Posts Tagged ‘U.S. Government’

Intel Warned Chinese Companies of Chip Flaws Before U.S. Government

January 28, 2018

Decision to disclose issue to select few customers, including Lenovo and Alibaba, has ripple effects through security and tech industries

No automatic alt text available.

In initial disclosures about critical security flaws discovered in its processors, Intel Corp. notified a small group of customers, including Chinese technology companies, but left out the U.S. government, according to people familiar with the matter and some of the companies involved.

The decision raises concerns, security researchers said, as it potentially could have allowed information about the chip flaws, dubbed Spectre and Meltdown, to fall into the hands of the Chinese government before being publicly divulged. There is no evidence any information was misused, the researchers said.

Weeks after word of the flaws first surfaced, Intel’s choices about whom would receive advance warning continue to ripple through the security and tech industries.

The flaws were first identified in June by a member of Google’s Project Zero security team. Intel had planned to make the discovery public on Jan. 9—people working to protect systems from hacks often hold off on announcements while fixes are devised—but sped up its timetable when the news became widely known on Jan. 3, a day after U.K. website the Register wrote about the flaws.

Because the flaws can be leveraged to sneak sensitive data out of the cloud, information about them would be of great interest to any intelligence-gathering agency, said Jake Williams, president of the security company Rendition Infosec LLC and a former National Security Agency employee. In the past, Chinese state-linked hackers have exploited software vulnerabilities to get leverage on their targets or expand surveillance.

It is a “near certainty” Beijing was aware of the conversations between Intel and its Chinese tech partners, because authorities there routinely monitor all such communications, Mr. Williams said.

Representatives from China’s ministry in charge of information technology didn’t respond to requests for comment. The country’s foreign ministry has in the past said it is “resolutely opposed” to cyberhacking in any form.

An Intel spokesman declined to identify the companies it briefed before the scheduled Jan. 9 announcement. The company wasn’t able to tell everyone it had planned to, including the U.S. government, because the news was made public earlier than expected, he said.

More

  • Intel Fumbles Its Patch for Chip Flaw (Jan. 11, 2018)
  • Businesses Rush to Contain Fallout From Major Chip Flaws (Jan. 5, 2018)
  • Intel Wrestled With Chip Flaws for Months (Jan. 5, 2018)
  • What You Can Do Now to Protect Against the Chip Flaws (Jan. 4, 2018)

Intel’s tricky path—inform enough big customers to head off significant damage while keeping the information as contained as possible to limit potential leaks—continues to weigh on smaller companies that weren’t given an early nod.

Joyent Inc., a U.S.-based cloud-services provider owned by Samsung Electronics Co. , is still playing catch-up, said Bryan Cantrill, the company’s chief technology officer.

“Other folks had a six-month head start,” he said. “We’re scrambling.”

In the months before the flaws were publicly disclosed, Intel worked on fixes with Alphabet Inc.’s Google unit as well as “key” computer makers and cloud-computing companies, Intel said in an emailed statement to The Wall Street Journal.

An official at the Department of Homeland Security said staffers learned of the chip flaws from the Jan. 3 news reports. The department is often informed of bug discoveries in advance of the public, and it acts as an authoritative source for information on how to address them.

“We certainly would have liked to have been notified of this,” the official said.

The NSA was similarly in the dark, according to Rob Joyce, the White House’s top cybersecurity official. In a message posted Jan. 13 to Twitter, he said the NSA “did not know about these flaws.” A White House spokesman declined to comment further, referring instead to the tweet.

Chinese computer maker Lenovo Group Ltd. was among the large tech companies, including Microsoft Corp. , Amazon.com Inc. and ARM Holdings in the U.K., that were notified of the flaws beforehand.

Lenovo was able to issue a statement Jan. 3 advising customers on the flaws because of “the work we’d done ahead of that date with industry processor and operating system partners,” a spokeswoman said in an email.

Alibaba Group Holding Ltd. , China’s top seller of cloud-computing services, also was notified ahead of time, according to a person familiar with the company.

A spokeswoman for Alibaba’s cloud unit declined to comment on when the company was informed. She said any idea that the company might have shared information with Chinese authorities was “speculative and baseless.”

A Lenovo spokeswoman said Intel’s information was protected by a nondisclosure agreement.

Despite the security concerns, an early heads up to a select number of large global companies made sense, said Dave Aitel, chief executive of Immunity Inc., a company that sells security services. “They’re going to tell as few people as possible” to contain possible leaks, he said.

