Posts Tagged ‘Kaspersky Lab’

How Kaspersky’s Software Fell Under Suspicion of Spying on America

January 5, 2018

Officials lack conclusive evidence, but incidents involving the firm’s antivirus products raised alarms

 Image result for Eugene Kaspersky, photos
Kaspersky CEO Warned of Cyber Attacks on 2017 European Elections
In an interview with The Wall Street Journal at the World Economic Forum in Davos last year, Eugene Kaspersky, CEO of cyber security firm Kaspersky Labs, said European governments should expect highly sophisticated cyber attacks during their elections. (Originally published Jan 1, 2017.) Photo: Bloomberg News.

Eugene Kaspersky was late for his own dinner party.

Eugene Kaspersky at his company’s Moscow headquarters in 2017.Photo: Pavel Golovkin/Associated Press

At his invitation, guests from the Washington cybersecurity community waited one evening in 2012. Seated at the National Press Club were officials from the White House, State Department, Federal Bureau of Investigation and other agencies, said people who were there. Guests had started their first course when Mr. Kaspersky arrived, wearing a tuxedo with a drink in hand.

Mr. Kaspersky, chief executive of Russian security-software vendor Kaspersky Lab, proposed a toast to the ranking guest, Estonian President Toomas Hendrik Ilves, whose country had suffered a cyberattack five years earlier. The assault followed Estonia’s decision to remove a Soviet-era monument from its capital, and U.S. officials suspected Russia was behind it.

“Toomas,” Mr. Kaspersky said. “I am so sorry that we attacked you.”

The comment stopped all conversation until Mr. Ilves broke the silence. “Thank you,” he said, raising his glass. “This is the first time anyone from Russia has ever admitted attacking my country.”

​No one suggested Kaspersky was involved in the Estonian hack, but Mr. Kaspersky’s toast played into a suspicion held by many in the U.S. intelligence community that his company might be wittingly or unwittingly in league with the Russian government—a suspicion that has only intensified since.

The process of evaluating Kaspersky’s role, and taking action against the company, is complicated by the realities of global commerce and the nature of how modern online software works. A top Department of Homeland Security official said in November congressional testimony the U.S. lacks “conclusive evidence” Kaspersky facilitated national-security breaches.

While the U.S. government hasn’t offered conclusive evidence, Wall Street Journal interviews with current and former U.S. government officials reveal what is driving their suspicions.

Some of these officials said they suspect Kaspersky’s antivirus software—the company says it is installed on 400 million computers world-wide—has been used to spy on the U.S. and blunt American espionage. Kaspersky’s suspected involvement in U.S. security breaches raises concerns about the relationship between the company and Russian intelligence, these officials said.

Employees at Kaspersky Lab in Moscow, October 2017. Photo: Kirill Kallinikov/Sputnik/Associated Press

DHS, convinced Kaspersky is a threat, has banned its software from government computers. The company sued the U.S. government on Dec. 18 in U.S. District Court in Washington, D.C., saying the ban was arbitrary and capricious, and demanding the prohibition be overturned. DHS referred inquiries to the Justice Department, which declined to comment.

Kaspersky, in a statement, said: “Unverified opinions of anonymous officials about Kaspersky Lab continue to be shared, and should be taken as nothing more than unsubstantiated allegations against a company whose mission has always been to protect against malware regardless of its source, and which has repeatedly extended an offering to the U.S. government to help alleviate any substantiated concerns. We have never helped and will never help any government with its cyberespionage efforts.”

The company in a court filing said any Russian government engagement in cyberespionage isn’t evidence that a Russia-headquartered company such as Kaspersky is facilitating government-sponsored cyberintrusions, adding: “In fact, more than 85 percent of Kaspersky Lab’s revenue comes from outside of Russia—a powerful economic incentive to avoid any action that would endanger the trusted relationships and integrity that serve as the foundation of its business by conducting inappropriate or unethical activities with any organization or government.”

The Russian Embassy in Washington, D.C., didn’t respond to requests for comment. In October, Kremlin spokesman Dmitry Peskov didn’t address whether the Russian government stole NSA materials using Kaspersky software but criticized the U.S. software ban as “undermining the competitive positions of Russian companies on the world arena.”

Servers in Russia

.
Mr. Kaspersky enrolled at the KGB-sponsored Institute of Cryptography, Telecommunications, and Computer Science, finished in 1987 and was commissioned in Soviet military intelligence, he has told reporters. He has acknowledged his company has done work for the KGB’s successor, the FSB.

Kaspersky, closely held, says it has unaudited 2016 revenues of $644 million. Current and former U.S. intelligence officials said they doubt Kaspersky could have risen to such heights outside of Russia without cooperating with Russian authorities’ aims, a conjecture the company denies.

Kaspersky’s main product is similar to other antivirus software, which scans computers to identify malicious code or infected files. Such software typically requires total access so it can remotely scan documents or emails and send a record of any suspicious and previously unidentified code back to the software company.

In an interview with The Wall Street Journal at the World Economic Forum in Davos last year, Eugene Kaspersky, CEO of cyber security firm Kaspersky Labs, said European governments should expect highly sophisticated cyber attacks during their elections. (Originally published Jan 1, 2017.) Photo: Bloomberg News.

