Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Government Security United States

US Government Weighing Sanctions Against Kaspersky Lab (cyberscoop.com) 99

An anonymous reader quotes a report from CyberScoop: The U.S. government is considering sanctions against Russian cybersecurity company Kaspersky Lab as part of a wider round of action carried out against the Russian government, according to U.S. intelligence officials familiar with the matter. The sanctions would be a considerable expansion and escalation of the U.S. government's actions against the company. Kaspersky, which has two ongoing lawsuits against the U.S. government, has been called "an unacceptable threat to national security" by numerous U.S. officials and lawmakers.

Officials told CyberScoop any additional action against Kaspersky would occur at the lawsuits' conclusion, which Kaspersky filed in response to a stipulation in the 2018 National Defense Authorization Act that bans its products from federal government networks. If the sanctions came to fruition, the company would be barred from operating in the U.S. and potentially even in U.S. allied countries.

This discussion has been archived. No new comments can be posted.

US Government Weighing Sanctions Against Kaspersky Lab

Comments Filter:
  • For working on (Score:5, Insightful)

    by AHuxley ( 892839 ) on Monday April 23, 2018 @08:26PM (#56491767) Journal
    https://en.wikipedia.org/wiki/... [wikipedia.org]
    Stuxnet
    Flame
    Equation Group https://en.wikipedia.org/wiki/... [wikipedia.org]
    Android cyber-espionage used by 60 governments.

    The internet needs all the security it can get. Why would the US not want quality global security research?
    • Re:For working on (Score:5, Interesting)

      by Anonymous Coward on Monday April 23, 2018 @08:50PM (#56491867)

      The answer is exceedingly self-evident: the US doesn't want research into its own malware.

      • by thesupraman ( 179040 ) on Monday April 23, 2018 @08:54PM (#56491889)

        Yes, it is also clear that Kaspersky is the only major threat protection software that has not agreed to whitelist US government malware.

        Have the US government realise that this is just a form of Striesand effect recommending Kaspersky to anyone who doesnt that the US to know their affairs?

        • by AHuxley ( 892839 )
          Makes a user wonder what a lot of the other EU and US AV brands are doing that the US gov totally approves of?
          • Makes a user wonder what a lot of the other EU and US AV brands are doing that the US gov totally approves of?

            They do what they must for a piece of that valuable US/EU/Five-Eyes market.

            No different than US tech companies vis a vis China. Just look at how Google is assisting the Chinese government with it's digital tyranny over the population. Just a different authoritarian regime's security service to have to make happy in order to compete with the competition.

            Strat

          • US AV brands are doing that the US gov totally approves of?

            They are not white-listing Russian malware ?

            Same as EU vendors aren't white-listing Chinese malware ?

            Slowly reaching the point where going the VirusTotal/MetaScan/etc. route is the best :
            throw as many different AV engine at it, and hope that at least one of these engine won't have it on the whitelist mandated by their local government.

        • That's why they don't want anyone to be able to install their software. Brand them as enemy spies and run a FUD campaign. The whole thing started when US government malware developers had their half finished malware flagged by Kapersky and auto uploaded for analysis. The intelligence bosses were outraged. How dare anyone protect themselves against the out of control NSA? The angriest person is the slave owner whose slaves attempt to escape.
    • Re:For working on (Score:5, Insightful)

      by Tom ( 822 ) on Tuesday April 24, 2018 @01:48AM (#56492647) Homepage Journal

      Why would the US not want quality global security research?

      Because Kasperky could detect the next US-government-sponsored malware. The other malware companies can be "convinced" to play nice.

  • Sanctions, as such, are political acts. They don't have to comport with independent legal proceedings.
    • by Xest ( 935314 )

      Because they have to judge the impacts.

      When Trump threatened tariffs against steel/aluminium, Juncker in the EU being the absolute clueless corrupt prat he is made the same claim about waiting to see if it's worth applying sanctions against US brands like Harley Davidson and Levis.

      Levis slipped off the list of possible companies a few days later, presumably because someone pointed out to him that sanctioning an American company that employs quite a few people in Europe (it has a factory in Italy, and stores

  • The Agenda (Score:5, Insightful)

    by AlanObject ( 3603453 ) on Monday April 23, 2018 @08:54PM (#56491891)

    It really seems to me that someone or someones high up in the U.S. govt really has it in for Kasperskey. Is that just my impression or does anyone else feel that way?