Because they had early warning, Microsoft, Google and Amazon were able to release statements soon after news of the flaws leaked out saying their cloud-computing customers were largely protected.

Smaller competitors, though, continue to struggle. DigitalOcean Inc., a cloud-services seller, said Jan. 19 it was still testing a fix for its customers. Rackspace Inc. said last Wednesday it has several teams working on a fix. The cloud company earlier in January told customers it understood the situation “can be frustrating.”

The DHS also stumbled with its initial guidance. The agency’s Computer Emergency Response Team first linked to an advisory stating the only way to “fully remove” the flaws was by replacing the chip. CERT now advises users instead to patch their systems.

The DHS should have been looped in early on to help coordinate the flaws’ disclosure, Joyent’s Mr. Cantrill said. “I don’t understand why CERT would not be your first stop,” he said.

Write to Robert McMillan at Robert.Mcmillan@wsj.com and Liza Lin at Liza.Lin@wsj.com

Advertisements

China Warns U.S. on Trade — U.S. claims China uses market access restrictions or other tools to compel foreign companies to hand over technology

January 11, 2018

By JOE McDONALD, AP Business Writer

BEIJING (AP) — China warned Washington on Thursday it will “resolutely safeguard” its interests ahead of a possible decision in an investigation into whether Beijing improperly pressures foreign companies to hand over technology.

The United States is disrupting the international trading order by carrying out the “Section 301” investigation under its own laws instead of through the World Trade Organization, said Commerce Ministry spokesman Gao Feng.

Image may contain: 1 person, text

Trump ordered U.S. trade officials in August to investigate whether Beijing uses market access restrictions or other tools to compel foreign companies to hand over technology. A decision is expected as early as this month, though American officials have set no date.

“If the United States insists on unilateral and protectionist practices that will undermine the interests of China, we will take all necessary measures and resolutely safeguard the legitimate rights and interests of China,” Gao said at a regular briefing.

If the investigation concludes Beijing acted improperly, Washington could seek remedies either through the WTO or outside of it.

Gao gave no indication of how Beijing might respond but Chinese law gives regulators broad discretion over what foreign companies can do in China.

Gao also criticized the United States for using “so-called national security” as a reason to block a Chinese billionaire’s acquisition of money transfer service MoneyGram.

The proposed purchase by e-commerce tycoon Jack Ma’s Ant Financial Group was a “normal commercial investment,” said Gao.

Jack Ma

The deal was called off last week after failing to win approval from a U.S. government panel that reviews proposed acquisitions of American companies for possible threats to national security.

“We regret to note that normal commercial investment and mergers and acquisitions conducted by Chinese enterprises in the United States are once again hindered by so-called ‘national security’,” said Gao.

Gao said Beijing has no objection to a “normal security review” but worries other governments use them as an excuse to set up barriers to unfairly stop unwanted activity.

Related:

It’s Official: North Korea Is Behind WannaCry

December 19, 2017

The massive cyberattack cost billions and put lives at risk. Pyongyang will be held accountable.

 
North Korean leader Kim Jong Un (Korea News Service via Associated Press)

Cybersecurity isn’t easy, but simple principles still apply. Accountability is one, cooperation another. They are the cornerstones of security and resilience in any society. In furtherance of both, and after careful investigation, the U.S. today publicly attributes the massive “WannaCry” cyberattack to North Korea.

The attack spread indiscriminately across the world in May. It encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses and homes. While victims received ransom demands,…

 https://www.wsj.com/articles/its-official-north-korea-is-behind-wannacry-1513642537?cx_testId=16&cx_testVariant=cx&cx_artPos=0&cx_tag=pop&cx_navSource=newsReel#cxrecs_s
.
**************************************
.
U.S. declares North Korea carried out massive WannaCry cyberattack
.

By  December 18 at 9:55 PM

The Washington PostThe Trump administration on Monday evening publicly acknowledged that North Korea was behind the WannaCry computer worm that affected more than 230,000 computers in over 150 countries earlier this year.As a result, the administration will be calling on “all responsible states” to counter North Korea’s ability to conduct cyberattacks and to implement all “relevant” United Nations Security Council sanctions, according to a U.S. official familiar with the matter.“The [WannaCry] attack was widespread and cost billions, and North Korea is directly responsible,” Thomas P. Bossert, Trump’s homeland security adviser, said in an op-ed published in the Wall Street Journal on Monday. “We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either.”

