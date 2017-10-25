Kaspersky Admits To Reaping Hacking Tools From NSA Employee PC (zdnet.com) 51
Kaspersky has acknowledged that code belonging to the US National Security Agency (NSA) was lifted from a PC for analysis but insists the theft was not intentional. From a report: In October, a report from the Wall Street Journal claimed that in 2015, the Russian firm targeted an employee of the NSA known for working on the intelligence agency's hacking tools and software. The story suggested that the unnamed employee took classified materials home and operated on their PC, which was running Kaspersky's antivirus software. Once these secretive files were identified -- through an avenue carved by the antivirus -- the Russian government was then able to obtain this information. Kaspersky has denied any wrongdoing, but the allegation that the firm was working covertly with the Russian government was enough to ensure Kaspersky products were banned on federal networks. There was a number of theories relating to what actually took place -- was Kaspersky deliberately targeting NSA employees on behalf of the Kremlin, did an external threat actor exploit a zero-day vulnerability in Kaspersky's antivirus, or were the files detected and pulled by accident? According to Kaspersky, the latter is true. On Wednesday, the Moscow-based firm said in a statement that the results of a preliminary investigation have produced a rough timeline of how the incident took place. It was actually a year earlier than the WSJ believed, in 2014, that code belonging to the NSA's Equation Group was taken.
Their version of events is much more believable than the others offers so far. Guy takes home the NSA malware, disables Kaspersky to install some warez and then realizes his machine has been p0wned, so does multiple full scans. The NSA malware is picked up during those scans and automatically submitted for analysis (the default behaviour). During this time his machine had an open backdoor.
What really worries me here is that Kaspersky apparently deleted the NSA malware and source code once they realized what it was. They should have analyzed it, generated signatures and published details. Failure to do so is far worse than simply sharing it with the Russian government, who I'd assume already had copies anyway given how leaky the NSA is.
>Not that I care if the NSA figures out my porn preferences
You should, so long as there are people out there who would punish you for them. There's a seemingly unending supply of sanctimonious people out there who will outright ruin your life if they find something about you personally distasteful.
Even though you and I are likely so unimportant to the state and they're unlikely to use what they find against you, just on general principles you should want privacy from the government as a general rule whenever it is practical.
When the three letter agencies have access to everyone's secrets, they're no longer serving the public since they have the power to control those who are supposed to be in power.
You should, so long as there are people out there who would punish you for them. There's a seemingly unending supply of sanctimonious people out there who will outright ruin your life if they find something about you personally distasteful.
In a twist of irony, those selfsame people will as likely as not have much more interesting porn records than anything a normal person has. Its projection, and we see it time and time again, from Jimmy Swaggert's television set top wanking while a hooker does God knows what, to that creep preacher in Colorado who railed on about them thar homos, but enjoyed screwing his male masseuse, to better than the rest of us Josh Duggar who has some very interesting and illegal preferences. Brings new meaning to famil
Doing that with Officially Classified materials has legal consequences. For example, I assume employees of Kaspersky want to be able to travel outside of Russia without getting arrested and imprisoned. And to be able to travel to the US for security conferences.

They said that their software sent them for analysis some files that belonged to the customer, and they deleted the files as soon as they realized that these were customer files.
If Kaspersky did not delete customer files that their software sends them, then I would definitely say you have to dump them.
"We found some of the software you were working on when we scanned your machine. Mostly we delete customer files we access by accident, but we thought this one was useful to us, so we kept it so we can reverse
The AV software was configured as such (Score:3, Insightful)
No surprise here,
Source: https://arstechnica.com/information-technology/2017/10/worker-who-snuck-nsa-secrets-home-had-a-backdoor-on-his-pc-kaspersky-says/?comments=1
Direct quote:
The NSA worker's computer ran a home version of Kaspersky AV that had enabled a voluntary service known as Kaspersky Security Network. When turned on, KSN automatically uploads new and previously unknown malware to company Kaspersky Lab servers. The setting eventually caused the previously undetected NSA malware to be uploaded to Kaspersky Lab servers, where it was then reviewed by a company analyst.
Some bullshit about the product working only as intended. Hackers have been practicing obfuscated, "looks good but has a malicious side-channel" code since forever, [underhanded-c.org] and you'd be an utter dimwit (or vatnik!) to think that Mr. Kaspersky himself of the KGB's technical school doesn't know how to put these ideas into practice both programmatically AND socially.