In Kaspersky’s case, some servers are in Russia. When the DHS banned Kaspersky products, it cited “requirements under Russian law that allow Russian intelligence agencies to compel assistance from Kaspersky or intercept communications transiting Russian networks.” Kaspersky countered that those laws and tools don’t apply to its products because the firm doesn’t provide communications services.

Concerns about the potential threat posed by Kaspersky software have circulated in U.S. intelligence circles for years. U.S. intelligence issued more than two dozen reports referring to the company or its connections, according to a U.S. defense official, with the Pentagon first mentioning the firm as a potential “threat actor” in 2004.

A Defense Intelligence Agency supply-chain report flagged Kaspersky in 2013, referring to its efforts to sell American firms a protection product for large-scale U.S. industrial companies, the defense official said. A former U.S. official said Kaspersky’s efforts to make inroads in the U.S. industrial and infrastructure market made people uncomfortable.

At a February 2015 conference, Kaspersky exposed what it described as a cyber-snooping network it dubbed the “Equation Group.” In fact, it was an elite classified espionage group within the U.S. National Security Agency, said some of the former U.S. officials. Kaspersky linked it to a virus called Stuxnet that the Journal and other publications have since reported was designed by the U.S. and Israel to destroy Iranian nuclear centrifuges. Kaspersky also described other techniques and tactics the U.S. uses to break into foreign computer networks.

Once such techniques are public, they are effectively useless for spying. When NSA officials got word of Kaspersky’s plans to expose its tactics, they pulled the agency’s spying tools from around the world as a preventive measure and reworked how its hackers were functioning, said some of the former U.S. officials. The NSA didn’t respond to requests for comment.

U.S.-Russian relations at the time were deteriorating. President Vladimir Putin had granted NSA leaker Edward Snowden asylum and annexed a swath of Ukraine. Some U.S. officials were convinced Kaspersky was promoting Russian interests and had shared with the Kremlin what it knew about the Equation Group.

“To think that information wasn’t shared with Russian intelligence, or they weren’t supporting Russian intelligence,” said one former U.S. official about Kaspersky, “you’d have to be very nearsighted to not at least think there was something there.”

Mr. Kaspersky at Kaspersky Lab headquarters in Moscow, July 2017. Photo: Pavel Golovkin/Associated Press

Not all U.S. officials believed the worst about Kaspersky, with many citing the high quality of the firm’s cyberthreat research. “There was this innocent until proven guilty attitude,” said another former U.S. official who worked on Russia and national-security matters.

Israeli intelligence shared with U.S. counterparts in 2015 that it had penetrated the networks of Kaspersky, the Journal reported previously. The Israelis discovered Kaspersky software was being used to scan computers not only for viruses but also for classified government information that would be of interest to Russia, said former U.S. officials familiar with the Israeli discovery.

As the NSA investigated the Israeli tip, it homed in on a worker in the agency’s elite hacking unit, then called Tailored Access Operations. The worker had improperly removed classified information about NSA spying operations and installed it on his home computer, said former U.S. officials familiar with the episode. The contractor’s computer ran Kaspersky’s antivirus software, which acted as a digital scout and identified the classified material, these people said.

Assessing damage

.
U.S. investigators immediately sought to assess the damage, including whether Kaspersky’s products were installed on other sensitive computers, including personal machines used by government employees and their families. That could include those used by family members of then President Barack Obama, said one of the former officials familiar with the episode.

Officials feared Russian intelligence could have not only turned personal computers into tracking devices, but also used them as staging points to access other machines inside the White House, the official said. Still, the incident didn’t trigger a broader alarm across the U.S. government about whether any federal agency computers were using Kaspersky.

In response to the Journal’s story on the incident earlier this year, Kaspersky conducted an internal investigation, releasing a report in November. The only incident Kaspersky said it found that matched the story’s description occurred in late 2014. By then, it said, it had been investigating Equation Group for six months when its antivirus software detected previously unidentified variants of the malware on a U.S.-based computer and sent a zip file containing the suspicious code to the Moscow-based virus lab for analysis.

Kaspersky Lab headquarters in Moscow.Photo: Sergei Karpukhin/REUTERS

The analysis discovered hacking tools now known to have belonged to the NSA, as well as four documents bearing what appeared to be classification markings, Kaspersky said, without mentioning the NSA or U.S. government by name. Mr. Kaspersky ordered the files deleted from the company’s systems within days and the information wasn’t shared with third parties, the company said.

Kaspersky said it did keep certain malware files from that collection. It said it also detected commercially available malware on the U.S. computer, which could have been used to remove files.

In the summer of 2016, a mysterious online group calling itself the Shadow Brokers posted stolen NSA cyberspying tools. The Shadow Brokers claimed in its postings that some of the tools came from Equation Group.

Again, U.S. officials rushed to determine how the tools were stolen. Among the posted computer code were technical manuals the NSA uses as part of its spying operations. These are akin to guidebooks, showing the agency’s hackers how to penetrate various systems and walking them through the procedures for different missions.

One lead pointed back to Kaspersky products, said current and former U.S. officials. Investigators now believe that those manuals may have been obtained using Kaspersky to scan computers on which they were stored, according to one of the officials.

Kaspersky said it has no information on the content of the classified documents it received in 2014 because they were deleted. It isn’t clear if the manuals the Shadow Brokers posted are the same documents.

