General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMSNBC: Russian Hackers Stole NSA Tools From Contractor Who Used Kaspersky Software
The details were first reported Thursday by The Wall Street Journal.
The contractor, whose name has not been made public, worked for the National Security Agency, which specializes in hacking computers and eavesdropping on communications.
The Journal said the stolen material included secret details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S.
The report also said it was unclear whether the contractor had lost his job or is facing prosecution. He is not believed to have wittingly cooperated with a foreign government.
The man took his work home in violation of NSA rules, and Russian hackers were able to identify the material and access his machine because he was using Kaspersky software, the former official said.
https://www.nbcnews.com/news/investigations/russian-hackers-stole-nsa-tools-contractor-who-used-kaspersky-software-n808101
LisaM
(27,842 posts)I seriously thought my TV had been hacked! I am surprised the government was using it at all.
Raster
(20,998 posts)....on his home PC, which should not have been used for high-security purposes.
LisaM
(27,842 posts)I'm actually concerned about the level to which intelligence agencies use contractors.
Blue_Tires
(55,445 posts)and running for shelter on twitter right now...
JHan
(10,173 posts)using deflection in his latest intercept piece.
Ah Glenn.
defacto7
(13,485 posts)to software with unmonitored internet together on the same computer with classified information... software that is expected to scan everything on the computer at will.
May I put googly eyes here?
Raster
(20,998 posts)...and his "Total Security"?
HipChick
(25,485 posts)and never allowed a security clearance in his life again..
iluvtennis
(19,880 posts)defense company. Ias employee and all contractors had to sign Non Disclosure Agreements and those indicated all classfied materials stayed within the working vault rooms.
GAH, I hate this shit that some don't use their common sense.
DeminPennswoods
(15,290 posts)Kapersky Labs' anti-virus s/w on it schedule, iirc. I'm not sure a lot of people understand how GSA works. Probably most think GSA just manages buildings, but they certify a number of things on their schedule that all gov't agencies are then free to use. Contractor services are one thing, for ex. Software is another. Agencies don't have to go through competitive contracting to use a GSA-approved product. They can just pick what they want off the schedule.
Link: https://www.gsa.gov/acquisition/purchasing-programs/gsa-schedules/about-gsa-schedules
Loyd
(309 posts)I find Norton to be the best, but it certainly isn't perfect.
Ford_Prefect
(7,923 posts)I think it could be a public explanation that we'll swallow rather than an uglier truth they would not like us to know.
Just how stupid are we supposed to believe that contractor was? Why would someone with clearance and experience enough to possess those tools as part of his job assume that his home computer was safe? Wouldn't he have been aware of just how much security he really needed given that his job is breaking into other people's computers using those tools we are supposed to believe were stolen from an off-site, Non-NSA sanctioned computer. I have a feeling this is a plausible version but not the truth. I doubt anyone over at E.F.F. for example would believe it.
No. This sounds a bit too pat and a bit too ironic to be true. It stinks in fact.
Denzil_DC
(7,278 posts)The Wall Street Journal just published an incendiary article that says hackers working for the Russian government stole confidential material from an NSA contractor's home computer. The hackers did so, according to the WSJ, after identifying files though the contractor's use of antivirus software from Moscow-based Kaspersky Lab.
The report may well be true, but, for now, there's no way to independently confirm it. The report is based on unnamed people the publication says had knowledge of the matter, and it provides no evidence to support its claim. What's more, the lack of detail leaves open the possibility that, even if Kaspersky's AV did help Russia home in on the highly sensitive code and documents, the disclosure was the inadvertent result of a software bug and that no one from Kaspersky Lab cooperated with the attackers in any way. Also lost in the focus on Kaspersky Lab is the startling revelation that yet another NSA insider managed to sneak classified material outside of the NSA's network and put it on an unsecured computer. More of this analysis will follow.
...
The takeaway is that, as the Kaspersky Lab statement notes, the WSJ's explosive allegations aren't substantiated with any evidence and, further, they're based on anonymous sources. That means, at the moment, there's no way journalists can independently verify the claims. What's more, the article as written leaves open the possibility that the role Kaspersky AV played in the breach was caused by the same sort of critical vulnerability found in virtually all AV software.