He is expected to issue a public statement Tuesday morning.

North Korea was widely suspected to have created the virus, paired with ransomware that encrypted data on victims’ computers and demanded money to restore access. Until now, the U.S. government had not publicly stated as much.

In June, The Washington Post reported that the National Security Agency had linked North Korea to the creation of the worm. In October, the British government declared that it believed North Korea was the culprit. The following month, the CIA issued a similar classified assessment, which has not been previously reported.

The official noted that the U.S. government has released technical details of North Korean cyber-tools and operational infrastructure and has worked with other countries to lessen North Korea’s ability to conduct further tests or generate illicit funding.

The May 12 global attack hit critical sectors, including health care, “potentially putting lives at risk,” said the official, who spoke on the condition of anonymity to discuss a move not yet public. This follows a pattern of disruptive and harmful cyber-activity by the reclusive country. Leader Kim Jong Un has pushed to develop hacker forces as a low-cost, high-impact tool that can rattle the nerves and damage the systems of more powerful nations.

In November 2014, North Korea hacked Sony Pictures’ networks, disrupting computer systems, stealing and releasing corporate emails and demanding that the studio cancel the release of a satirical film depicting Kim’s assassination. The attack led to economic sanctions from the Obama administration.

The WannaCry attack, the official said, “demonstrates the importance of basic cyber hygiene, including keeping systems patched and up to date, as well as the need for strong cooperation between public and private sectors to share information, prevent and mitigate cyberthreats.”

The Security Council sanctions on North Korea focus on its activities to develop a nuclear weapon. The administration, however, seems to be linking North Korea’s general pattern of bad behavior, including in cyberspace, to the call to implement all sanctions.

Democratic lawmakers criticized the disparity in the administration’s response to Russian hacking in the 2016 election and its reaction to North Korea’s cyber activities. “President Trump is handling the intelligence assessments regarding North Korea and Russia completely differently, staging an elaborate media roll-out to press on sanctions against North Korea while at the same time discrediting the assessment by these very same intelligence agencies that the Kremlin interfered with our election,” said Rep. Elijah E. Cummings (D-Md.), ranking member on the committee on oversight and government reform.

Josh Dawsey and Tom Hamburger contributed to this report.

https://www.washingtonpost.com/world/national-security/us-set-to-declare-north-korea-carried-out-massive-wannacry-cyber-attack/2017/12/18/509deb1c-e446-11e7-a65d-1ac0fd7f097e_story.html?utm_term=.a98886651f8f

Related:

Cyber Attacks “More Complex, Dangerous” Threaten Critical Infrastructure — Breached safety systems — Middle East nuclear, electrical, industrial infrastructure

December 17, 2017

REUTERS

 Image may contain: outdoor
The FireEye logo is seen outside the company’s offices in Milpitas, California, in 2014. | REUTERS

Hackers likely working for a nation-state recently breached safety systems at a critical infrastructure facility, in a watershed attack that halted plant operations, according to cyberinvestigators and the firm whose software was targeted.

FireEye Inc. disclosed the incident on Thursday, saying it had targeted Triconex industrial safety technology from Schneider Electric SE.

Schneider confirmed that the incident had occurred, and that it had issued a security alert to users of Triconex — which cyberexperts said is widely used in the energy industry, including at nuclear facilities and oil and gas plants.

FireEye and Schneider declined to identify the victim, industry or location of the attack. Cybersecurity company Dragos said the hackers targeted an organization in the Middle East, while a second firm, CyberX, said it believed the victim was in Saudi Arabia.

It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing focus on breaking into utilities, factories and other critical infrastructure, cyberexperts said.

Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks, they said. Safety systems “could be fooled to indicate that everything is okay,” even as hackers damage a plant, said Galina Antova, co-founder of cybersecurity firm Claroty.

“This is a watershed,” said Sergio Caltagirone, head of threat intelligence with Dragos. “Others will eventually catch up and try to copy this kind of attack.”

In the incident, hackers used sophisticated malware to take remote control of a workstation running a Schneider Electric Triconex safety shutdown system, then sought to reprogram controllers used to identify safety issues. Some controllers entered a fail-safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

FireEye believes the attackers’ actions inadvertently caused the shutdown while probing the system to learn how it worked, said Dan Scali, who led FireEye’s investigation. The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers launched an attack that disrupted or damaged the plant, he said.