Around the time the Shadow Brokers were spilling NSA secrets, emails stolen from the Democratic National Committee were showing up on WikiLeaks in what intelligence officials have said publicly they concluded was a Russian-led hacking operation to discredit the campaign of Hillary Clinton. Officials from the White House, the Pentagon, the State Department and the intelligence community met in late 2016 to debate responses to the alleged Russian aggression, said some former U.S. officials.

At the State Department, among options considered was taking retaliatory action against Kaspersky, said former officials involved in the deliberations. Daniel Fried, then chief sanctions coordinator at the State Department, told the Journal he recommended to colleagues they look for elements of Russia’s cyberpower the U.S. could target. He told colleagues Kaspersky at least needed to be considered as a potential player in Russia’s moves against the West.

“I asked rhetorically, do you want to testify before some committee about when did you know about this and why didn’t you do anything?” said Mr. Fried, now a Distinguished Fellow at the Atlantic Council, a think tank focusing on international affairs.

The State Department referred inquiries to the Justice Department, which declined to comment.

Some U.S. officials, including top White House security officials at the time, were concerned any action against Kaspersky could hurt U.S. companies by provoking a Russian response against them. U.S. officials also worried that, to justify harsh penalties, they would have to divulge what they knew about Kaspersky and its possible links to Russian intelligence, said several former officials.

Ultimately, the Obama White House didn’t seriously consider sanctioning Kaspersky, some former U.S. officials said.

Last year, Homeland Security created and led an interagency task force that collected information about the scope of the risk the Kaspersky software posed and began coordinating efforts across the government to minimize the risks.

In the months after President Donald Trump took office, concern about Kaspersky grew. Sen. Jeanne Shaheen (D., N.H.) put forward an amendment in the annual military-spending bill that would prohibit Kaspersky’s use on government computers.

Sen. Jeanne Shaheen at a hearing in June. Photo: Zach Gibson/Getty Images

During hearings on the matter on Capitol Hill, “I thought the most damning example” came from intelligence-community representatives, she said in an interview. “When each of them got asked would you put Kaspersky on your own personal computer and the answer was no, that’s a pretty strong message that maybe we should be taking a look at this.”

In September, the DHS banned Kaspersky products from government computers, instructing agencies to remove any Kaspersky software and report back on where it was found. The public statement accompanying the ban reads like a declassified version of the intelligence community’s suspicion regarding Kaspersky:

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

Kaspersky says the DHS ban has had a “severe adverse effect” on its commercial operations in the U.S., with retailers removing its products from shelves and an unprecedented number of product returns.

—Aruna Viswanatha contributed to this article.

Write to Gordon Lubold at Gordon.Lubold@wsj.com

Advertisements

U.S. Flagged Russian Firm Kaspersky as Potential Threat as Early as 2004

November 18, 2017

Intelligence agencies have expressed concern about the cybersecurity company’s software

WASHINGTON—A Russian cybersecurity firm whose products current and former U.S. officials suspect Moscow has used as a tool for spying was flagged by U.S. military intelligence as a potential security threat as early as 2004, according to new information the Defense Department provided to Congress.

In 2013, the Defense Intelligence Agency, the U.S. military spy service, also issued a Pentagon-wide threat assessment about products made by the company, Kaspersky Lab, according to an email this week from the Pentagon to the House Committee on Science, Space and Technology. The contents of the assessment weren’t disclosed.

The DIA “began producing threat reporting referencing Kaspersky Lab as a threat actor as early as 2004,” according to the email, reviewed by The Wall Street Journal, raising questions about why other federal agencies continued to use the firm’s products.

The Journal reported in October that hackers suspected of working for the Russian government targeted a National Security Agency contractor through the contractor’s use of Kaspersky Lab antivirus software and stole details of how the U.S. penetrates foreign computer networks.

Kaspersky has long said it doesn’t assist the Russian government with spying on other countries.

The revelation about Kaspersky comes as concern over Russian infiltration of American computer networks and social-media platforms is growing after the U.S. intelligence assessment that the Russian government worked to help President Donald Trump’s 2016 campaign. Russia has denied meddling in the election.

Kaspersky published a report on Thursday saying that the computer it believes may have belonged to the NSA contractor in question was infected with other malware that could have been responsible for ex-filtrating information.

The company said in a separate statement, in response to the revelation that U.S. military intelligence flagged the firm as a threat actor, that it remains “ready to work with the U.S. government to address any and all concerns and further collaborate to mitigate against cyber threats, regardless of their origin or purpose.” It added: “we maintain that there has yet to be any credible evidence of the risks presented by the company’s products.”

The DIA’s threat analysis center, established in 2009, circulated analysis regarding Kaspersky Lab to various acquisition programs within the Pentagon, according to the email. It also made its views about the potential threat posed by Kaspersky Lab known to other agencies as early as 2012, the email said.

The email the Pentagon official sent this week was a follow-up to questions posed by the committee chairman, Rep. Lamar Smith (R., Texas), about why the Pentagon had decided not to use Kaspersky products while other U.S. federal agencies felt safe to do so.

A top Pentagon cybersecurity official, Essye Miller, told the committee at a hearing this week that the Defense Department hadn’t used Kaspersky products because of intelligence information regarding the firm.

