
Israel Hacked Kaspersky, Then Tipped NSA Its Tools Had Been Breached - tptacek
https://www.washingtonpost.com/world/national-security/israel-hacked-kaspersky-then-tipped-the-nsa-that-its-tools-had-been-breached/2017/10/10/d48ce774-aa95-11e7-850e-2bdd1236be5d_story.html
======
erdojo
This is what I read between the lines:

An NSA spook was working on his home laptop and playing around with some
special NSA malware.

Kaspersky AV detected it - AS IT SHOULD - based on heuristic or behavior-based
technology that just about every modern AV has.

The data was sent back to Kaspersky servers. This is also how everyone else
does it, because this is how A/V companies create signatures that are pushed
out to all other people who use Kaspersky so they can be protected against
malware that could quickly go viral.

Israelis were poking around KAV servers and found the malware, and told the US
Gov.

Those are the facts, right? Everything else is speculation, no? Did I miss
something that proves the thesis of the story and the government accusations?

~~~
jwilk
Wait, does it really send (suspected) malware home, without asking the user?

~~~
Stranger43
Yes it's among most antivirus packages advertised features. And example from
everyones favorite anti virus vendor
[https://home.mcafee.com/Secure/CloudAV/HowItWorks.html](https://home.mcafee.com/Secure/CloudAV/HowItWorks.html)
but they all market a similar feature.

------
_m96l
Kaspersky has been known to collaborate with the Russian government and
promote Russian interest. They've actively pursued state actors that are
hostile to Russian interest, for example The Equation Group
([https://en.wikipedia.org/wiki/Equation_Group](https://en.wikipedia.org/wiki/Equation_Group)),
which wouldn't be an organic part of the function or activities of a normal
civilian cyber-security company. Such an "innocent" company would have no
reason to get involved in cyberwarfare between state-actors, while Kaspersky
is heavily involved in such activities and pouring considerable resources into
them. This is especially damning since they are clearly targeting state-actors
that are antagonistic to Russian interest, such as the US (Equation Group) and
its allies (Israel), yet are totally silent on pro-Russian activity.

For anyone who's been at all aware of its history, it is clear that Kaspersky
is at the very least actively collaborating with the Russian government, most
likely doing its bidding, and possibly can be described as a cyber-security
arm of Russian security forces.

I'm honestly surprised their products aren't already banned across all US
government agencies.

~~~
carvalho
Way down this thread, so time to ask the question: Do American anti-virus,
social media, and search companies do exactly the same, but for the US
military?

I've always found it suspicious that Russia and China created their own social
networks, email providers, and search engines. Almost like they know the power
of a capable search engine or social network for intelligence gathering
purposes.

Google and US anti-virus companies must work closely with the NSA too.

> Kuok repeatedly expressed fears that he might be dealing with an NSA, CIA or
> FBI agent, but continued to negotiate with the undercover officer, even
> cautioning him to avoid referencing the items by model number in e-mail,
> because "your country has this system to analyze" e-mail for keywords.

[https://www.wired.com/2010/05/kuok](https://www.wired.com/2010/05/kuok)

Also after the "theft" and premature release of Stuxnet by Israel, I wonder
how strong the collaboration between the US and Israel is.

> A 43-year-old former Akamai employee has pleaded guilty to espionage charges
> after offering to hand over confidential information about the Web
> acceleration company to an agent posing as an Israeli consular official in
> Boston.

[https://www.pcworld.com/article/239187/akamai_employee_tried...](https://www.pcworld.com/article/239187/akamai_employee_tried_to_sell_secrets_to_israel.amp.html)

> Facebook, for example, previously announced its DeepFace facial recognition
> system is capable of determining with 97 percent accuracy whether two images
> are of the same person. The company, which itself is accustomed to criticism
> that it views users as guinea pigs, is able is make such accurate
> identifications because of the network of images from which it draws,
> something that could take police agencies a decade or more to build up.

Snowden worked for Dell as a cover for his intelligence work. Russia told
their military to move off Linkedin the moment it got acquired by Microsoft.
Do Dell and Microsoft work closely with the DoD and should this concern non-US
citizens that rely on their software and hardware?

[https://techcrunch.com/2016/08/15/mapping-israels-
marketing-...](https://techcrunch.com/2016/08/15/mapping-israels-marketing-
technology-industry/)

~~~
yters
Facebook has CIA related people on its board.

~~~
borispavlovic
Really? Which ones?

~~~
amdavidson
Poster is probably referring to Peter Thiel who's company Palantir was funded
through CIA contracts.

------
apexalpha
Our company uses the enterprise version of Kaspersky. But if we drop this over
surveillance issues then it would be a pretty hypocritical to switch to AV
software from the USA. Since they are proven to do the exact thing that
Kaspersky is now suspected / blamed of doing.

So, fellow Europeans, what now? Avast? Any other options?

EDIT: Ok so I found a pretty useful Wiki list[1] with European made AV
products. I haven't used them so I can't judge to their effectiveness,
especially the enterprise versions. But here are some alternatives to US / RU
anti virus suites.