The U.S. government and private cybersecurity firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russia and others to attack companies that run critical infrastructure plants, in what they say are primarily reconnaissance operations.

CyberX Vice President Phil Neray said his firm found evidence that the malware was deployed in Saudi Arabia, which could suggest that Iran may be behind the attack.

Security researchers widely believe that Iran was responsible for a series of attacks on Saudi Arabian networks in 2012 and 2017 using a virus known as Shamoon.

Schneider provided Reuters with a customer security alert, dated Wednesday, which said it was working with the U.S. Department of Homeland Security to investigate the attack.

Image result for U.S. Department of Homeland Security, signs, signage

“While evidence suggests this was an isolated incident and not due to a vulnerability in the Triconex system or its program code, we continue to investigate whether there are additional attack vectors,” the alert said.

Department of Homeland Security spokesman Scott McConnell said the agency was looking into the matter “to assess the potential impact on critical infrastructure.”

The malware, which FireEye has dubbed Triton, is only the third type of computer virus discovered to date that is capable of disrupting industrial processes.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The second, known as Crash Override or Industroyer, was found last year by researchers who said it was likely used in a December 2016 attack that cut power in Ukraine.

https://www.japantimes.co.jp/news/2017/12/15/world/crime-legal-world/hackers-invade-safety-system-halt-mideast-plant-operations-watershed-cyberattack/#.WjY3tt-nGUk

Iraq demands U.S. backtrack on Jerusalem, summons ambassador — “Jerusalem is Arab”

December 7, 2017

Reuters

BAGHDAD (Reuters) – Iraq demanded on Thursday that the U.S. government backtrack on a decision to recognize Jerusalem as Israel’s capital and summoned the U.S. ambassador in Baghdad to protest the decision.

U.S. President Donald Trump reversed decades of U.S. policy on Wednesday and recognized Jerusalem as the capital of Israel, imperiling Middle East peace efforts and upsetting the Arab world and Western allies alike.

Shi‘ite-majority Iraq is the only country to have an alliance with regional powerhouse Iran and the United States, who do not see eye-to-eye.

The Iraqi Foreign Ministry said it had summoned the U.S. ambassador in Baghdad and that it would hand him a memo protesting Trump’s decision.

“We caution against the dangerous repercussions of this decision on the stability of the region and the world,” an Iraqi government statement said.

Grand Ayatollah Ali al-Sistani

“The U.S. administration has to backtrack on this decision to stop any dangerous escalation that would fuel extremism and create conditions favorable to terrorism,” it said.

Iraq’s top Shi‘ite cleric Grand Ayatollah Ali al-Sistani condemned the decision and called on the “Umma”, or Islamic nation, to unite its efforts and reclaim Jerusalem.

“This decision is condemned and decried, it hurt the feelings of hundreds of millions of Arabs and Muslims,” his office said in a statement.

“But it won’t change the reality that Jerusalem is an occupied land which should return to the sovereignty of its Palestinian owners no matter how long it takes,” it said.

Dozens of Iraqis protested the decision in Baghdad, carrying signs saying “Jerusalem is Arab” and vowing to return in greater numbers the following day after Friday prayers.

A prominent Iraqi militia, the Iran-backed Harakat Hezbollah al-Nujaba, said Trump’s decision could become a “legitimate reason” to attack U.S. forces in Iraq.

“Trump’s stupid decision to make Jerusalem a capital for the Zionist will be the big spark for removing this entity from the body of the Islamic nation, and a legitimate reason to target American forces,” said the group’s leader Akram al-Kaabi.

 Image may contain: 3 people, outdoor
Iraqi Shiite fighters. AFP photo

The United States is leading an international coalition helping Iraq fight Islamic State and has provided air and ground support. It has more than 5,000 troops in Iraq.

Nujaba, which has about 10,000 fighters, is one of the most important militias in Iraq. Though made up of Iraqis, it is loyal to Iran and is helping Tehran create a supply route through Iraq to Damascus.

It fights under the umbrella of the Popular Mobilisation Forces (PMF), a mostly Iranian-backed coalition of Shi‘ite militias that played a role in combating Islamic State. The PMF is government sanctioned and formally reports to Prime Minister Haider al-Abadi’s office.