Still, other federal agencies didn’t follow the same precautions and used Kaspersky products. Jeanette Manfra, a top Department of Homeland Security official, said at the hearing that roughly 15% of the federal agencies that checked to see if Kaspersky was operating on their systems found the company’s products. DHS has set a Dec. 12 deadline for all U.S. government agencies to remove the firm’s software.

“We expect to continue to get more information and also get those basic questions answered—like why did they ever start using Kaspersky Lab products?” Rep. Smith said.

Write to Paul Sonne at paul.sonne@wsj.com

 https://www.wsj.com/articles/u-s-flagged-russian-firm-kaspersky-as-potential-threat-in-2004-1510957459

Kaspersky blames NSA hack on infected Microsoft software

November 16, 2017

AFP

11:46 EST, 16 November 2017

The Moscow headquarters of Kaspersky Lab, which the US has alleged has links to Russian intelligence

Embattled computer security firm Kaspersky Lab said Thursday that malware-infected Microsoft Office software and not its own was to blame for the hacking theft of top-secret US intelligence materials.

Adding tantalizing new details to the cyber-espionage mystery that has rocked the US intelligence community, Kaspersky also said there was a China link to the hack.

The Moscow-based anti-virus software maker, which is now banned on US government computers because of alleged links to Russian intelligence, confirmed that someone did apparently steal valuable National Security Agency programs from an NSA worker’s home computer, as first reported by the Wall Street Journal on October 5.

According to the Journal, the person had top secret files and programs from the NSA hacking unit called the Equation Group on his computer, which was also using Kaspersky software protection.

They believe that Russian spies used the Kaspersky program as a back door to discover and siphon off the files, reportedly causing deep damage to the NSA’s own cyber-espionage operations.

US allegations that Kaspersky, which sold more than $600 million of anti-virus software globally in 2015, knowingly or unknowingly helped Russian intelligence in the theft have effectively killed its US business and hurt its worldwide reputation.

– Kaspersky software ‘disabled’ –

Using its own forensic analysis, Kaspersky said the breach of the NSA worker’s computer took place between September and November 2014, rather than 2015 as the Journal reported.

Kaspersky said what was stolen included essential source code for some Equation Group malware, as well as classified documents. Based on the materials, it said the computer appeared to belong to someone involved in creating malware for the Equation Group.

The company claimed, however, that the computer was infected by other malware, including a Russian-made “backdoor tool” hidden in Microsoft Office.

Kaspersky said that the malware was controlled from a computer server base in Hunan, China, and would have opened a path into the computer for anyone targeting an NSA worker.

“Given that system owner’s potential clearance level, the user could have been a prime target of nation-states,” it said.

Kaspersky’s own software would have detected that malware, the company said, except that its software had been turned off.

“To install and run this malware, the user must have disabled Kaspersky Lab products on his machine,” it claimed.

pmh/jh

Russia’s Kaspersky to Allow Outside Review of Its Cybersecurity Software

October 23, 2017

Company hopes sharing source code will build trust after allegations its software helped Russia spy on Americans

Kaspersky Lab, the Moscow-based cybersecurity firm whose software U.S. officials suspect helped the Russian government spy on Americans, promised to make its source code available for an independent review.

The company said Monday the review is part of a “global transparency initiative” that it hopes will improve the trustworthiness of its products. It said it would hand over the source code for its software in the first quarter of next year but didn’t specify who would undertake the review or how widely the code would be…

 https://www.wsj.com/articles/russian-cybersecurity-firm-kaspersky-to-make-source-code-available-for-review-1508756502
.
Related:
.
.
.

Image result for Eugene Kaspersky, photos

Eugene Kaspersky

*****************************************************

Kaspersky fights spying claims with code review plan

October 23, 2017 — 0745

Apple Pay now in 20 markets, nabs 90% of all mobile contactless transactions where active

Russian cybersecurity software maker Kaspersky Labs has announced what it’s dubbing a “comprehensive transparency initiative” as the company seeks to beat back suspicion that its antivirus software has been hacked or penetrated by the Russian government and used as a route for scooping up US intelligence.

In a post on its website today the Moscow-based company has published a four point plan to try to win back customer trust, saying it will be submitting its source code for independent review, starting in Q1 2018. It hasn’t yet specified who will be conducting the review but says it will be “undertaken with an internationally recognized authority”.

It has also announced an independent review of its internal processes — aimed at verifying the “integrity of our solutions and processes”. And says it will also be establishing three “transparency centers” outside its home turf in the next three years — to enable “clients, government bodies and concerned organizations to review source code, update code and threat detection rules”.

It says the first center will be up and running in 2018, and all three will be live by 2020. The locations are listed generally as: Asia, Europe and the U.S.

No automatic alt text available.

Finally it’s also increasing its bug bounty rewards — saying it will pay up to $100K per discovered vulnerability in its main Kaspersky Lab products.

That’s a substantial ramping up of its current program which — as of April this year — could pay out up to $5,000 per discovered remote code execution bugs. (And, prior to that, up to $2,000 only.)

Kaspersky’s moves follow a ban announced by the US Department of Homeland Security on its software last month, citing concerns about ties between “certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks”.