Czech Republic: AVAST, AVG, TrustPort

Finland: F-Secure

Germany: Avira, G-Data

Iceland: FRISK (F-PROT)

Romania: Bitdefender

Slovakia: ESET

Spain: PANDA security

[1]
[https://en.wikipedia.org/wiki/Comparison_of_antivirus_softwa...](https://en.wikipedia.org/wiki/Comparison_of_antivirus_software)

~~~
thewhitetulip
Use Linux :) there is no other option

~~~
partycoder
Many open source projects are infiltrated. You may use Linux but if you run on
x86 you are already owned.

~~~
SEJeff
Not via Linux, but via the IME that Intel puts on every CPU with full access
to all memory and the network cards.

~~~
partycoder
One source of entropy in Linux is the RDRND instruction. If you control or
predict its output you can do a lot of harm.

~~~
SEJeff
It really depends on a lot of the software as well. Linux doesn't inherently
trust just the CPU instructions for entropy. In fact, it recently borrowed a
new feature from OpenBSD and added it called getrandom():

[https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895)

------
r721
Article from 2015: "Israel, NSA May Have Hacked Antivirus Firm Kaspersky Lab"

[https://www.tomsguide.com/us/kaspersky-hack-israel-
nsa,news-...](https://www.tomsguide.com/us/kaspersky-hack-israel-
nsa,news-21084.html)

------
geofft
So, if I understand this right... some NSA TAO employee was doing work on
their home computer (???), where they installed Kaspersky AV (reasonable), and
Kaspersky promptly identified the malware _they were working on_ as malware
and uploaded it?

And then Israel hacked Kaspersky 'cause that's what they do or something,
found the NSA development malware, and was like "Hey NSA, you should figure
out how this got here"?

This seems like a very different story from any of the Kaspersky stuff I've
been hearing. I'm sort of surprised Kaspersky had servers vulnerable to
Israel, but I'm _really_ surprised it was acceptable for NSA TAO employees to
do work on their personal machines. I merely work in algorithmic trading, and
everyone in the industry is paranoid about code leaving the building (at least
one employer I know of straight-up doesn't have a VPN at all, from what I've
heard). How is _the NSA_ not as paranoid here?

~~~
EthanHeilman
>Kaspersky promptly identified the malware they were working on as malware and
uploaded it?

If the news story is to be believed, Kaspersky was scanning for classified
data using US intelligence codewords as a selector.

>I'm sort of surprised Kaspersky had servers vulnerable to Israel

I'm not, everyone's servers are vulnerable. Intelligence agencies can buy
exploits. If they want in, they get in.

>but I'm really surprised it was acceptable for NSA TAO employees to do work
on their personal machines.

I don't believe it is allowed. That said controlling access to data is hard,
lots of people probably do work at home with classified stuff when they are
told they shouldn't.

~~~
comex
> If the news story is to be believed, Kaspersky was scanning for classified
> data using US intelligence codewords as a selector.

Assuming you mean the linked article, it doesn’t say that. It says that
Kaspersky uses “silent signatures”, which are supposed to be indicators of
malware, but could hypothetically be adapted to search for classified data
instead. But it doesn’t allege Kaspersky was actually doing that.

(edit2: But the NYT report [2] does seem to allege that! This reporting is
such a mess…)

Apparently, silent signatures are a technique to test new signatures where
instead of blocking files with the signature, the AV reports the finding back
to a server, allowing the vendor to identify false positives before fully
deploying the signature. The question is _what_ exactly Kaspersky is/was
reporting to their server. I googled ‘silent signature’ and found a patent
[1], issued to Kaspersky, which describes sending only hashes of the
executable with the signature. But this article seems to suggest that they
were sending the executable in full - at least if the leak of NSA tools
occurred via that mechanism. (The article doesn’t say it did, but it sounds
like a plausible route for a customer’s executable to find its way to
Kaspersky’s network.) If this is the case, it sounds extremely troubling from
a privacy perspective even without any intelligence services getting involved.

edit: Actually, I think the body of the patent does disclose sending the whole
file to a server, which isn’t mentioned in the summary. The text is a little
vague, though.

> If no threat is detected in step 720, statistics regarding the executable
> file and the frequency of launches of the executable file are collected in
> step 740. Then, in step 750, the file is downloaded and sent for a further
> analysis in step 760. After the analysis, either a white list or black list
> can be updated with a signature of this executable file.

[1]
[https://www.google.com/patents/US20110126286](https://www.google.com/patents/US20110126286)

[2] [https://www.nytimes.com/2017/10/10/technology/kaspersky-
lab-...](https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-
russia-hacking.html)

~~~
lysp
> But this article seems to suggest that they were sending the executable in
> full

It doesn't necessarily need to be an executable.

