The Washington Post is reporting U.S. moves to ban Kaspersky software in federal agencies amid concerns of Russian espionage:
Acting Homeland Security secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal civilian government networks, giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.
[...] "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."
[...] The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, the GSA suggested a vulnerability exists in Kaspersky that could give the Kremlin backdoor access to the systems the company protects.
Someone that is in a position to know all about it tells me that Kaspersky doesn't detect malware created by the Russian Business Network. My fear is that if I named that someone, the RBN will give that someone a bad hair day.
[Ed. addition follows]
The full text of the DHS notice is available at https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01.
Previously:
FBI Reportedly Advising Companies to Ditch Kaspersky Apps.
Related Stories
Kaspersky Lab's tussle with the US government could have ramifications for its dealings with the private sector. A new report claims the FBI has been meeting with companies to warn them of the threat posed by the cybersecurity firm. The briefings are the latest chapter in an ongoing saga concerning the use of Kaspersky's products by government agencies. Officials claim the company is a Russian stooge that can't be trusted with protecting America's critical infrastructure. The company denies these claims -- its CEO Eugene Kaspersky has even offered up its source code in a bid to clear his firm's name.
It appears that olive branch went unnoticed. Throughout the year, the FBI has been meeting with US firms to convince them to remove Kaspersky Lab's tools from their systems, according to officials that spoke to CyberScoop. In view of the cyberattacks that crippled Ukraine's power grid in 2016, the FBI has reportedly focussed its briefings on companies in the energy sector. Although, it has also supposedly met with major tech firms too.
The law enforcement agency has apparently been sharing its threat assessment with the companies, including Kaspersky Lab's alleged deep ties with Russian intelligence. However, the meetings have reportedly yielded mixed results. Whereas firms in the energy sector have been quick to cooperate, tech giants have resisted taking swift action, claims CyberScoop.
Source: EnGadget
According to unverifiable sources, an NSA contractor stored classified data and hacking tools on his home computer, which were made available to Russian hackers through the contractor's use of Kaspersky Lab anti-virus software:
Russian government-backed hackers stole highly classified U.S. cyber secrets in 2015 from the National Security Agency after a contractor put information on his home computer, two newspapers reported on Thursday.
As reported first by The Wall Street Journal, citing unidentified sources, the theft included information on penetrating foreign computer networks and protecting against cyber attacks and is likely to be viewed as one of the most significant security breaches to date.
In a later story, The Washington Post said the employee had worked at the NSA's Tailored Access Operations unit for elite hackers before he was fired in 2015.
[...] Citing unidentified sources, both the Journal and the Post also reported that the contractor used antivirus software from Moscow-based Kaspersky Lab, the company whose products were banned from U.S. government networks last month because of suspicions they help the Kremlin conduct espionage.
Exclusive: U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources
U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said.
[...] Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.
The U.S. government has also blocked a string of Chinese acquisitions over national security concerns, including Ant Financial's proposed purchase of U.S. money transfer company MoneyGram International Inc.
The lawmakers are also advising U.S. firms that if they have ties to Huawei or China Mobile, it could hamper their ability to do business with the U.S. government, one aide said, requesting anonymity because they were not authorized to speak publicly.
Related: NSA Spied on Chinese Government and Huawei
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products
US officials: Kaspersky "Slingshot" report burned anti-terror operation
A malware campaign discovered by researchers for Kaspersky Lab this month was in fact a US military operation, according to a report by CyberScoop's Chris Bing and Patrick Howell O'Neill. Unnamed US intelligence officials told CyberScoop that Kaspersky's report had exposed a long-running Joint Special Operations Command (JSOC) operation targeting the Islamic State and Al Qaeda.
The malware used in the campaign, according to the officials, was used to target computers in Internet cafés where it was believed individuals associated with the Islamic State and Al Qaeda would communicate with their organizations' leadership. Kaspersky's report showed Slingshot had targeted computers in countries where ISIS, Al Qaeda, and other radical Islamic terrorist groups have a presence or recruit: Afghanistan, Yemen, Iraq, Jordan, Turkey, Libya, Sudan, Somalia, Kenya, Tanzania, and the Democratic Republic of Congo.
The publication of the report, the officials contended, likely caused JSOC to abandon the operation and may have put the lives of soldiers fighting ISIS and Al Qaeda in danger. One former intelligence official told CyberScoop that it was standard operating procedure "to kill it all with fire once you get caught... It happens sometimes and we're accustomed to dealing with it. But it still sucks. I can tell you this didn't help anyone."
This is good malware. You can't expose the good malware!
Related: Kaspersky Claims to have Found NSA's Advanced Malware Trojan
Ties Alleged Between Kaspersky Lab and Russian Intelligence Agencies
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products
Kaspersky Lab and Lax Contractor Blamed for Russian Acquisition of NSA Tools
(Score: 5, Interesting) by Nerdfest on Thursday September 14 2017, @10:06AM (9 children)
I'm pretty sure I just read something about Kaspersky outing a series of FBI backboors in a series of Microsoft products. If that's the case, it sounds like Kaspersky's a lot more concerned about actual security than the US government.