    I would think that if the company actually had any malware in their security products it would have been detected by now. At the end of the day if they were doing Bad Guy Stuff then it would have to write Bad Guy Stuff either to local storage or onto the wire even if it is encrypted. There are a number of automated tools for detecting this both in a simulated environment (VM) and on real hardware.

    Has there been any revealing of this kind of behavior that I missed? If not this seems like an awful lot of punishment in the absence of any crime.

    So what's the motive here?

    • One would think that if Kapersky software contained malware, the NSA could reveal it and kill the company with a single blow.

      • by Anonymous Coward

        The agenda is that the mass media had made a huge anti Russia push because of Trump, and likely Kapersky are one of the few AV vendors they cannot get within their grasp to "whitelist" their spying tools or insert back doors to scan the public's PCs. Considering that no one independently has found anything wrong with Kapersky's software, that leans even more towards the prior agenda. If anything Kapersky might be one of the more trustworthy AVs to use cause god knows what all the other AVs have whitelisted

      • Re: The Agenda (Score:5, Interesting)

        by rtb61 ( 674572 ) on Tuesday April 24, 2018 @01:50AM (#56492649) Homepage

        Always look at stuff from the professionally paranoid point of view (not an insult, gees they get cranky, just the nature of the job, you have to be professionally paranoid). The US governments wants to use entirely corrupt security letters to put back doors in security software sold to foreigners. Immediately they will suspect foreign governments of doing the same thing, the US does it, why wouldn't Russia or China do it. It has to be careful how it tackles this though, a blanket ban on foreign security software would generate a blanket ban on US security software and wipe out the security letters and back doors, mind you this includes stuff like M$ windows updates, which are now individually packaged, a specific user's computer get a specifically targeted update (only for high level hacks but will get caught if that computer is already being monitored by local intelligence agencies, change in traffic). It would be much cleaner to simply blanket ban all foreign security software and entirely reasonable to do so but the messy bit about US software being banned by foreign countries for exactly the same reason, forces this messy rubbish with Kaspersky. They will be banned one way or another, they will just have to accept that and the Russian government will ban US/EU security software for the same reason.

        The only way out, open source the code and any updates and the updates must be served locally, only after the code for the update has been supplied and verified (so you can image open source security software becoming part of FOSS distributions to simplify the issue for everyone). Should the Russian government decide to be really mean, they can simply review copyright law and shorten copyright protection to 25 years from date of first publication and that will hurt the US by far the worst and many other NATO countries will also feel the brunt of that (UK/France). People would just source 60s, 70s and 80s content out of Russia (keep in mind, current movies demonstrate that music from those eras are much more popular than the autotune crap of the last couple decades and movie and TV series have similarly crapped out apart from the odd few exceptions). Of course China would join in, they are not really pleased with the US either and other partner countries would follow suit. So 2018 - 25 = 1993, so youch, makes the Kaspersky ban a joke in comparison and does not hurt Russia and China any where near as much as the US, a tiny fraction in comparison. US want's a trade war, it shouldn't be surprised 'when' it gets kicked in the copyright licence fee crown jewels, software as well. This US would lose far more in copyright licence fees than the entire rest of the world combined.

        They can fend that off with a blanket ban on all foreign security software and simply not mention Russia or Kaspersky. Of course Russia and China could still simply extort 'er' bargain the 'Trump' way, to get greater cooperation from the US with the threat of the downward revision of copyright laws (originally 14 years, so very hard to diplomatically argue about 25 years but the money gone, wow, not just revenue but the valuation of assets, from billions to ZERO and that would also hurt the US dollar, a lot).

      • The issue is that it's security software with low level access to your system which is controlled by a company which is controlled by Putin. It may not have malware in it now, but of course it has mechanisms in place to enable the distribution of malware very quickly.

    • by Anonymous Coward

      It really seems to me that someone or someones high up in the U.S. govt really has it in for Kasperskey. Is that just my impression or does anyone else feel that way?

      I would think that if the company actually had any malware in their security products it would have been detected by now. At the end of the day if they were doing Bad Guy Stuff then it would have to write Bad Guy Stuff either to local storage or onto the wire even if it is encrypted. There are a number of automated tools for detecting this both in a simulated environment (VM) and on real hardware.

