Drudge Retort: The Other Side of the News
Wednesday, October 11, 2017

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs. What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool -- antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies. The Israeli officials who had hacked into Kaspersky's own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

Advertisement

Advertisement

More

Alternate links: Google News | Twitter

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky's antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

Like most security software, Kaspersky Lab's products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.

Comments

Admin's note: Participants in this discussion must follow the site's moderation policy. Profanity will be filtered. Abusive conduct is not allowed.

More from article:

The Wall Street Journal reported last week that Russian hackers had stolen classified N.S.A. materials from a contractor using the Kaspersky software on his home computer. But the role of Israeli intelligence in uncovering that breach and the Russian hackers' use of Kaspersky software in the broader search for American secrets have not previously been disclosed.

The Kaspersky-related breach is only the latest bad news for the security of American intelligence secrets. It does not appear to be related to a devastating leak of N.S.A. hacking tools last year to a group, still unidentified, calling itself the Shadow Brokers, which has placed many of them online. Nor is it evidently connected to a parallel leak of hacking data from the C.I.A. to WikiLeaks, which has posted classified C.I.A. documents regularly under the name Vault7.

#1 | Posted by Gal_Tuesday at 2017-10-10 08:45 PM | Reply

Really:

"For years, there has been speculation that Kaspersky's popular antivirus software might provide a back door for Russian intelligence. More than 60 percent, or $374 million, of the company's $633 million in annual sales come from customers in the United States and Western Europe. Among them have been nearly two dozen American government agencies -- including the State Department, the Department of Defense, Department of Energy, Justice Department, Treasury Department and the Army, Navy and Air Force."

2 dozen govt agencies? It shouldn't take an CIA or NSA analyst to figure out that was stupid.

#2 | Posted by Gal_Tuesday at 2017-10-10 08:49 PM | Reply

Huh. When I worked for a defense contractor (let's call them EyeCo, because they where straight up Illuminati) something like this never would have even been allowed. Ordinary disks or memory sticks couldn't be read by outside computers, they punched a hole in your virus protection and wouldn't let you read any data, no matter how hard you tried, even with a track/bit editor (I took some source code home one night to work on it, and was shocked to find that out).

I was eventually fired from that job, for "breaking too many rules". I asked them what rules I had broken, and they wouldn't tell me.

#3 | Posted by HeliumRat at 2017-10-10 11:24 PM | Reply

I can't help suspecting that Israel caught Russia illegally hacking our secrets while they themselves were in the process of hacking our secrets.

#4 | Posted by moder8 at 2017-10-11 11:34 AM | Reply | Newsworthy 1

#3 | Posted by HeliumRat

That's actually interesting in more ways than one. What period of time was this? I mean going back to 2000 and working in IT at a Fortune 100 we didn't have USB access to the desktops, no writing to media like CD or Diskette etc. And that was a non-defense contractor. Of course in IT systems admins had ways around it.

When it came to major defense contractors I was aware of you had 2 separate networks one that had email and such and was connected to a highly secure network for "normal" work. The other was for anything related to your defense work. Such as coding, design and documentation. That network had no connectivity to the outside world. Physically separated network. You had no ability to use USB and other devices on those systems. Everything had to go through checks to make it onto the network. But even then I don't think those systems were highly encrypted. There were of course things on those networks that were highly encrypted but the tech was just too slow.

In both cases they had a very good log of what you were doing.

I have to say though it's surprising you would admit to a potential felony. What on earth possessed you to take code home?

#5 | Posted by GalaxiePete at 2017-10-11 11:47 AM | Reply

What a smear job against Kaspersky, an engine that has identified millions of compromised hashes and introduced thousands of ways to block malware. That's what all of the major engines do. Kaspersky has done more to thwart cybercriminals than all but a few of the anti-cybercrime institutions across the world like Symantec, ESET, etc. I get there has to be some kind of US government block against a company based in a country with very fragile relations with the US, but smearing them completely tarnishes the contributions they have made against cybercrime. Like Symantec, they have created hundreds of thousands of signatures to identify malware and cyberactivity before it is able to infect systems. What a shame the media does this kind of stuff. Another reason why the laws protecting the media are just as outdated as the laws protecting guns.

#6 | Posted by humtake at 2017-10-11 11:53 AM | Reply

#6 | Posted by humtake

It just illustrates we are all vulnerable to our AV companies. The fact that Kaspersky is literally full of former KGB and FSB officers should be a hint not to trust them though. Symantec has been garbage for years, Kaaspersky actually worked well. But it makes you wonder how many of those viruses they were catching were from "friendly" Intelligence agencies. They were the ones that found Stuxnet after all.

Signature based AV was always weak - it was reactive. No signature = no protection. And now it is all but useless. It can't stop much of anything anymore. Next Gen AV is out there but and works well when configured properly AND aggressively.

#7 | Posted by GalaxiePete at 2017-10-11 12:06 PM | Reply

Now there is a "source" for credibility.

#8 | Posted by fresno500 at 2017-10-11 01:10 PM | Reply

"What a smear job against Kaspersky, an engine that has identified millions of compromised hashes and introduced thousands of ways to block malware."

You are naive fool or a Russian tool. You certainly don't sound like an American concerned about this latest proof of Russian involvement in attacking our systems.

Kaspersky has been proved to be used as a tool to hack our systems and you still try to proclaim they are innocent?

Get your head out the sand (or your rear).

"but smearing them completely tarnishes the contributions they have made against cybercrime." They were used either knowingly or unknowingly to gather data on sensitive systems so they could later be hacked. Who knows how long it has been going on? That cancels out any good they have ever done.

The Russians have brought this scrutiny upon themselves by attempting to interfere with our democratic institutions.

There is an active information and cyber war going on and we are under attack by hostile powers and this is just more evidence of Russia's direct involvement. There will be more "victims" before it is all over.

Acting like it is a some kind of hoax is just plain ignorant.

#9 | Posted by donnerboy at 2017-10-11 04:26 PM | Reply | Newsworthy 2

I get there has to be some kind of US government block against a company based in a country with very fragile relations with the US, but smearing them completely tarnishes the contributions they have made against cybercrime. Like Symantec, they have created hundreds of thousands of signatures to identify malware and cyberactivity before it is able to infect systems.

#6 | Posted by humtake

Yes, and this trojan horse is made out of such fine timber! Why is everyone ignoring that and just focusing on the soldiers that emerged from it and killed everyone?

I guess trump support has grown into russian espionage support.
Had the russians supported clinton of course you'd be saying taking the exact opposite position.

#10 | Posted by SpeakSoftly at 2017-10-12 08:48 PM | Reply

Remember the USS Liberty!!!

"Fresh off his trip to Reno, Nevada where he was instrumental in accomplishing the previously unheard of task of persuading The American Legion to pass Resolution 40 calling on Congress to conduct an investigation of the attack on our ship, USS Liberty Survivor, Bryce Lockwood had a one-on-one meeting with President Donald Trump"

usslibertyveteransblog.com

napalm will ruin your day!

#11 | Posted by mutant at 2017-10-12 09:31 PM | Reply

And yet Trump missed the sanctions deadline against Russia....

Surprise surprise surprise...

#12 | Posted by Sycophant at 2017-10-13 10:49 AM | Reply

Comments are closed for this entry.

Home | Breaking News | Comments | User Blogs | Stats | Back Page | RSS Feed | RSS Spec | DMCA Compliance | Privacy | Copyright 2017 World Readable

Drudge Retort