(Score: 4, Insightful) by bradley13 on Thursday September 14 2017, @11:27AM (8 children)
Exactly. Pot, meet kettle. Kettle, meet pot.
The US doesn't trust Kaspersky to not do the bidding of the Russian government. That's understandable.
But then: the rest of us don't trust US companies not to do the bidding of the US government. Actually, with those lovely National Security Letters and the accompanying secret courts, even US own citizens can no longer trust the US government.
Everyone is somebody else's weirdo.
(Score: 5, Insightful) by c0lo on Thursday September 14 2017, @01:12PM (5 children)
If you trust any government at all, you are out of your mind.
Even if a form or another of government is necessary, it still a beast one need to keep in leash - the "eternal vigilance" and all that.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday September 14 2017, @03:27PM (4 children)
How, exactly, would you go about performing this "eternal vigilance" you reference?
(Score: 2) by c0lo on Thursday September 14 2017, @04:27PM
Simple! Candle vigil in perpetuity!!
(grin)
(just in case if you were asking seriously: start thinking, critically if possible, and don't stop. In a case by case basis, you'll find something. Especially if you don't expect those answers to be revealed to you as pre-digested solutions)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by HiThere on Thursday September 14 2017, @04:34PM (2 children)
Well, you could re-read Patrick Henry and Thomas Paine...but keep in mind that Thomas Paine died in a French prison, and the US govt. didn't even ask that he be released.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by Grishnakh on Monday September 18 2017, @06:29PM (1 child)
Well, you could re-read Patrick Henry and Thomas Paine...but keep in mind that Thomas Paine died in a French prison, and the US govt. didn't even ask that he be released.
Where the hell did you read that? The Wikipedia page on him [wikipedia.org] clearly says he died in New York City, many years after being released from prison in France. In fact, he didn't even spend a whole year there, though he did narrowly escape beheading because the gaoler screwed up with marking the door, and a few days later Robespierre was deposed and executed. As for the US government, he was disliked by the Federalists, but he was friends with President Jefferson, and returned to America upon Jefferson's invitation.
(Score: 2) by HiThere on Tuesday September 19 2017, @01:51AM
I wouldn't accept Wikipedia as reliable, but a small bit of searching showed that you were correct. I'm not sure *where* read the answer I repeated, but I won't use it again.
OTOH, the basic message that you should remember you're likely to end up dead if you seriously fight the incumbent government remains true. I just need a more accurate example.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Interesting) by frojack on Thursday September 14 2017, @11:09PM
If we assume Kaspersky doesn't detect Russian Malware, and American products don't detect US Government Malware, then running both of them might actually make sense.
But it makes far more sense to just come out and ban Windows in any critical government system.
On the other hand, as someone who used to spend lots of money on defective antivirus and anti-malware products, only to find that they did not detect or prevent a whole litany of NSA malware suites, where do I go to get my money back?
No, you are mistaken. I've always had this sig.
(Score: 2) by Grishnakh on Monday September 18 2017, @06:15PM
I'm pretty sure I just read something about Kaspersky outing a series of FBI backboors in a series of Microsoft products. If that's the case, it sounds like Kaspersky's a lot more concerned about actual security than the US government.
Wrong. Kaspersky has no interest in hiding US FBI backdoors, true, but they will hide Russian-government-sponsored backdoors. Correspondingly, US-made software will have no interest in hiding Russian-related backdoors, but absolutely will hide US-government-sponsored backdoors.
The solution is simple: don't use Windows. You don't have to worry much about backdoors in Linux since it's an international and largely non-profit effort. Just stay away from Red Hat; Debian and its descendants are your best bet, or perhaps others like Arch, Gentoo, etc.
(Score: 2) by cubancigar11 on Thursday September 14 2017, @10:37AM (3 children)
Some time ago Kaspersky announced that it will release a free version of its anti-virus for rest of the world. I want to know if they followed up on that promise, because I couldn't find any free version from outside of USA.
(Score: 1) by anubi on Thursday September 14 2017, @11:42AM (2 children)
Anyone used the Kaspersky rescue disk? [kaspersky.com]
( Hat tip to an anonymous coward [soylentnews.org]. I really appreciated you posting your links. )
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 5, Informative) by nobu_the_bard on Thursday September 14 2017, @01:08PM (1 child)
I have used the Rescue Disk in the past. Its okay but its showing its age. It doesn't work on some newer stuff.
Kaspersky's TDSSkiller has been a lifesaver but overall antivirus products are not as relevant as they used to be.
If a system gets owned hard enough, its way too hard to fix it sometimes - better to restore from backups and patch the vulnerability they used or just rebuild from scratch with patches applied.
(Score: 1) by anubi on Friday September 15 2017, @05:00AM
Thanks for the reply.
