicitely stated that no, they were not that kind of company doing things for the russian secret services. So if they are really lying, please show proofs, everyone wants to know.

      But information coming from US Officials is not reliable (or even less) in the Trump era. Any

      • by Yunzil ( 181064 )

        The software is almost publicly available, let's show where in the code there is this "top secret" filter.

        Sure, and you know for a fact that the binary running on your PC was generated from that source, right?

      • Meanwhile the germans see no reason to warn about Kaspersky.
        https://www.reuters.com/articl... [reuters.com]

        I mean, the Russians are decades ahead in propaganda warfare, they own the US president, they only need a tiny budget to subvert US elections , they control everyone's computers through AVs , and Germany is in denial! It's a new Red Dawn I'm tellin ya!

  • I'm shocked. (Score:5, Interesting)

    by roc97007 ( 608802 ) on Wednesday October 11, 2017 @01:23PM (#55351145) Journal

    Shocked, I tell you.

    I said, oh, 3 or 5 years ago, or maybe it was 10? ...that an obvious vector was the antivirus product itself. Because trust has to start somewhere, and people tend to trust their antivirus software, because otherwise, what do you do? Throw out your computer and go back to books? (Now that I write that, it doesn't sound like a half bad idea.)

    And this was even before the useless nagware McAfee Security Scan started being bundled in everything to hell and gone.

    So, in a way, I'm glad this happened, because it might cause people (well, some people... well, a few people) to look a little more critically at their antivirus software.

    So everyone should convert to Windows Defender. Just kidding.

    • Re: (Score:2, Insightful)

      by ctilsie242 ( 4841247 )

      Since AV software requires kernel level access, or as close to it as possible, having AV software be a Trojan or a spying tool isn't surprising.

      I just wonder why we even have AV in the first place. Scanning for signatures is a pointless task. The two biggest entry points for infection are Trojans (that invoice that was E-mailed with the CEO's name, even though the return header is from a Lower Elbonian site), and malvertising/weaknesses in the Web browser.

      The browser issues are addressed by virtual machin

    • I dropped the "anti-" prefix years ago.
  • hasn't already done this with Microsoft, McAfee and Norton security software? Privacy and Internet Security is a myth in the 21st century. I'm sure that it won't be long before they will have the ability to listen to every home with a Amazon echo in it.
    • This isn't a zero sum game, it doesn't matter to this particular story what the US government did. Maybe other things are similarly compromised, maybe not. It would be useful to expose each one that is without trying to distract by talking about unrelated products.

      I'm sure that it won't be long before they will have the ability to listen to every home with a Amazon echo in it.

      It's cute that you think they don't have that ability now. If we've learned one thing from commercial software (which goes for cell phones, "smart" TVs, etc), it's that security is often an afterthought. Hell, even the military decided to just

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Alternative reading of this: The NSA and CIA have found that the Kaspersky AV does a good job of keeping their spyware off computers, so they spread FUD to persuade users to switch to less effective AV that doesn't keep out NSA/CIA spyware.

  • by QuietLagoon ( 813062 ) on Wednesday October 11, 2017 @01:31PM (#55351229)

    ...WSJ has a major scoop today.:...

    From the WSJ article itself:

    ...Israel’s spying on Kaspersky, which U.S. officials said provided crucial evidence that Kaspersky Lab was working with the Russian government, and the use of Kaspersky to scan for classified keywords was first reported Tuesday by the New York Times. ...

    [my emphasis] The NYTimes may not be my favorite newspaper, but credit where credit isude, eh?

  • This reminds me of a sci-fi story where the NSA somehow created a code module sometime in the past that has made its way into every anti-virus software (lot of hand waving here). The idea being that most computers have anti-virus software running and the anti-virus software won't be looking at itself (who is watching the watchers?) This allows the NSA to make every computer a part of a giant botnet, basically a global super-computer using the free CPU cycles of billions of computers. They aren't using the c

    • Re: (Score:2, Funny)

      by Anonymous Coward

      That wasn't a sci-fi story, it was one of the Snowden leaks.