The US Senate swiftly followed suit, voting to oust Kaspersky software from federal use. While three months earlier the General Services Administration also removed Kaspersky Lab from a list of approved federal vendors.

The extensive system-wide permissions of antivirus software could certainly make it an attractive target for government agents seeking to spy on adversaries and scoop up data, given the trust it demands of its users.

The WSJ has previously reported that Russian hackers working for the government were able to obtain classified documents from an NSA employee who had stored them on a personal computer that ran Kaspersky software.

Earlier this month CEO Eugene Kaspersky blogged at length — rebutting what he dubbed “false allegations in U.S. media”, and writing: “Our mission is to protect our users and their data. Surveillance, snooping, spying, eavesdropping… all that is done by espionage agencies (which we occasionally catch out and tell the world about), not us.”

We’re proud to keep on protecting people against all cyberthreats – no matter of false allegations in U.S. media https://kas.pr/x78t 

Photo published for What’s going on?

What’s going on?

I doubt you’ll have missed how over the last couple months our company has suffered an unrelenting negative-news campaign in the U.S. press.

eugene.kaspersky.com

But when your business relies so firmly on user trust — and is headquartered close to the Kremlin, to boot — words may evidently not be enough. Hence Kaspersky now announcing a raft of “transparency” actions.

Whether those actions will be enough to restore the confidence of US government agencies in Russian-built software is another matter though.

Kaspersky hasn’t yet named who its external reviewers will be, either. But reached for comment, a company spokeswoman told us: “We will announce selected partners shortly. Kaspersky Lab remains focused on finding independent experts with strong credentials in software security and assurance testing for cybersecurity products. Some recommended competencies include, but are not limited to, technical audits, code base reviews, vulnerability assessments, architectural risk analysis, secure development lifecycle process reviews, etc. Taking a multi-stakeholder approach, we welcome input and recommendations from interested parties at transparency@kaspersky.com

She also sent the following general company statement:

Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems.

As there has not been any evidence presented, Kaspersky Lab cannot investigate these unsubstantiated claims, and if there is any indication that the company’s systems may have been exploited, we respectfully request relevant parties responsibly provide the company with verifiable information. It’s disappointing that these unverified claims continue to perpetuate the narrative of a company which, in its 20 year history, has never helped any government in the world with its cyberespionage efforts.

In addition, with regards to unverified assertions that this situation relates to Duqu2, a sophisticated cyber-attack of which Kaspersky Lab was not the only target, we are confident that we have identified and removed all of the infections that happened during that incident. Furthermore, Kaspersky Lab publicly reported the attack, and the company offered its assistance to affected or interested organisations to help mitigate this threat.

Contrary to erroneous reports, Kaspersky Lab technologies are designed and used for the sole purpose of detecting all kinds of threats, including nation-state sponsored malware, regardless of the origin or purpose. The company tracks more than 100 advanced persistent threat actors and operations, and for 20 years, Kaspersky Lab has been focused on protecting people and organisations from these cyberthreats — its headquarters’ location doesn’t change that mission.

“We want to show how we’re completely open and transparent. We’ve nothing to hide,” added Kaspersky in another statement.

Interestingly enough, the move is pushing in the opposite direction of US-based cybersecurity firm Symantec — which earlier this month announced it would no longer be allowing governments to review the source code of its software because of fears the agreements would compromise the security of its products.

Source:https://techcrunch.com/2017/10/23/kaspersky-fights-spying-claims-with-code-review-plan/

Russia Has Turned Kaspersky Software Into Tool for Spying

October 11, 2017

Searches exploited popular Russian-made antivirus software to seek classified material, officials say

WASHINGTON—The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool, according to current and former U.S. officials with knowledge of the matter.

The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations…

 https://www.wsj.com/articles/russian-hackers-scanned-networks-world-wide-for-secret-u-s-data-1507743874
.
Related:
.

Spy vs spy vs spy as Israel watches Russian hackers: NYT

October 11, 2017

AFP

Image may contain: tree, sky and outdoor

© AFP/File | The Russian intrusion detected more than two years ago used anti-virus software manufactured by the Russian firm Kaspersky Lab as an ad hoc global search tool, The New York Times said

WASHINGTON (AFP) – Israeli spies observed Russian government hackers in real time as they scoured computers around the world for the codenames of US intelligence programs, The New York Times reported Tuesday night.

The Russian intrusion detected more than two years ago used anti-virus software manufactured by the Russian firm Kaspersky Lab as an ad hoc global search tool, the Times said, quoting current and former government officials.

The software is used by 400 million people around the world, including by officials at some two dozen American government agencies, the Times reported.

Israeli intelligence had hacked into the Kaspersky network and upon detecting the Russian intrusion, alerted the United States. This led to a decision last month for Kaspersky software to be removed from US government computers, the Times said.

It is known that Russian hackers stole classified documents from a National Security Agency employee who had stored them on his home computer which featured Kaspersky antivirus software, the paper said.

It said that it is not yet publicly known what other secrets the Russians may have obtained from US government agencies by using Kaspersky software as “a sort of Google search for sensitive information.”

The Times said Kaspersky Lab denied any knowledge of or involvement in the Russian hacking.