      Has there been any revealing of this kind of behavior that I missed? If not this seems like an awful lot of punishment in the absence of any crime.

      So what's the motive here?

      That is not how sophisticated state owned malware works. They would not code in obvious malware like spyClass with method uploadSecretsToKGB(). They would bake in a very obscure security 0 day and just let their state sponsor know about it. When it eventually gets compromised it will be patched and they will act shocked. It would probably be a very miniscule security exploit that grants just enough access to compromise another app and then install the real malware payload. This is all assuming that the Russ

    • by AHuxley ( 892839 )
      Re "So what's the motive here?"

      The problem for the USA and UK is that their gov/mil malware is regional and has to stay hidden.
      When discovered the malware also has to look very average.
      The UK wants to collect on every computer network in Ireland and all Irish supporters in the USA.

      So subtle differences in gov malware only found in the wild in Ireland/USA would get detected by the more advanced AV brands.

      The US wants collect it all but different cyber projects do not want to collect within the USA, 5
    • by chill ( 34294 )

      Yes. They aren't accused of having malware inside their product, but rather that their product sends back hashes of files found on the system. This is normal AV behavior, as they use the hashes to identify known good files from known bad.

      However, the accusations were this, combined with the ability to send whole files up for cloud analysis, have been used by the Russian Gov't to identify classified material on U.S. systems and steal files.

      While Kaspersky themselves claim no such activities, and that their u

      • by ( 4475953 )

        [...] been used by the Russian Gov't to identify classified material on U.S. systems and steal files.

        That would justify not allowing Kaspersky as antivirus on government machines that handle classified material. If they have allowed this before that would have been surprisingly stupid. Or does it work like that? "Hey, this machine handles classified data, so make sure to put an arbitrary, foreign anitivirus program on it." That would be stupid.

        No, there is more to the story than meets the eye. Kaspersky's cloud service has uploaded NSA malware and they have analyzed it. That's why US authorities are so fur

    • NSA malware developers had their half finished malware flagged by Kapersky and auto uploaded. This utterly outraged the intelligence bosses. How dare anyone attempt to protect themselves against their weapons? In order to them to control us, we must be defenseless.
    • They are aftet ALL non-American companies. Huawei us another. The US went from "brown people are evil"
      "Everybody is evil".

  • In a politically-correct response, Kaspersky has a new name, which would have far reaching global consequences. They made the stunning announcement before the decision was made official in US courts with regards to the sanctions. A spokesman said that it is not a reaction to other politically charged news -- this was in their plans for two years they said. " We are now known as Kowalski Labs

    • Yevgeniy ("Eugene") Kaspersky is a Chekist, i.e. an "ex"-KGB spy. He cannot be trusted any more than Putin.

  • What may happen is that people would follow this example and start introducing their own private sanctions. It may hurt international commerce, global division of labor, ideas and goods exchange.
  • I think meat-hooks and piano wire would be the best approach to taking care of Chekists, but harsh sanctions will do in the meantime.

  • I am guessing that trump admin will stop it if there is any proof at all, that Kaspersky has helped Putin.
  • Kaspersky has worked to uncover some of the worst malware out there and I think that's at the root of this. Why? Because the US has lost some of its best tools for spying, hacking and infiltration because of their work. Does it bother me that they're based out of Russia? No. We still do a lot of business with the Russian gov't and that's what gets lost. Anybody remember the ISS? How do US astronauts get to/from it?

    So okay, US Gov't show us your "evidence" show us what the NSA knows about Kaspersky in ter

  • "The evidence of close ties and cooperation between Kaspersky Lab and the Kremlin is overwhelming..."

    Cite a law or fuck off. Useless war mongering Senator....
    • If Isreali spies can infiltrate Kaspersky, it stands to reason that the Russian Federation would be able to have spies as well. Their corporate management doesn't necessarily have to have any ties to the Russian government, only that the employees that work there are easily accessible, such as the Kaspersky executives being arrested for treason. [arstechnica.com]

      I'm pretty sure that in Russia, treason means anything they want it to mean so that you do what they want.

God made the integers; all else is the work of Man. -- Kronecker

Working...