Reporting by Maher Chmaytelli; Additional reporting by Huda Majeed; Writing by Ahmed Aboulenein; Editing by Larry King

Image result for Prime Minister Haider al-Abadi, photos

Prime Minister Haider al-Abadi

Cuba, North Korea reject ‘unilateral and arbitrary’ U.S. demands

November 23, 2017

HAVANA (Reuters) – Cuba’s foreign minister and his North Korean counterpart rejected the United States’ “unilateral and arbitrary” demands on Wednesday while expressing concern about escalating tensions on the Korean peninsula, the ministry said.

North Korea is searching for support amid unprecedented pressure from the United States and the international community to cease its nuclear weapons and missile programs, which it carries out in defiance of U.N. Security Council resolutions.

The country, which has made no secret of its plans to develop a missile capable of hitting the U.S. mainland, has maintained warm political relations with Cuba since 1960, despite the island’s opposition to nuclear weapons.

Some diplomats said Cuba was also one of the few countries that might be able to convince North Korea to move away from the current showdown with the United States that threatens war.

The ministers, meeting in Havana, called for “respect for peoples’ sovereignty” and “the peaceful settlement of disputes,” according to a statement released by the Cuban foreign ministry.

“They strongly rejected the unilateral and arbitrary lists and designations established by the U.S. government which serve as a basis for the implementation of coercive measures which are contrary to international law,” the statement said.

U.S. President Donald Trump has also increased pressure on Cuba since taking office, rolling back a fragile detente begun by predecessor Barack Obama and returning to the hostile rhetoric of the Cold War.

A U.S. State Department official, speaking on condition of anonymity, said that the United States had made clear it wanted a peaceful resolution to the North Korean nuclear issue.

“The DPRK’s belligerent and provocative behavior demonstrates it has no interest in working toward a peaceful solution,” the official said.

DPRK stands for North Korea’s official name, the Democratic People’s Republic of Korea.

Cuba said in the statement the Cuban and North Korean foreign ministers had “expressed concern about the escalation of tensions” on the Korean peninsula.

“The ministers discussed the respective efforts carried out in the construction of socialism according to the realities inherent to their respective countries.”

Cuba and North Korea are the last in the world to maintain Soviet-style command economies, though under President Raul Castro, the Caribbean nation has taken some small steps toward the more market-oriented communism of China and Vietnam.

Cuba maintains an embassy in North Korea, but publicly trades almost exclusively with the South. Last year, trade with the latter was $67 million and with the North just $9 million, according to the Cuban government.

North Korea defends its weapons programs as a necessary defense against U.S. plans to invade. The United States, which has 28,500 troops in South Korea, a legacy of the 1950-53 Korean war, denies any such intentions.

Reporting by Sarah Marsh; Additional Reporting by Phillip Stewart in Washington; Editing by Lisa Shumaker and Nick Macfie

Kaspersky antivirus software sometimes copies your files files

November 4, 2017

Image may contain: tree, sky and outdoor

SAN FRANCISCO (Reuters) – Eugene Kaspersky said his company’s widely used antivirus software has copied files that did not threaten the personal computers of customers, a sharp departure from industry practice that could increase suspicions that the Moscow-based firm aids Russian spies.

The acknowledgement, made in an interview last Friday as part of the Reuters Cyber Security Summit, comes days after Kaspersky’s company said its software had copied a file containing U.S. National Security Agency hacking tools from the home computer of an agency worker in 2014.

 Image may contain: sky and outdoor

Kaspersky’s firm has for years faced suspicions that it has links with Russian intelligence and state-sponsored hackers. Kaspersky denies any cooperation with Russian authorities beyond cyber crime enforcement.

In September, the U.S. Department of Homeland Security banned Kaspersky software from use in federal offices, citing the company’s ties with Russian intelligence. The company is the subject of a long-running probe by the U.S. Federal Bureau of Investigation, sources have told Reuters.

Antivirus software is designed to burrow deeply into computer systems and has broad access to their contents, but it normally seeks and destroys only files that contain viruses or are otherwise threatening to a customer’s computers, leaving all other files untouched.

Searching for and copying files that might contain hacking tools or clues about cyber criminals would not be part of normal operations of antivirus software, former Kaspersky employees and cyber security experts said.

In the Reuters interview, conducted at Kaspersky Lab’s offices in Moscow, Eugene Kaspersky said the NSA tools were copied because they were part of a larger file that had been automatically flagged as malicious.

