US Officials Are Warning About A Russian Cybersecurity Company's US Government Ties
Last edited Tue May 9, 2017, 03:42 AM - Edit history (4)
Source: BuzzFeed News
WASHINGTON, DC US intelligence officials are expressing concern over a Russian cybersecurity companys access to US government systems and pushing the General Services Administration for answers on how long it has been approved for use by US agencies.
Three US intelligence officials told BuzzFeed News they were concerned by what they categorized as a close relationship between the company, Kaspersky, and the Russian government, and what giving the company access to US government systems could mean. All of the officials who spoke with BuzzFeed News requested anonymity to discuss internal intelligence community conversations about Kaspersky.
A spokesperson for Kaspersky told BuzzFeed News that the company has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts. For 20 years, Kaspersky Lab has been focused on protecting people and organizations from cyberthreats, and its headquarters location doesnt change that mission--just as a U.S.-based cybersecurity company doesnt send or allow access to any sensitive data from its products to the U.S. government, Kaspersky Lab products also do not allow any access or provide any secret data to any countrys government. The concern over Kasperskys access to US government agencies comes amid rising alarm in Washington over the security of government systems, and the hacking of the DNC and Clinton campaign, which the intelligence community has blamed on Moscow.
The officials said that they had not seen any evidence linking Kaspersky to the Kremlins election operation, but said the concerns are, instead, stemming from broader concern over Russian meddling in US affairs.
Read more: https://www.buzzfeed.com/alimwatkins/us-officials-are-warning-about-a-russian-cybersecurity?utm_term=.vnAWyJLML#.jgpYB03Z3
The problem is obscured, according to the article, by contractors that work for the US government and subcontract work out to Kaspersky. And it gets worse: "Kaspersky software appears to be a 'licensed component of other cyber products' sold by other vendors in use by the US government."
ON EDIT: Here is an article I just found, about Kaspersky holding a competition for students from 19 universities in the US and the UK -- related to technology for DIGITAL VOTING SYSTEMS.
So America's best and brightest are being hooked up with Kaspersky while they're still in school. And they're working on voting machine software. Great.
https://blog.kaspersky.com/cybersecurity-case-study/13575/
[div class"excerpt"]Over the past few weeks, teams from 19 universities in the US and UK competed in Kaspersky Labs Cybersecurity Case Study Competition, hosted by The Economists Which MBA? site. The teams were challenged with a complex task:
Can technology play a greater positive role in democracy and the way people make important decisions about the future of their countries? With digital voting, a new wave of challenges rolls in: from guaranteeing the anonymity of voters to the prevention of fraud, all the while ensuring the security of the voting system itself. One small vulnerability or oversight could very well change the course of a nations history.
https://www.democraticunderground.com/10029033674
marybourg
(12,586 posts)into my computer for at least a decade on the general principle of "why look for trouble". I guess the U.S. government doesn't know that principle.
TheBlackAdder
(28,167 posts)FormerOstrich
(2,699 posts)Kaspersky is a Russian company and the worlds largest privately-held software developer of security/threat management systems. You are right, it is bundled (or components) in with other products.
Kaspersky is running on millions servers and workstations worldwide (400 million USERS according to Wiki). I wish I had the time, money, and energy to research it.
I posted comments back in 2014 (and commented even more recently):
http://www.democraticunderground.com/1014839869
http://www.democraticunderground.com/1014862027
Here is the wiki link: https://en.wikipedia.org/wiki/Kaspersky_Lab
pnwmom
(108,959 posts)IthinkThereforeIAM
(3,075 posts)... or at least trained by the KGB. As per the wikipedia link you offered.
Eyeball_Kid
(7,429 posts)pnwmom
(108,959 posts)Last edited Tue May 9, 2017, 12:42 PM - Edit history (1)
hamsterjill
(15,220 posts)n/t
mdbl
(4,973 posts)without answering to the Kremlin. Yeah sure - yawn.
pnwmom
(108,959 posts)according to reports -- sort of torpedoes that idea.
mdbl
(4,973 posts)I don't care how effective we think they are. We need to get off our butts and do the work in the U.S. This should have been a no-brainer all a long. Speaking of no brains look at our congress and the president.
pnwmom
(108,959 posts)I hope Kaspersky loses.
mdbl
(4,973 posts)I don't have much hope for the U.S. winning anything since all someone has to do is pay off the dolts in congress.
BumRushDaShow
(128,515 posts)The article notes at the end -
That company was founded under Yeltsin and I wouldn't be surprised if it has been very much co-opted for use by the current President of Russia.
pnwmom
(108,959 posts)I don't love Microsoft but I hope they win.
BumRushDaShow
(128,515 posts)Both the NSA and the GCHQ heavily targeted the Russia-based antivirus company Kaspersky Lab, The Intercept reports, citing documents leaked by NSA whistleblower Edward Snowden.
Targeting antivirus software is highly strategic. Security products often run on operating systems using the highest of computer privileges. If attackers are able to exploit such softwares, it's possible for the hackers to do even more damage with the elevated control the software grants.