  • by Anonymous Coward on Wednesday October 11, 2017 @01:49PM (#55351387)

    A decent piece by Hacker News (https://thehackernews.com/2017/10/kaspersky-nsa-russian-hackers.html) correctly points out that there is no evidence, just anonymous sources and nation state he said she said. Even if Russian ops did gain access through Kaspersky, Kaspersky might not have allowed access and are victims themselves. US intelligence does this all the time, ask Cisco about the backdoor added to their hardware mid route (thanks Edward Snowden for the revelation).

    Blaming a company without any substantial proof at this time is just more fear mongering playing into the current narrative. The fact that it's easy to take previous known code from an intelligence program and re-purpose it/style to frame another country is never mentioned in theses "OMG THE BAD GUY HACKED US!" stories is very disingenuous. But I suppose after weeks of this allegation and congressional hearings, we'll still know nothing and the story will slowly fade away except for the occasional talking point of why we should sanction/hack/declare war with Russia.

    • Re: (Score:2, Troll)

      by gweihir ( 88907 )

      I agree. But the stupid masses have accepted this flimsy propaganda story already. Let's hope Kaspersky survives this, because otherwise we all become notably less secure.

    • by AHuxley ( 892839 )
      If a nation was smart enough to find another nations spyware, staging servers it would not get detected on the internet tubes later.
      Human spies and other trusted networks would warn that all US gov/mil staff, networks are been watched.
      That any code, gems or code litter was now been tracked in real time as US staff worked.
      No skilled nation would fall for that a later cyber tracking trap.
  • I remember one day buying a computer from Best Buy and while I was paying for it the employee proceeded to open the brand new box saying he was about to install some anti-virus software. I don't know if it was Kaspersky, but I said something along the lines of "Hell no" and put an end to that.

    So nowadays antivirus software has moved on from not doing anything useful to spying on you while not doing anything useful.
  • How is Windows 10 any different? that openly collect every thing you make,open send. Every image, every doc, every email is scanned/collected.Every word spoken. So knowing this why hasn't every country in the world not blocking or not allow windows 10 to be installed on any government/employees PC? And those saying they don't do what i said lol
  • Microsoft is already spying you at the OS level, they gain nothing spying on you on the AntiVirus level.

    Also, Windows defender is free, and complies with "certification" requirements (like PCI).

    Now, for Mac and Linux (where you should be running an Antivirus anyway) the choices are more complicated. You could go with ClamAV, but that may pose problems for "certification", or go with a commercial vendor, with all the caveats that entails.

    Your choice.

  • by Martin S. ( 98249 ) on Wednesday October 11, 2017 @03:06PM (#55351895) Journal

    The _NSAKEY was discovered in Windows NT 4 in August 1999 by Andrew Fernandes of Cryptonym. It could be confirmed and reset by any hacker with a copy of NT. I did cleared mine and most of my tech colleagues did the same

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    Gates was interviews by BBC news and flout out denied its existence.

    https://cryptome.org/nsakey-ms... [cryptome.org]

  • Back in the paper days, physical access was controlled, so stamping them with an appropriate classification made sense.
    Unfortunately as things went digital, < ENTITIES > used headers/footers embedded in the document to replace these stamps.
    This makes it levels of magnitude easier to separate the wheat from the chaffe... just grep for secret|confidential|noforn|etc...
    Eventually watermarks were used instead, but then you only need to look for those.

    PGP has been around for what? 3 decades now?
    That'
  • If you were watching that show this info is almost 2 weeks old already. And The White House bought the Anti Virus software big time. So.. There go our secrets!!
  • Remember years ago when the NSA was intercepting shipments of Cisco routers and adding spy stuff? Color me un-surprised.

  • I wonder why Israel would reveal that they had the capacity to eavesdrop on russian spies.
  • ...for business method patent violation

  • I suspect all AV as being partisan. Not that they're phoning home, just that they're ignoring particular other malware that IS phoning home.
  • This is all just for the build-up of a yet-unannounced Rocky remake.
  • I was deciding between Kaspersky and Bitdefender for Mac AV. Which do you recommend?

Fast, cheap, good: pick two.

Working...