He said the software removed from the agency worker’s computer included a tool researchers dubbed GrayFish, which the company has called the most complex software it has ever seen for corrupting the startup process for Microsoft’s Windows operating system.

Kaspersky said he had ordered the file to be deleted “within days” because it contained U.S. government secrets.

But he defended the broader practice of taking inert files from machines of people that the company believes to be hackers as part of a broader mission to help fight cyber crime.

“From time to time, yes, we have their code directly from their computers, from the developers’ computers,” Kaspersky told Reuters.

‘IMPROPER PRACTICE’

Three former Kaspersky employees and a person close to the FBI probe of the company, who first described the tactic to Reuters this summer, said copying non-infectious files abused the power of antivirus software. The person associated with the FBI said in one case Kaspersky removed a digital photo of a suspected hacker from that person’s machine.

Eugene Kaspersky declined to discuss specific instances beyond the NSA case, saying he did not want to give hackers ideas for avoiding detection.

“Sometimes we are able to catch cyber criminals, that’s why I am not so comfortable to speak about this to media,” he said in the interview. “Many of them are very clever, they can learn from what I am saying.”

Other industry experts called the practice improper. Mikko Hypponen, chief research officer at Finnish security company F-Secure, said that when his firm’s software finds a document that might contain dangerous code, “it will prompt the user or the administrator and ask if it can upload a copy to us.”

Dan Guido, chief executive of cyber security firm Trail of Bits, which has performed audits on security software, said Kaspersky’s practices point to a larger issue with all antivirus software.

“All of them aggregate a huge amount of information about their clients, which can be easily exploited when put in willing hands,” he said.

U.S. news organizations have reported that Kaspersky, or Russian spies hijacking its service, have been searching widely among customers’ computers for secret files, citing anonymous U.S. intelligence officials. Reuters has not verified such reports.

Kaspersky said he hoped to alleviate concerns about his company by opening up his source code for review by third parties in independently run centers, as well as by raising the maximum amount it offers for information about security flaws in its programs to $100,000.

To read the latest Reuters coverage of cyber security, click on www.reuters.com/cyberrisk

Reporting by Joseph Menn in San Francisco; Additional reporting by Jack Stubbs in Moscow, Jim Finkle and Alastair Sharp in Toronto and Dustin Volz in Washington; Editing by Jonathan Weber and Bill Rigby

Russia’s Kaspersky to Allow Outside Review of Its Cybersecurity Software

October 23, 2017

Company hopes sharing source code will build trust after allegations its software helped Russia spy on Americans

Kaspersky Lab, the Moscow-based cybersecurity firm whose software U.S. officials suspect helped the Russian government spy on Americans, promised to make its source code available for an independent review.

The company said Monday the review is part of a “global transparency initiative” that it hopes will improve the trustworthiness of its products. It said it would hand over the source code for its software in the first quarter of next year but didn’t specify who would undertake the review or how widely the code would be…

 https://www.wsj.com/articles/russian-cybersecurity-firm-kaspersky-to-make-source-code-available-for-review-1508756502
.
Related:
.
.
.

Image result for Eugene Kaspersky, photos

Eugene Kaspersky

*****************************************************

Kaspersky fights spying claims with code review plan

October 23, 2017 — 0745

Apple Pay now in 20 markets, nabs 90% of all mobile contactless transactions where active

Russian cybersecurity software maker Kaspersky Labs has announced what it’s dubbing a “comprehensive transparency initiative” as the company seeks to beat back suspicion that its antivirus software has been hacked or penetrated by the Russian government and used as a route for scooping up US intelligence.

In a post on its website today the Moscow-based company has published a four point plan to try to win back customer trust, saying it will be submitting its source code for independent review, starting in Q1 2018. It hasn’t yet specified who will be conducting the review but says it will be “undertaken with an internationally recognized authority”.

It has also announced an independent review of its internal processes — aimed at verifying the “integrity of our solutions and processes”. And says it will also be establishing three “transparency centers” outside its home turf in the next three years — to enable “clients, government bodies and concerned organizations to review source code, update code and threat detection rules”.

It says the first center will be up and running in 2018, and all three will be live by 2020. The locations are listed generally as: Asia, Europe and the U.S.

No automatic alt text available.

Finally it’s also increasing its bug bounty rewards — saying it will pay up to $100K per discovered vulnerability in its main Kaspersky Lab products.