But guess what? Even if Kaspersky has the most honest intentions in the world, which they don't, that still doesn't prevent SORM from capturing everyt
Data trail (Score:5, Insightful)
If Kaspersky isn't working with the Russian govt, how did their Lab data end up with the Russian govt?
Oh, and the NSA dude needs some jail time as well.
Nobody has ever said the Russians had the malware. Russian government involvement is a red herring spun to distract you from the Russia-Clinton-Obama inconvenience.
That's the problem with you conspiracy kooks. Occams razor tells us otherwise.
You'll always have Pizzagate, Boris.
So it looks like what happened is what I suspected, that Kaspersky's Heuristic analysis found the file and submitted it for analysis. Which is fine since that's what it's supposed to do.
The real question is why wouldn't Kaspersky submit it to other AV Firms or even Microsoft for analysis instead of just deleting it? From what it sounds like they had full source code on a virus. I would think that would be the equivalent of striking gold in the AV community regardless of the virus's source, Unless Kaspersky
Have you ever purchased something from a store, only later to find that another item had been hidden inside, and tried to return that item to the store? I have.
I purchased a household item like a comforter that had curtains stuffed inside. Nothing particularly high value. I returned the items I had not purchased to the store. When returning the items, while it was not overt, the store basically suspected me of theft and I was not exactly rewarded for "doing the right thing". Never again.
Can you imagine
So basically, commercial software, namely an antivirus, proceeded as intended (detected malicious/suspicious code). Nothing new.
Then the Russian gov., just like the US or the UK govs. pulled that software/information based on the principle of screwing anyone's privacy (especially foreigners) over national security concerns (which when you look at it from an impartial point of view, like me (someone who literally stands between both countries in western Europe), it's a contextually solid argument, even though I am completely opposed to this relegation of privacy to second place. This is also not new, and the US knows this happens frequently. They know it because they also do it. How many Sillicon Valley corps. are sueing the US gov. to prevent just that? (Well, Microsoft just dropped it because, well, the government had a bad case and decided to pull back).
At least they're not loading Linksys hardware with trojans for deployment to China and Russia's top tier installations.
Seems like a very plausible explanation from Kaspersky, clearly not at fault, and will be a clear case of hypocrisy by whichever government decides to slander private business of the company. Not only is the government at fault (that was bad BAD behavior from the employee, unless he was whistleblowing something, like Snowden), but they also do this.
Demand local servers, just like Brasil did to Facebook, if you are worried about your info being offshored to jurisidictions you can't control the full chain of behavior.
In their defense of deleting the files (Score:2)
After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO. Following a request from the CEO, the archive was deleted from all our systems. The archive was not shared with any third parties.
To be fair, this puts them in a bind. They acquired NSA malware source code but they got it because their product uploaded it to them. If they keep it and use it they are breaching the trust of their client. I trust and give Kaspersky permission to scan for viruses and pull their executables. I don't give them permission to look through various source code on my computer. This isn't about saving or shielding the NSA, it's about the integrity of their contract with their users. Screw the NSA but Kaspe
I mean are you REALLY naive enough to believe that Windows is
1) an even slightly secure OS
2) Microsoft (and therefore the NSA) really don't/aren't using their own backdoors built right into Windows (and maybe Intel's IME) to conduct ongoing scans, analysis and upload of anything/everything of "interest" that you ever have on your PC ?
The problem is clearly the NSA employee who took the code home and put it on his Windows PC in the first place. He of all people should have known WAAAY better.
Adding AV to Microsoft is about as bad as adding an anonymous FTP server to your desktop. Passwords are only going to keep your friends honest.
NSA guy should have know. What on earth was he thinking to allow his data to be uploaded to Russia. He's going ot have a court date coming up.
I'm willing to bet that Kaspersky had an employee who was also an unknown intelligence spy on the payroll.
The intelligence agency figured out the US Govt was using software - submitted resume for spy to open job - and spy reported to work as instructed. Aren't we worried that the NSA is asking Google/Apple/ISP (cough AT&T) to open the door a crack?
Isn't this the fear of many in security? - that an unknown group could change the C compiler source code to ignore or replace certain instructions. Then m