Russian Hackers Exploited Kaspersky AV to Steal NSA Data on US Cyber Defense

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Hackers working for the Russian government stole details of how the US penetrates foreign computer networks and defends against cyberattacks after an NSA contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter. The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky’s own account it has more than 400 million users world-wide.
 
Right, hackers. Or can we just assume that the Russian equivalent of the NSA walked into Kaspersky and placed a monitoring appliance. If the NSA does it to US companies, I wouldn't doubt the Russians are doing it to their own.

Kinda smart, as AV can scan and catalog the files on a system. After that, it's just a matter of some algorithm/software filtering for keywords.
 
Cali3350 said:
I have it on good authority Russia is our friend and totally on our side.
Click to expand...
It's OK because 2 wrongs make a right.
First no no, the contractor put secret stuff on his personel computer, after that it was all downhill.
Besides, "Kaspersky told the Journal in a statement that it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”"
 
if you use anything electronic considered yourself hacked russian or nsa...........dont forget windows 10 !!!!!!!!!!!!
 
Jim Kim said:
It's OK because 2 wrongs make a right.
First no no, the contractor put secret stuff on his personel computer, after that it was all downhill.
Click to expand...

Seriously WTF! I just don't get it...when you have a clearance, its drilled into you how to handle classified information and moving it from a classified to unclassified system is a big fucking no-no.

I hope someone throws whoever did this ass into jail along with Reality Winner.
 
Possibly the antivirus detected actual NSA malware...which it's supposed to do! My guess is there's nothing nefarious in the software. Somebody just got tipped off, is all.
 
Russia Russia Russia. Oh wait Russia doesn't like us and actually tends to interfere often.
 
CombatChrisNC said:
One, that contractor was a total dumbass.

Two, Kaspersky just lost any credibility they had left - which wasn't much.
Click to expand...

Kaspersky is low on credibility? Since when? I've seen a lot more defences of Kaspersky following the US government ban on their products than anything else. For their part, Kaspersky has voluntarily made their software's source code open to review by the US government. I don't think the US government has taken Kasperky up on their offer, though.

http://thehill.com/policy/cybersecu...ing-to-turn-over-source-code-to-us-government
 
Delicieuxz said:
For their part, Kaspersky has voluntarily made their software's source code open to review by the US government. I don't think the US government has taken Kasperky up on their offer, though.

http://thehill.com/policy/cybersecu...ing-to-turn-over-source-code-to-us-government
Click to expand...

If you are going to champion Kasperksy, why do you even bring that up?

IT IS QUITE LITERALLY A RUSSIAN "BACKDOOR" WITH ADMIN PRIVILEGES.

Seeing source code does not change the essential features of any major security product.
 
thebufenator said:
If you are going to champion Kasperksy, why do you even bring that up?

IT IS QUITE LITERALLY A RUSSIAN "BACKDOOR" WITH ADMIN PRIVILEGES.

Seeing source code does not change the essential features of any major security product.
Click to expand...

I'm not championing Kaspersky, I'm addressing what appears to be a baseless assertion.

Second, what in the world are you referring to by "bring that up"? Because the only thing I brought up is the volunteering of the Kaspersky anti-virus source code - not to Russia's government, but to the US government. And the US government seeing the Kaspersky source code is not going to result in Russian government backdoors.
 
Well, I was using Kaspersky Free. Guess I'll go to Avira Free, or just back to Windows Defender.
 
Delicieuxz said:
Second, what in the world are you referring to by "bring that up"? Because the only thing I brought up is the volunteering of the Kaspersky anti-virus source code - not to Russia's government, but to the US government. And the US government seeing the Kaspersky source code is not going to result in Russian government backdoors.
Click to expand...

It is already a backdoor. Showing source code doesn't change that. Any cloud enabled security product is a backdoor.
 
So, in the previous article addressing the U.S. government banning of Kaspersky, are we to take it that those seriously defending the antivirus maker were bots, state sponsored actors or just suckers??? /sarc

It's not like there weren't enough whistles blowing, for a very long time, to allow this latest revelation to be anything more than an "I told you so!" moment to all those compromised individuals, corporations and government agencies, using Kaspersky products over the years AND still at this very moment.
 
Didn't see a single direct source with regards to this incident referenced or mentioned in the the alternate hill article.
Then again of course any software from non us origin is a risk, same as us software is a risk to other countries... Another reason the internet is breaking up, world wide computing will too.
 
And the United States has never done any acts of espionage to any country :rolleyes:
 
BlueFireIce said:
So the USA is mad that someone got in and stole information on how the USA breaks into their networks to steal stuff?
Click to expand...
It’s a cat and mouse game, I bet officials were upset about the breach but I doubt any had a serious heart attack over it.
 
well,
1. we know the tools and files stolen earlier was from a payload server, not a home pc. what sort of files were stolen from this one, we do not know yet
2. we can also fault whatever cloud storage program that was installed on the PC, or whatever indexing program that was on it. Then we also had the problem of spiked updates.
 
Seeing the source code means nothing.
Have the Kaspersky people sit down, compile the source code in front of you, on your system, using preferably a known compiler with its checksum validated beforehand.
THEN, rinse and repeat everytime there's an engine/signature update available.

That said, Microsoft hires a lot of people. I don't think they do background checks on coders, do they? Same thing with Mozilla. Everything is a vector.
 
michalrz said:
That said, Microsoft hires a lot of people. I don't think they do background checks on coders, do they? Same thing with Mozilla. Everything is a vector.
Click to expand...

Depends, most of them do though, even contracted people have to have/get a clearance most of the time.
 
Trimlock said:
It’s a cat and mouse game, I bet officials were upset about the breach but I doubt any had a serious heart attack over it.
Click to expand...

Oh without a doubt, but it doesn't make it any less funny.
 
Who here honestly didn't thank that this was happening for years? They probably know more secrets than the NSA, CIA, and FBI directors combined......
 
michalrz said:
Seeing the source code means nothing.
Have the Kaspersky people sit down, compile the source code in front of you, on your system, using preferably a known compiler with its checksum validated beforehand.
THEN, rinse and repeat everytime there's an engine/signature update available.

That said, Microsoft hires a lot of people. I don't think they do background checks on coders, do they? Same thing with Mozilla. Everything is a vector.
Click to expand...
Why would you think they don't do background checks? Hell, I think even gas station workers and pizza drivers get them.
 
You must log in or register to reply here.
Back
Top