That’s a substantial ramping up of its current program which — as of April this year — could pay out up to $5,000 per discovered remote code execution bugs. (And, prior to that, up to $2,000 only.)

Kaspersky’s moves follow a ban announced by the US Department of Homeland Security on its software last month, citing concerns about ties between “certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks”.

The US Senate swiftly followed suit, voting to oust Kaspersky software from federal use. While three months earlier the General Services Administration also removed Kaspersky Lab from a list of approved federal vendors.

The extensive system-wide permissions of antivirus software could certainly make it an attractive target for government agents seeking to spy on adversaries and scoop up data, given the trust it demands of its users.

The WSJ has previously reported that Russian hackers working for the government were able to obtain classified documents from an NSA employee who had stored them on a personal computer that ran Kaspersky software.

Earlier this month CEO Eugene Kaspersky blogged at length — rebutting what he dubbed “false allegations in U.S. media”, and writing: “Our mission is to protect our users and their data. Surveillance, snooping, spying, eavesdropping… all that is done by espionage agencies (which we occasionally catch out and tell the world about), not us.”

We’re proud to keep on protecting people against all cyberthreats – no matter of false allegations in U.S. media https://kas.pr/x78t 

Photo published for What’s going on?

What’s going on?

I doubt you’ll have missed how over the last couple months our company has suffered an unrelenting negative-news campaign in the U.S. press.

eugene.kaspersky.com

But when your business relies so firmly on user trust — and is headquartered close to the Kremlin, to boot — words may evidently not be enough. Hence Kaspersky now announcing a raft of “transparency” actions.

Whether those actions will be enough to restore the confidence of US government agencies in Russian-built software is another matter though.

Kaspersky hasn’t yet named who its external reviewers will be, either. But reached for comment, a company spokeswoman told us: “We will announce selected partners shortly. Kaspersky Lab remains focused on finding independent experts with strong credentials in software security and assurance testing for cybersecurity products. Some recommended competencies include, but are not limited to, technical audits, code base reviews, vulnerability assessments, architectural risk analysis, secure development lifecycle process reviews, etc. Taking a multi-stakeholder approach, we welcome input and recommendations from interested parties at transparency@kaspersky.com

She also sent the following general company statement:

Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems.

As there has not been any evidence presented, Kaspersky Lab cannot investigate these unsubstantiated claims, and if there is any indication that the company’s systems may have been exploited, we respectfully request relevant parties responsibly provide the company with verifiable information. It’s disappointing that these unverified claims continue to perpetuate the narrative of a company which, in its 20 year history, has never helped any government in the world with its cyberespionage efforts.

In addition, with regards to unverified assertions that this situation relates to Duqu2, a sophisticated cyber-attack of which Kaspersky Lab was not the only target, we are confident that we have identified and removed all of the infections that happened during that incident. Furthermore, Kaspersky Lab publicly reported the attack, and the company offered its assistance to affected or interested organisations to help mitigate this threat.

Contrary to erroneous reports, Kaspersky Lab technologies are designed and used for the sole purpose of detecting all kinds of threats, including nation-state sponsored malware, regardless of the origin or purpose. The company tracks more than 100 advanced persistent threat actors and operations, and for 20 years, Kaspersky Lab has been focused on protecting people and organisations from these cyberthreats — its headquarters’ location doesn’t change that mission.

“We want to show how we’re completely open and transparent. We’ve nothing to hide,” added Kaspersky in another statement.

Interestingly enough, the move is pushing in the opposite direction of US-based cybersecurity firm Symantec — which earlier this month announced it would no longer be allowing governments to review the source code of its software because of fears the agreements would compromise the security of its products.

Source:https://techcrunch.com/2017/10/23/kaspersky-fights-spying-claims-with-code-review-plan/

U.S. Trying to Find More Doctors to Send to Disaster Areas

October 14, 2017

Hurricane Maria left Puerto Rico’s hospitals in bad shape

Volunteer doctors organize medical supplies during a visit to a shelter to check refugees in the aftermath of Hurricane Maria in Humacao, Puerto Rico, on Oct. 2.
Volunteer doctors organize medical supplies during a visit to a shelter to check refugees in the aftermath of Hurricane Maria in Humacao, Puerto Rico, on Oct. 2. PHOTO: RICARDO ARDUENGO/AGENCE FRANCE-PRESSE/GETTY IMAGES

A U.S. government program that sends doctors and nurses to disaster zones says it needs more health-care workers, as relief efforts during this hurricane season are near the end of a second month with no end in sight in Puerto Rico and the U.S. Virgin Islands.

