Recently, we have reported several claims (here, here, and here) made by the Russian security software manufacturer Kaspersky Lab that they have discovered 'evidence' of NSA involvement in malware. Now, Bloomberg claims that the Moscow-based computer security company has effectively been taken over by the FSB. Company founder Eugene Kaspersky was educated at a KBG-run school, which was never a secret, but the new report describes a much more current and intimate connection.
Kaspersky Lab is denying the allegations, as one might expect, and counter with the statement:
It's not as though the US has clean hands in all of this. The CIA has funded the development of security software firms like FireEye, Veracode, and Hytrust though its In-Q-Tel investment fund, and American firms have been noticeably silent when it comes to investigating suspected US state-sponsored malware.
We are unlikely to hear the truth from either side, nor should we realistically expect a confession from the NSA or the FSB. Nevertheless, it is possible that the security industries on both sides are 'guilty' of looking after their respective government's interests and what we are seeing is just another day in the world of intelligence collection and cyber-security, the world of claim and counter-claim.
[Editor's Comment: Typo fixed at 15:39 UTC]
(Score: 2) by Adamsjas on Sunday March 22 2015, @05:53PM
These carefully worded "rational" responses would look better if the company also revealed (or at least detected) some Russian government malware, backdoors, or viruses.
To date, their product only the typical rogue malware from non-government sources, typically what any other product detects. They aren't any better than the others.
Yes, there is a bunch of NSA/CIA exploits. Fully agreed. Lets not argue about that.
But why do they only publish those that have already been disclosed or hinted at by long published sources (Snowden releases), and none from their own government?
(Score: 4, Insightful) by Jeremiah Cornelius on Sunday March 22 2015, @06:15PM
Look at context - how many OTHER security research groups in the software industry have produced evidence of large-scale, highly sophisticated and subversive malware, clearly produced by Russian military or other state organizations?
None.
Not saying they DON'T exist - but the US has been especially pernicious and reprehensible in the extreme. This is not a position they occupy, only relative to the merits of any other state.
Snowden gave a roadmap of where to look. Naturally, one would expect a great deal of interest and effort spent on following the leads provided in these leaks. Like it or not? Kaspersky can publish their findings in a way that Qualys, Symantec or Intel Security (McAfee) would find potentially difficult - especially in the current era of the corporate military surveillance state as defacto US power establishment.
For instance, the SNOWGLOBE analysis came from GData - a German based, European outfit: https://blog.gdatasoftware.com/blog/article/babar-espionage-software-finally-found-and-put-under-the-microscope.html [gdatasoftware.com]. Earlier, REGIN was discovered by Symantec [cnn.com], concurrently with Kaspersky. [wikipedia.org] I know from experience, that researches at different companies share information. I
t appears at Kaspersky, they were less troubled to see "how far the rabbit-hole goes". That is something to celebrate, rather than denigrate.
You're betting on the pantomime horse...
(Score: 2) by c0lo on Sunday March 22 2015, @06:17PM
I guess from the goodness of their hearth. They let the US companies (Symantec, McAffee, etc) to make a name for themselves.</sarcasm>
(why do you take it for granted that such malware exists?)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Monday March 23 2015, @12:37PM
Because the majority of professional malware has been confirmed for years now to be coming from the eastern bloc and the Russian mafia, that's why. Duh.