Note: This post has been moved from Latest picks due to length of extended updates.
Kaspersky software banned from US government agencies (arstechnica.com).
“The Department of Homeland security ordered government agencies to stop using any software products made by Kaspersky Lab today. Officials cited concern about possible ties between Kaspersky officials and Russian intelligence. Agencies in the executive branch are expected to begin the process of discontinuing Kaspersky products within 90 days. According to a DHS statement posted online by Reuters reporter Dan Volz: The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security.”
With the order applying “to all civilian government networks, but not the military”, The General Services Administration removing Kaspersky from a list of pre-approved technology vendors back in July “after press reports emerged linking the company to Russian intel” and causing patriotic “giant tech and appliance retailer” Best Buy to lasso Kaspersky products on its shelves and drag them off into the sunset.
“The federal ban could lead to pressure on state and local governments to ditch Kaspersky products as well.”
Making it sound like a modern version of the McCarthy trials, albeit with a blow-hard who allegedly has more to hide and under investigation for his Russian links and inability to keep secrets taking up much presidential chair in plain sight, with intelligences agencies and many Americans woefully embarrassed he got there: Trumpboast: “Big intelligence to share & a big Johnson too” (thisisnocave.blogspot.co.uk, 16th May 2017).
“President Trump on Tuesday defended revealing sensitive information to top Russian diplomats, saying in pair of early morning tweets that has an ‘absolute right’ to do so.”
And it all sounds rather vague, as a Kaspersky Lab spokesperson said in a statement that the company is disappointed in the DHS decision:
“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia. Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues.”
And, of course, it was NSA source code and exploits from “cache of cyber weapons” suspected of being re-bundled as malware that crippled our National Health Service via a ransomware attack back in May according to NSA whistleblower currently in exile in Russia Edward Snowden, none of which I seriously doubt were using Kaspersky: National Health Service ransomware attack; not targeted, just un-patched opportune (thisisnocave.blogspot.co.uk, 13th May 2017).
Perhaps, the rational being so vague, it’s as much to do with anti-virus software that detects US agencies “malware” they’d rather AV companies agree to turn a blind eye to; anyone remember Magic Lantern? Magic Lantern is FBI keystroke logging software (Wikipedia).
Updated 25th October 2017
Or is it perhaps more a case of good spooks able to use good software to suit their needs, not so good ones turning theirs off to download likely trojan hosting pirated software, and sour grapes regards Kaspersky picking up their own malware?
“The Wall Street Journal reported on Oct. 5 that Russians had used Kaspersky’s software to steal NSA secrets from a staffer’s home laptop. In 2015, the antivirus scanner picked up the NSA’s hacking tools, which landed in the Kremlin’s hands, according to the report. … CyberScoop also reported on the same day that Kaspersky Lab and the US government had a tense confrontation in 2015 after the security company boasted to FBI agents during a sales pitch that the software could be used as a tool for spying on terrorists.”
With said “NSA’s hacking tools” seemingly for sale on the Dark Net for whoever has Bitcoin to buy as well as “landed in the Kremlin’s hands” and the ban coming after word from Israeli spies who hacked Kaspersky to “prove”—although seemingly actually failing to find enough evidence to do so—Russian spies were using it to spy on American spies (theguardian.com).
It should perhaps be recalled that Israeli security may bare something of a grudge after Kaspersky’s research on Stuxnet malware created by the US and Israel to harm Iran’s nuclear industry.
And despite a cautious “yes” to removing if you are someone of interest to FSB agents “rummaging through his or her family vacation photos” or extensive collection of Mexican popstrel and actress Belinda Peregrín Schüll videos, and with Best Buy, Office Depot and Staples taking the patriotic ticket and removing it from their shelves, is everyone convinced by the hearsay of the need to dump?
“Not quite. Interpol, an international police organization based in France, signed an agreement to further its cooperation with Kaspersky on Oct. 12. Germany’s federal cyberagency continues to use Kaspersky’s software, pointing out that no evidence has surfaced about Russian ties. And in September, the company landed a contract with the Brazilian Armed Forces as well.”
With company pointing to a “customer satisfaction award, boasting of its high ratings from users in nearly 200 countries”.