The National Disaster Medical System, which recently wrapped up big deployments to hurricane-ravaged areas in Texas and Florida, says it will start recruiting more medical professionals in the next few weeks.

“We’re far from the recovery stage of this event,” Robert Kadlec, a U.S. Department of Health and Human Services assistant secretary, said Thursday of Hurricane Maria’s devastation. The storm largely destroyed Puerto Rico’s power grid, leaving half the local hospitals without power, and downed its communications network. The federal health agency oversees the program that temporarily hires health-care workers for what are typically two-week rotations.

The U.S. teams, which set up temporary hospitals and clinics, are helping relieve the strain on Puerto Rican hospitals. Nearly half of the local hospitals are depending on sometimes unreliable generators for power. Generator failures have forced recent evacuations at two hospitals. And others suffered storm damage that crippled operations, said Jaime Pla Cortes, executive president of the Puerto Rico Hospital Association, in an interview.

“Everybody has to improvise,” Mr. Pla Cortes said. “The nurses and the doctors are tired, they are working full time.”

The National Disaster Medical System entered the hurricane season understaffed, system director Ron Miller said, adding that the U.S. Office of Personnel Management recently authorized expedited hiring.

Since Hurricane Harvey hit Texas in late August, the federal system has deployed more than 40 36-person teams to Texas, Florida and Puerto Rico, plus several smaller teams, including some with logistics personnel, veterinarians and morticians. The system has also dispatched one team to California in response to the state’s wildfires.

The prolonged response is a “huge anomaly” for the system, Mr. Miller said. Two-week rotations have occasionally stretched into a month, he said.

The program has enough teams to deploy through mid-November, he said. The U.S. program set up a temporary hospital in San Juan and dispatched teams to hubs around Puerto Rico, Dr. Kadlec said.

To fill open positions, the system has relied on medical staff from the Department of Defense and Department of Veterans Affairs, the latter of which has 73 staffers helping in Manati, Puerto Rico.

Other American health-care workers are traveling to Puerto Rico as volunteers, coordinating efforts with HHS. About 80 nurses and doctors from New York-area hospitals flew to Puerto Rico Thursday.

Demand for volunteers is strong, said Jenna Mandel-Ricci, an executive with the Greater New York Hospital Association, which helped organize the trip with HHS and New York state officials. The federal agency “is saying they are taxed,” and volunteers left without knowing where they would be working during a two-week stay, she said. “That’s how fluid things are on the ground.”

Write to Melanie Evans at Melanie.Evans@wsj.com

US agencies banned from using Russia’s Kaspersky software

September 14, 2017

Federal agencies in the US have 90 days to wipe Kaspersky software from their computers. Officials are concerned about the Russian company’s ties to the Kremlin and possible threats to national security.

Headquarters of Internet security giant Kaspersky in Moscow (Getty Images/AFP/K. Kudryavtsev)

The administration of US President Donald Trump has ordered government agencies to remove products made by Russian company Kaspersky Labs from their computers.

The Department of Homeland Security (DHS) said Wednesday it was concerned that the cybersecurity firm was susceptible to pressure from Moscow and thus a potential threat to national security.

Read more: Facebook, Russia and the US elections – what you need to know

DHS said in a statement that it was “concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies,” as well as Russian laws that might compel Kaspersky to hand over information to the government.

But the makers of the popular anti-virus software have said “no credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions.”

US tech retailer Best Buy confirmed earlier Wednesday that it would no longer sell Kaspersky products, but has declined to give further details on the decision.

Ties between Kaspersky, Kremlin ‘alarming’

Civilian government agencies have 90 days to completely remove Kaspersky software from their computers. The products have already been banned in the Pentagon.

US congressional leaders have applauded the move. Democratic Senator Jeanne Shaheen said the “strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented,” and asked the DHS if the company’s products were used for any critical infrastructure, such as for voting systems, banks and energy supply.

Although Kaspersky Labs was founded by a KGB-trained entrepreneur, Eugene Kaspersky, and has done work for Russian intelligence, the company has repeatedly denied carrying out espionage on behalf of President Vladimir Putin and his government.

es/cmk (AP, Reuters)

http://www.dw.com/en/us-agencies-banned-from-using-russias-kaspersky-software/a-40500232