The new documents indicate the NSA was able to gain access to a trove of Kaspersky-specific information, including:
"Leaky" user information that was being transmitted through the companys networks Private emails sent to the firm Lists of new malware that were flagged for Kaspersky
This sort of cyberespionage has become somewhat common, with governments trying to find vulnerabilities in security software and antivirus companies trying to discover state-led attacks. The report explains:
Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
<...>
http://www.businessinsider.com/snowden-documents-reveal-nsa-targeted-kaspersky-and-other-antivirus-companies-2015-6
pnwmom
(108,959 posts)a few weeks after the election.
Remember? Some hacker named Rasputin had dug into the Election Assistance Commission -- the gov body that is in charge of election security, including voting machines. And the hacker was caught trying to sell the info.
They tried to reassure the public, saying that in this kind of hack it was unlikely that the seller had had the info for very long -- i.e., long enough to have actually influenced the election weeks before, because usually these sellers try to sell their info as fast as possible.
But they ALSO said the vulnerability could have been exploited by others while it was open. So how do we know the vulnerability wasn't exploited by the Russians weeks before?
BumRushDaShow
(128,515 posts)especially if they already had a "company" that was expert in vulnerabilities and exploits.
It's just a mess.
Ghost Dog
(16,881 posts)pnwmom
(108,959 posts)but we know better.
Do you think Kaspersky Labs would ADVERTISE the fact that it is controlled by the Russian government? Do you think any western countries would buy its products under those circumstances?
So why should you believe anything they say about that? Russia is an authoritarian kleptocracy -- not a Democracy. Any company that manages to be successful in that environment is cooperating with the government.
Here's some evidence: one of their employees was arrested this winter for TREASON - because the employee had been assisting the US in a cybercrime investigation. If Kaspersky Labs was a private company, how could doing their job result in charges of treason?
Ghost Dog
(16,881 posts)to, without evidence, and to employ strawman arguments, but your final paragraph appears to offer 'fake news' as evidence, viz:
https://arstechnica.com/security/2017/01/kaspersky-labs-top-investigator-reportedly-arrested-in-treason-probe/
pnwmom
(108,959 posts)the public relations statement provided by a Russian company whose employee has just been accused of treason, and was led away with his head in a bag.
dembotoz
(16,785 posts)It has blocked and fixed stuff
And it doesn't crash my computer like others
TomVilmer
(1,832 posts)... and vice versa. So I happily chose my anti virus gear as a mix from different countries. But I have had none running daily at my PC for the last ten years, except for the firewall. Just use them for a clean up once in a while.
dembotoz
(16,785 posts)Chakaconcarne
(2,436 posts)I read that somewhere..
pnwmom
(108,959 posts)defacto7
(13,485 posts)I have been warning about this for years. Does anyone listen? Hell no. Who would listen to some old guy with 10 outdated servers who's been playing tag with cyber hacks since the 80s just for the hell of it. You would think governments with billions could figure this stuff out while this novice tech saw it in the works for practically nothing. It amazes me how cyber inept we've become as a nation. And I'm noboby.
pnwmom
(108,959 posts)You're someone who knows something about computers, unlike me. We need people like you to work on this.
defacto7
(13,485 posts)My fascination with the Internet and server security is just a hobby but maybe that's what makes it more obvious to me. I'm not prone to look the other way for the sake of the money or be controlled by the politics of it.
IthinkThereforeIAM
(3,075 posts)... I did my site creation and hosting as a hobby, not into it anymore, I could but...
defacto7
(13,485 posts)pnwmom
(108,959 posts)When have you ever had a better excuse to indulge your "hobby"?
hamsterjill
(15,220 posts)They don't look for the "simple".
Would be pretty powerful if Kaspersky was "invited" onto many computers in the United States (and the world) and then just turned everything off all at once, wouldn't it?
Simple is usually more effective than difficult.
defacto7
(13,485 posts)Cyber crime, espionage, whatever, plays on fear of the unknown until people give in and give up their privacy to experts. Trusting experts on the idea that money can buy security and more money buys more security is a foolish premise. Trusting any expert to make sure we can live dangerously under their umbrella is a fools game. It is and always has been up to every person to be up to the task of securing our own important data and be able to test any company we need to be connected with. If we can't do that, then don't use the net for anything important.
The untrustworthy will always try to make security just beyond the average person's reach and pick their target from the surface dwellers. Unfortunately, I think our government is mostly made of surface dwellers. Easy pickins.
There's just something about trusting "big daddy" that makes me wary.
pnwmom
(108,959 posts)She only does hers in the secured server at work, and that's not available to me, so I still go into the physical bank.
defacto7
(13,485 posts)Sometimes the easy way seems to be a wonderful opportunity, but it can also be a headache if it's not properly implemented and banks aren't always setup well...and who is to know if they are? One thing is for sure, if you don't use it, it won't hurt you. If one does use the net for important information then they need to know what they're doing and the possible consequences if they don't. Sounds like you and your relative know what to do and that is good for all of us!
IthinkThereforeIAM
(3,075 posts)... in the early 2000's. So I have been aware of Kaspersky, too. I never felt I could trust it, although their alerts were interesting. Too many weird coincidences reading their history and things they brag on as of today...
defacto7
(13,485 posts)Build trust and look like a saviour then conquer or the better analogy might be Trojan Horse. I just take what data is relevant and never bite their bait. You certainly can't listen to their pitch. I have little confidence in any company that offers security. Security doesn't exist on the net. The trick is to be as wary and educated as possible about the basics.
Blue_Tires
(55,445 posts)There's also a Kaspersky connection to Snowden, but that's not my business...