Second that on TDSSkiller. As for myself, I now make a new disk image backup with Clonezilla whenever I do a significant change in the OS, otherwise I do simple incremental backups for my specific user directory. I started doing that when I saw these "cryptolocker" type proggies going around. The external USB drives are so inexpensive these days that I buy a new drive to make the latest disk image onto, just so that if my latest backup is also corrupted, I have the ones before that were likely made before the malware got ingested.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Funny) by turgid on Thursday September 14 2017, @11:03AM
That nice Mr Putin would like to offer free security software of finest Russian quality to all good citizens, businesses and institutions of formerly enemy countries as a gesture of goodwill and reconciliation. Rest assured that nice Mr Putin will be looking out for your safety and security 24 hours a day, every day from his secure nuclear bunker under the Kremlin. He encourages you to remove the duct tape from your webcams.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 4, Insightful) by pTamok on Thursday September 14 2017, @12:21PM (6 children)
Presumably, Russian anti-malware software will be diligent in recognising non-Russian malware; and USA-ian software will be diligent in seeking out non-USA-ian malware; so the solution would be to run both (probably in series, not in parallel) to give maximum protection. For the truly suspicious, use some other countries' software as well, and maybe run ClamAV [wikipedia.org], as it is open-source.
(Score: 0) by Anonymous Coward on Thursday September 14 2017, @12:46PM (3 children)
According to the wiki they are owned by cisco
(Score: 2, Interesting) by pTamok on Thursday September 14 2017, @02:18PM (2 children)
Being owned by Cisco is less of an issue when the software is FLOSS. Obviously Cisco could introduce subtle bugs, but it is more difficult when the users of ClamAV can compile from source rather than relying on pre-compiled binaries. This is not to say I think ClamAV is perfect - but it can be a useful addition to other (proprietary) approaches. Relying on it alone might be inadvisable. Using it as an adjunct to other malware detection software might be beneficial.
(Score: 0) by Anonymous Coward on Thursday September 14 2017, @03:14PM (1 child)
While I agree that is better, it's kind of marginal since the windows version is distributed in binary form and who needs AV software the most? and is least likely to have the skills necessary to check it?, it's not like Linux (or any of the FOSS)people are out there doing a code reviews of windows projects
(Score: 2) by Grishnakh on Monday September 18 2017, @06:18PM
it's not like Linux (or any of the FOSS)people are out there doing a code reviews of windows projects
Exactly, and it'd be pointless anyway because the underlying OS is closed, secret, and proprietary, and well-known to be spying on you anyway. If you care at all about security and privacy, you wouldn't be running Windows in the first place, so you won't need antivirus software.
(Score: 4, Informative) by nobu_the_bard on Thursday September 14 2017, @01:10PM (1 child)
ClamAV isn't too great, its generally too far behind the curve for me. If you're using it for mail filtering though check into this: https://github.com/extremeshok/clamav-unofficial-sigs [github.com]
It's the only reason ClamAV is worth bothering with on a mail system.
(Score: 1) by pTamok on Thursday September 14 2017, @02:20PM
Thanks for that. I know ClamAV doesn't tick all the boxes, but as I said in another posting, it might be a useful addition to other malware detection software. It's free, and might be worth the time needed to set it up.
(Score: 5, Funny) by Runaway1956 on Thursday September 14 2017, @03:04PM (1 child)
So, I was having problems with a Windows installation. I used McAfee to check things out, and I still had problems, just different ones. So, I used Microsoft's defender stuff, and it killed McAfee, but started spying on me. I grabbed Avast, which warned me about both McAfee and Microsoft DLL's and crap, but then, it started nagging all the time. On and on I went, until Kaspersky cleaned up the mess left by a dozen other security suites. NOW, you're telling me that Kaspersky reports to the Kremlin? Lemme see, what's next . . . . Panda? How about Panda? Does it report to the Chinese, or the Indians? I'm in security suite hell here!!
/sarcasm
You people know I don't run Winbloze!!
(Score: 1, Informative) by Anonymous Coward on Thursday September 14 2017, @05:01PM
It's far worse than that. Panda Security is in Glendale, California.
(Score: 2) by bzipitidoo on Thursday September 14 2017, @04:18PM (1 child)
For decades, the US government has expressed distrust of foreign products. They find it a convenient excuse to justify use of Windows rather than Linux. Windows is made by an American company and that supposedly makes it okay and safe from cyberespoinage. Of course that's utter nonsense, but they eagerly run with that because what they really want is the user friendly OS.
They are also afflicted with the religion that Microsoft being a for-profit company makes them and their products more reliable, shows that Microsoft is a good corporate, capitalist citizen that shares their values, unlike that Commie Linux OS.
(Score: 1) by anubi on Friday September 15 2017, @05:09AM
I see Microsoft as the CIA stool pigeon.
And its not only Governments which are probing up the rear end.
Its beautiful to look at, a dream to run, but I have a hard time trusting it.
I have the same feeling about going to bed with a prostitute. I know from the start she's working for someone else. I'm just the john that will pay for her services.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]