Updated 1st November 2017
Kaspersky CEO says hack claims cutting U.S. cyber security sales (uk.reuters.com).
“Eugene Kaspersky told Reuters on Friday that the Moscow-based cyber security firm that bears his name would see a “single-digit” drop in U.S. sales this year as a result of suspicions about his company’s ties to the Russian government … [but that] the federal agency market had been negligible for the company. He said the company was looking at switching KGSS employees to different roles in the company, such as enterprise and intelligence service sales.”
In a “by turns frustrated and defiant in an 80-minute interview in his Moscow office” reaffirming that “we’ve done nothing wrong” and that interaction with Russian law and spooks is “limited to cyber crime investigations, data sharing about cyber crime” and “that’s it”. The article also reminding from whom the ban order seemingly came:
“U.S. President Donald Trump’s administration last month ordered Kaspersky’s products removed from U.S. government computers, citing concerns about Kremlin influence and saying the software could jeopardize national security.”
A game of blame I’m sure Orange Don would be keen to renew American’s attention on now that FBI investigation into his campaign’s collusion with Russia moves to the stage were the first charges are leveled: Russia investigation: Donald Trump unleashes barrage of angry [blame “crooked Hilary”] tweets amid reports of charges (standard.co.uk).
Updated 2nd December 2017
Formally offering a 12-month free trial of Kaspersky anti-virus products to new customers.
“The bank emailed 290,000 online banking customers on Saturday to say the move was a ‘precautionary decision’”.
Saying it treated the security of its customers “very seriously” and suggesting, with regards “UK cyber-security chiefs” warning government departments not to use software from Russian companies.
“The National Cyber Security Centre—the UK’s authority on cyber security and part of GCHQ—is writing to all government departments telling them Russian security software could be exploited by the Kremlin. But officials stressed they were not saying members of the public or companies should stop using Kaspersky products, which are used by about 400 million people globally.”
But that “but” seemingly not applying to Barclays as it likely will not to many other “members of the public or companies”.
“Barclays told customers it would no longer offer free Kaspersky software “following the information that’s been shared in the news”—but advised people with the software already installed that they did not need to take any action.”
Framing it as a “precautionary decision to no longer offer Kaspersky software to new users”.
But, seemingly with a but—or however—of its own:
“‘However, there’s nothing to suggest that customers need to stop using Kaspersky.’ It went on: ‘At this stage there is no action for you to take. It’s important that you continue to protect yourself with anti-virus software.’”
Which for “members of the public or companies” might be best not to be Kaspersky with all that exploitation by the Kremlin they are hearing about.
“A spokesman for Kaspersky said it was ‘disappointed’ that Barclays had discontinued its offer to new customers.”
Updated 22nd December 2017
“Kaspersky Lab said Monday it has asked a US federal court to overturn a Trump administration ban on US government use of the Moscow-based cybersecurity company’s software, saying the move deprived the company of adequate due process.”
That “due process” being fair treatment in the judicial system, usually requiring some sort of proof of misdeeds to be presented without the presidential ability to fire chap threatening to investigate them.
“‘DHS has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company,” Kaspersky founder Eugene Kaspersky wrote in an open letter to Homeland Security published on Monday. …The company alleges the US government relied primarily on rumors and uncorroborated news media reports as evidence in making its decision to ban the software. It’s asking the court to overturn the ban and declare the company’s products do not pose a security threat.’
But—and it’s a big big orange butt:
“It wasn’t immediately clear what effect overturning the ban would have after President Donald Trump last week signed into law a sweeping defense policy spending bill that reinforces the Homeland Security prohibition on US government use of Kaspersky software.”
Well, not clear to Cnet perhaps, but some might think, as Kaspersky has suggested, he’s given up on selling software to US government and is more interested in getting retailers like Best Buy, Office Depot and Staples that removed Kaspersky’s software from their shelves to persuade the big basket full of uber-patriotic Deplorables that they have more to fear from Ruskies than their own government popping up out of apartments toilet bowel to take a peek.
- Google pulls 300 Android apps used for DDoS attacks (Latest picks 30th August 2017)
- National Health Service ransomware attack; not targeted, just un-patched opportune (thisisnocave.blogspot.co.uk, 13th May 2017)
Page: prev. | 1 | next