**************************************

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets

*******************************************************************

Image result for Russia's FSB intelligence service, photos

Kaspersky Software Used by Russian Government to Steal NSA Hacking Tools, Say Israeli Spies: Reports

Kaspersky Software Used by Russian Government to Steal NSA Hacking Tools, Say Israeli Spies: Reports

HIGHLIGHTS

  • Israeli spies have found Russian government using Kaspersky
  • The spies had previously warned their US counterparts of intrusion
  • US has already banned the use of Kaspersky in its defence domain

Israeli intelligence officials spying on Russian government hackers found they were using Kaspersky Labantivirus software that is also used by 400 million people globally, including US government agencies, according to media reports on Tuesday.

The Israeli officials who had hacked into Kaspersky’s network over two years ago then warned their US counterparts of the Russian intrusion, said The New York Times, which first reported the story.

That led to a decision in Washington only last month to order Kaspersky software removed from government computers.

The Washington Post also reported on Tuesday that the Israeli spies had also found in Kaspersky’s network hacking tools that could only have come from the US National Security Agency.

After an investigation, the NSA found that those tools were in possession of the Russian government, the Post said.

And late last month, the US National Intelligence Council completed a classified report that it shared with NATO allies concluding that Russia’s FSB intelligence service had “probable access” to Kaspersky customer databases and source code, the Post reported.

Image result for Russia's FSB intelligence service, photos

Russian intelligence services — the Main Intelligence Directorate (GRU) and the FSB

That access, it concluded, could help enable cyber attacks against US government, commercial and industrial control networks, the Post reported.

The New York Times said the Russian operation, according to multiple people briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, which had Kaspersky antivirus software installed on it.

It is not yet publicly known what other US secrets the Russian hackers may have discovered by turning the Kaspersky software into a sort of Google search for sensitive information, the Times said.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules, the Times said.

The newspaper said the National Security Agency and the White House declined to comment, as did the Israeli Embassy, while the Russian Embassy did not respond to requests for comment.

The Russian embassy in Washington last month called the ban on Kaspersky Lab software “regrettable” and said it delayed the prospects of restoring bilateral ties.

Kaspersky Lab denied to the Times any knowledge of, or involvement in, the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in a statement on Tuesday.

Eugene Kaspersky, the company’s co-founder and chief executive, has repeatedly denied charges his company conducts espionage on behalf of the Russian government.

Kaspersky spokeswoman Sarah Kitsos told the Washington Post on Tuesday that “as a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.” She said the company “does not possess any knowledge” of Israel’s hack, the Post said.

US intelligence agencies have concluded that Russian President Vladimir Putin ordered a multipronged digital influence operation last year in an attempt to help Donald Trump win the White House, a charge Moscow denies.

Russian Hackers Stole NSA Data on U.S. Cyber Defense

October 5, 2017

The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks

The National Security Agency campus in Fort Meade, Md. An NSA contractor took highly sensitive data from the complex and put it on his home computer, from which it was stolen by hackers working for the Russian government, people familiar with the matter said.
The National Security Agency campus in Fort Meade, Md. An NSA contractor took highly sensitive data from the complex and put it on his home computer, from which it was stolen by hackers working for the Russian government, people familiar with the matter said.PHOTO: PATRICK SEMANSKY/ASSOCIATED PRESS
.

WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S.

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky’s own account it has more than 400 million users world-wide.

The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a U.S. special counsel’s investigation into whether Donald Trump’s presidential campaign sought or received assistance from the Russian government. Mr. Trump denies any impropriety and has called the matter a “witch hunt.”

Intelligence officials have concluded that a campaign authorized by the highest levels of the Russian government hacked into state election-board systems and the email networks of political organizations to damage the candidacy of Democratic presidential nominee Hillary Clinton.

A spokesman for the NSA didn’t comment on the security breach. “Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” he said. He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus software with another company, not Kaspersky.

In a statement, Kaspersky Lab said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

Kremlin spokesman Dmitry Peskov in a statement didn’t address whether the Russian government stole materials from the NSA using Kaspersky software. But he criticized the U.S. government’s decision to ban the software from use by U.S. agencies as “undermining the competitive positions of Russian companies on the world arena.”

The Kaspersky incident is the third publicly known breach at the NSA involving a contractor’s access to a huge trove of highly classified materials. It prompted an official letter of reprimand to the agency’s director, Adm. Michael Rogers, by his superiors, people familiar with the situation said.

National Security Agency Director Michael Rogers.
National Security Agency Director Michael Rogers. PHOTO: SAUL LOEB/AGENCE FRANCE-PRESSE/GETTY IMAGES

Adm. Rogers came into his post in 2014 promising to staunch leaks after the disclosure that NSA contractor Edward Snowden the year before gave classified documents to journalists that revealed surveillance programs run by the U.S. and allied nations.

The Kaspersky-linked incident predates the arrest last year of another NSA contractor, Harold Martin, who allegedly removed massive amounts of classified information from the agency’s headquarters and kept it at his home, but wasn’t thought to have shared the data.

Mr. Martin pleaded not guilty to charges that include stealing classified information. His lawyer has said he took the information home only to get better at his job and never intended to reveal secrets.

The name of the NSA contractor in the Kaspersky-related incident and the company he worked for aren’t publicly known. People familiar with the matter said he is thought to have purposely taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

The man isn’t believed to have wittingly worked for a foreign government, but knew that removing classified information without authorization is a violation of NSA policies and potentially a criminal act, said people with knowledge of the breach.