That said, if the allegations are true, they're sure to fuel the already growing concern of Russian hacking, which US intelligence agencies say has attempted to influence the US presidential election and widen political and cultural divides on social media. Additionally, if the allegations prove true, it's almost certainly the end of Kaspersky Lab as it has come to be known over the past decade.
https://arstechnica.com/information-technology/2017/10/the-cases-for-and-against-claims-kaspersky-helped-steal-secret-nsa-secrets/
SergeStorms
(19,204 posts)would buy anti-virus software written in Russia, by Russians?
What the hell are people thinking, or not thinking, to do something as ignorant as that? To save a few dollars over buying from McAfee or Norton? And what the hell is a contractor doing taking classified material to his/her home? Are our spy agencies running on Trump mode, or are they just not paying attention at all? I guess the NSA is too busy spying on Americans to pay attention to little things like internal security.
erronis
(15,371 posts)There's no safety with a Made-In-USA sticker attached. (Actually, probably less.)
Every piece of software that I've been involved with (at the source and library level) is open to manipulation - all the way to distribution via shrink-wrap or MD5-certified downloads.
To say nothing about the routers/modems that most of us use. Or the Bad-USB injections. Or the keyboard loggers.
Oh, I forgot - the banks and credit companies are already stealing everything we care about.
NSA - protect US!
(hah)
SergeStorms
(19,204 posts)but by buying software made in Russia, by Russians, you're more or less asking for problems. If it says "made in the U.S.A." I at least know there's a hint of propriety. The same can't be said of Russian software, or anything made in Russia. I'm old enough to remember Nikita Khrushchev hammering his shoe on the desk at the U.N., the Cuban Missile Crisis, the Cold War etc. and I don't believe Russia is our "friend" for one stinking minute.
Your mileage may vary. Buy whatever you want from whoever you wish.
pnwmom
(109,000 posts)Plenty of Russians are US citizens, and the name sounds like lots of Polish names.
And if you were to look at their website, you would see that they are located in Massachusetts and are a subsidiary of a company in the UK. Would that have alerted you?
Also, it is likely that your computer contained some preloaded software. Are you sure none of it was produced by Kaspersky Labs?
https://usa.kaspersky.com/about/company
Founded in 2004, Kaspersky Lab North America is a Massachusetts corporation and is a wholly-owned subsidiary of its holding company, Kaspersky Labs Limited, based in the United Kingdom.
erronis
(15,371 posts)To this country. Or probably any country. Just money, sex, power, fear, cowardice.
With the tenuous relationships of multi-national corporations and the even more inscrutable linkages between operatives, I wouldn't trust any stamped-on label at all.
I've been trying to track pharmaceuticals over the last few years and I'm convinced that the churn in ownership/patents is mainly to thwart tracking the money and liability.
ffr
(22,672 posts)It's a Russian company. Hmm. Russians are excellent hackers. Homey don't play dat!
LeftInTX
(25,593 posts)I used it from 2010-2014. It was highly rated in 2010. I ditched it for free stuff when I reinstalled Windows.
pnwmom
(109,000 posts)the Russia connection.
https://www.pcmag.com/article2/0,2817,2476367,00.asp
BOTTOM LINE
Kaspersky Total Security is jam-packed with everything you could possibly want in a security suite: Award-winning antivirus protection, a strong firewall, comprehensive parental control, local and online backup, file encryption, and more.
DK504
(3,847 posts)(still reads as mercy to me) as employees is unacceptable. Obviously it doesn't work and has never fucking worked, naturally the morons in the government have continued to use it. How exactly did some tech merchants get software out of the office?
I keep picturing Chelsea Manning in my head. Can't imagine why, what was the name of the other guy that stole state secrets? At this point in time no employee is allowed to bring work home - EVER AGAIN. I don't give a fuck if you have to stay there for a week and smell like a gremlin, I DON" FUCKING CARE.
We are losing and we are losing on a level we could never imagine. The laziness of the feds and the of will of "lawmakers" have put us over a barrel and weakened us to a point I never believed would happen to us. Never.
tblue37
(65,490 posts)benld74
(9,911 posts)We provide IT for many govt agencies.
Base computer images may differ between agencies but 1 thing is a constant.
We control the virus protection
We control the device
We control the access
Without WE they would have NO IT, because they would find a way to muck stuff up
Some how Some way
We wont allow that
We wont let them on our network without
Certain item boxes being check marked
NSA Contractor using Kaspersky?
NOT on our network
ecstatic
(32,737 posts)A couple years ago, I considered using free workplace software offered by a Russian company. Thank goodness I passed on it.
Response to CousinIT (Original post)
Name removed Message auto-removed