It is unclear whether he has been dismissed from his job or faces charges. The incident remains under federal investigation, said people familiar with the matter.

Kaspersky software once was authorized for use by nearly two dozen U.S. government agencies, including the Army, Navy and Air Force, and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice and Treasury.

The headquarters of the Russian cybersecurity company Kaspersky Lab.
The headquarters of the Russian cybersecurity company Kaspersky Lab. PHOTO: SAVOSTYANOV SERGEI/TASS/ZUMA PRESS

NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against these employees or contractors using it at home, they were advised not to before the 2015 incident, said people with knowledge of the guidance the agency gave.

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

Kaspersky said in its statement: “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”

Suspicions about the company prompted the Department of Homeland Security last month to take the extraordinary step of banning all U.S. government departments and agencies from using Kaspersky products and services. Officials determined that “malicious cyber actors” could use the company’s antivirus software to gain access to a computer’s files, said people familiar with the matter.

The government’s decision came after months of intensive discussions inside the intelligence community, as well as a study of how the software works and the company’s suspected connections to the Russian government, said people familiar with the events. They said intelligence officials also were concerned that given the prevalence of Kaspersky on the commercial market, countless people could be targeted, including family members of senior government officials, or that Russia could use the software to steal information for competitive economic advantage.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS said Sept. 13 in announcing the government ban.

All antivirus software scans computers looking for malicious code, comparing what is on the machine to a master list housed at the software company. But that scanning also gives makers of the software an inventory of what is on the computer, experts say.

“It’s basically the equivalent of digital dumpster diving,” said Blake Darché, a former NSA employee who worked in the agency’s elite hacking group that targets foreign computer systems.

Kaspersky is “aggressive” in its methods of hunting for malware, Mr. Darché said, “in that they will make copies of files on a computer, anything that they think is interesting.” He said the product’s user license agreement, which few customers probably read, allows this.

“You’re basically surrendering your right to privacy by using Kaspersky software,” said Mr. Darché, who is chief security officer for Area 1, a computer security company.

“We aggressively detect and mitigate malware infections no matter the source and we have been proudly doing it for 20 years,” the company said in its statement. “We make no apologies for being aggressive in the battle against malware and cybercriminals.”

U.S. investigators believe the contractor’s use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

Kaspersky Lab Chief Executive Eugene Kaspersky. The company said it never would help ‘any government in the world with its cyberespionage efforts.’
Kaspersky Lab Chief Executive Eugene Kaspersky. The company said it never would help ‘any government in the world with its cyberespionage efforts.’ PHOTO: SHARIFULIN VALERY/TASS/ZUMA PRESS

Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter.

The breach illustrates the chronic problem the NSA has had with keeping highly classified secrets from spilling out, former intelligence personnel say. They say they were rarely searched while entering or leaving their workplaces to see if they were carrying classified documents or removable storage media, such as a thumb drive.

The incident was considered so serious that it was given a classified code name and set off alarms among top national security officials because it demonstrated how the software could be used for spying. Members of Congress also were informed, said people familiar with the matter.

Then-Defense Secretary Ash Carter and then-Director of National Intelligence James Clapper pushed President Barack Obama to remove Adm. Rogers as NSA head, due in part to the number of data breaches on his watch, according to several officials familiar with the matter.

The NSA director had fallen out of White House favor when he traveled to Bedminster, N.J., last November to meet with president-elect Donald Trump about taking a job in his administration, said people familiar with the matter. Adm. Rogers didn’t notify his superiors, an extraordinary step for a senior military officer, U.S. officials said.

Adm. Rogers wasn’t fired for a number of reasons, including a pending restructuring of the NSA that would have been further complicated by his departure, according to people with knowledge of internal deliberations. An NSA spokesman didn’t comment on efforts to remove Adm. Rogers.

Write to Gordon Lubold at Gordon.Lubold@wsj.com and Shane Harris at shane.harris@wsj.com

https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108

Russia accuses U.S. of trying to spoil its North Korea ties with ‘fake news’

July 6, 2017

Reuters

Thu Jul 6, 2017 | 4:45am EDT

Image may contain: 1 person, smiling, suit and closeup

Russia on Thursday accused the United States of trying to spoil Moscow’s ties with North Korea by leveling false allegations about the abuse of North Korean migrant workers in Russia.

Maria Zakharova, a spokeswoman for the Russian Foreign Ministry, said she was responding to U.S. State Department accusations which she said spoke of North Korean workers toiling in forced Russian labor camps.

No automatic alt text available.

“These allegations are unfounded,” Zakharova told a news briefing. “They fabricate and publish this nonsense … and then we stand and feel like justifying ourselves after this fake news.”

She said the presence of migrant laborers from North Korea stemmed from a 2007 intergovernmental agreement, that it was entirely legal, and that it did not violate any U.N. Security Council resolutions concerning Pyongyang.

(Reporting by Dmitry Solovyov; Editing by Andrew Osborn)

See also:

FIFA slams ‘outrageous’ claims North Korea SLAVES building World Cup stadium

http://www.dailystar.co.uk/news/latest-news/601199/north-korea-building-world-cup-stadium-russia-2018-fifa-workers-overseas

Related (NOT Fake News):

.
.
.
.

Ten Years of Russian Cyber Attacks on Other Nations

http://www.nbcnews.com/storyline/hacking-in-america/timeline-ten-years-russian-cyber-attacks-other-nations-n697111

Experts say Tuesday’s cyberattack probably not about money

June 29, 2017

The Associated Press

  • Tuesday’s global cyberattack appears to be contained.
  • Investigators suspect the ransomware attack may have been meant to disrupt Ukrainian organizations, not simply to extort money.
  • The attack came the same day as the assassination of a Ukrainian military intelligence officer.

The dramatic data-scrambling attack that hit computers around the world Tuesday appears to be contained. But with the damage and disruption still coming into focus, security experts worry the sudden explosion of malicious software may have been more sinister than a criminally minded shakedown of computer users.

“There may be a more nefarious motive behind the attack,” Gavin O’Gorman, an investigator with U.S. antivirus firm Symantec, said in a blog post . “Perhaps this attack was never intended to make money (but) rather to simply disrupt a large number of Ukrainian organizations.”

The rogue program initially appeared to be ransomware, a fast-growing and lucrative breed of malicious software that encrypts its victims’ data and holds it hostage until a payment is made.

 Image may contain: text
Rob Engelaar | AFP | Getty Images
A laptop displays a message after being infected by ransomware as part of a worldwide cyberattack on June 27, 2017.

But O’Gorman was one of several researchers who noted that any criminals would have had difficulty monetizing the epidemic given that they appear to have relied on a single email address that was blocked almost immediately and a single Bitcoin wallet that, to date, has collected the relatively puny sum of $10,000.

Others, such as Russian anti-virus firm Kaspersky Lab, said that clues in the code suggest the program’s authors would have been incapable of decrypting the data in any case, adding further evidence that the ransom demands were a smoke screen.

The timing was intriguing too: the malware explosion came the same day as the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating a new constitution signed after the breakup of the Soviet Union.

Ransomware or not, computer specialists worldwide were still wrestling with its consequences, with varying degrees of success.

Danish shipping giant A.P. Moller-Maersk, one of the global companies hardest hit by the malware, said Thursday that most of its terminals are now operational, though some terminals are “operating slower than usual or with limited functionality.”

Problems have been reported across the shippers’ global business, from Mobile, Alabama, to Mumbai in India. When The Associated Press visited the latter city’s Jawaharlal Nehru Port Trust on Thursday, for example, it witnessed several hundred containers piled up at just two yards, out of more than a dozen yards surrounding the port.

“The vessels are coming, the ships are coming, but they are not able to take the container because all the systems are down,” trading and clearing agent Rajeshree Verma told the AP. “The port authorities, they are not able to reply (to) us. The shipping companies they also don’t know what to do. … We are actually in a fix because of all this.”

Moller-Maersk is one of dozens of major corporations and government —agencies from FedEx subsidiary TNT to Ukraine’s banking system – to have had its services disrupted by the malware epidemic.

Even small businesses otherwise unaffected by the malware are beginning to feel the pain.

Steffan Mastek of Petersen & Soerensen, a small Danish ship repair company, said he had been forced to re-order engine parts because TNT’s track-and-trace system for parcels was down.

“We had to re-order the parts that need to be fitted to a ship engine and that has to be done by Friday when the ship has to be returned,” Mastek said.

The extent and costs of the damage in Ukraine remains unclear, although on the streets of Kiev, the capital, life appears largely back to normal. Cash machines that had spent the past two days offline were back dispensing money and the capital’s airport, which had to switch information panels to manual mode for the past two days, is back to displaying flights automatically.

U.S. Senate moves to ban Moscow-based cybersecurity firm Kaspersky Lab over ties to Russia

June 29, 2017

The Hill

Senate moves to ban Moscow-based cybersecurity firm over ties to Russia
© Getty Images

The Senate’s draft of the Department of Defense’s budget rules reveals a provision that would block the use of products from the Russian-based global cybersecurity firm Kaspersky Lab, citing concerns that the company “might be vulnerable to Russian government influence.”

Reuters reporter Dustin Volz first shared the news in a tweet Wednesday.

“BREAKING: Senate draft of [National Defense Authorization Act] bans use of Kaspersky products by [Department of Justice] due to reports company “might be vulnerable to Russian [government] influence,” Volz tweeted.

The decision to ban the products within the National Defense Authorization Act (NDAA), which specifies budget and expenditures for the Department of Defense, comes after the FBI visited at least 10 Kaspersky employee’s homes.

The investigative agency, however, has not yet contacted the company.While Kaspersky is based in Russia, the company has research centers around the world, including in the U.S.

“As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts,” the company said in a reissued statement.

“The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations,” the statement continued. “Kaspersky Lab is available to assist all concerned government organizations with any ongoing investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded.”

Its founder, Eugene Kaspersky, has also offered to testify in front Congress after NBC News reported that its employees were largely asked about their relationship between the U.S. and Russian.

http://thehill.com/homenews/senate/339981-senate-moves-to-ban-moscow-based-kaspersky-use-due-to-concerns-about-russian

Image result for Eugene Kaspersky, photos

Eugene Kaspersky