Imagine this filter:

\- File type: __.docx

\- Silent Signature: "TOP SECRET//COMINT//NOFORN"

That means all word documents with:

\- the " _top secret_ " classification

\- in the " _Special Intelligence(ComInt)_ " area

\- marked as " _No Foreign Nationals_ "

will automatically be sent back to servers for review.

~~~
geofft
Why the heck is a file that says "TOP SECRET//COMINT//NOFORN" on anyone's
personal laptop? Isn't that, like, not just a firing offense but also a
criminal offense?

Again, in my industry I'm not allowed to take code home with me; I have to
remote into work and edit it on my work desktop. And the worst-case scenario
of code leaking is basically that a competitor makes money that we would
otherwise have made. Can't people who literally have (in their belief, at
least) the fate of the free world in their hands be at least this careful?

------
apexalpha
I guess Kaspersky is rumoured to be to the Russian government what Apple /
Google / Microsoft / Facebook are proven to be to the US government.

Secret FISA courts rule away all of your basic privacy rights? Fear not.
Russia is the enemy.

~~~
nasredin
Correct. Russia IS the enemy.

Secret warrants by a secret court is also the enemy.

One is just more important and dangerous than the other (look out of the
window).

Perfect example of whataboutism BTW.

~~~
jstanley
> Russia IS the enemy

In what sense?

~~~
pas
In a very direct sense.

It's a de facto totalitarian dictatorship. Its proliferation harms human
rights, poses real danger to Ukraine, claims lives. (
[https://en.wikipedia.org/wiki/Casualties_of_the_Ukrainian_cr...](https://en.wikipedia.org/wiki/Casualties_of_the_Ukrainian_crisis#Total_deaths)
, corruption also claims lives
[https://www.youtube.com/watch?v=3eO8ZHfV4fk](https://www.youtube.com/watch?v=3eO8ZHfV4fk)
)

~~~
jstanley
But you could say much of the same about the US.

~~~
pas
Much of the same?

Do you refer to military intervention in Iraq, Afghanistan, Yemen, Syria, ...?

Do you dispute that these countries/areas are/were different from Ukraine?

------
harry8
Israel (Mossad?) can hack something in Russia, see tools and recognise those
tools as top secret NSA gear. Do you wonder how they made that recognition?
Were they shared with Israel so they knew, in which case the source could have
been Israel being hacked, right? Or they knew because hacking the NSA is
something multiple nation states have done. I'd be completely amazed if the
NSA wasn't absolutely full of spies acting for foreign powers and organised
crime.

At this point should you just fire everybody in the NSA and start again? If
not, why not? I'm struggling to see genuine competence in improving the
security of Americans amongst the constitutional attacks on the citizenry,
attacks which most definitely have the opposite effect.

~~~
dotancohen
I can look at a Git commit and tell you exactly which of my coworkers wrote it
without looking at %cn. Code has style, like spoken language has accents.

One could argue that e.g. German spy tools copy the American style so that
those decompiling it will think it is American. I argue that is a lot harder
that it sounds. Code style is much deeper than whether or not to use braces
around lone if clauses. The whole way of thinking, layout of data structures,
use of getters/setters or properties, breakdown of what goes where and into
which classes, breakup of large methods, etc etc etc. These signatures and
many more give one a feel for the software's origin. Not proof, but a very
solid foundation for suspicion.

~~~
shagie
You might find De-anonymizing Programmers via Code Stylometry (
[http://www.princeton.edu/~aylinc/papers/caliskan-
islam_deano...](http://www.princeton.edu/~aylinc/papers/caliskan-
islam_deanonymizing.pdf) ) an interesting read.

I suspect that coding style guides are detectable in compiled output too.

As an aside, a bit that caught my eye here:

> This material is based on work supported by the ARO (U.S. Army Research
> Office) Grant W911NF-14-1- 0444, the DFG (German Research Foundation) under
> the project DEVIL (RI 2469/1-1), and AWS in Education Research Grant award.

~~~
jaclaz
>I suspect that coding style guides are detectable in compiled output too.

I strongly doubt that (while I concur that source coding style is often
recognizable).

More or less a decompiler (when it works properly) attempts to interpret the
machine code and translate it into the source. In order to do so, it must have
some "templates" corresponding to regognizable "patterns" in the code, so the
source derived from the decompilation will reflect these templates and not the
"original".

------
hugh4life
Kaspersky Finds New Nation-State Attack—In Its Own Network

[https://www.wired.com/2015/06/kaspersky-finds-new-nation-
sta...](https://www.wired.com/2015/06/kaspersky-finds-new-nation-state-attack-
network/)

"There was one victim, however, that didn't fit the profile of other targets.
Raiu says this was an international gathering for the 70th anniversary of the
liberation of the Auschwitz-Birkenau concentration camps"

"But perhaps the most interesting targets were the venues hosting the P5+1
meetings. P5+1 refers to the five permanent members of the UN Security Council
plus Germany, who have been in negotiations with Iran over its nuclear
activities."

------
AKifer
In fine, that NSA is not that super agency filed with very talented n
math/crypto/cs people like the majority depict in their mind. They are
employing average folks who use average tools and get caught by average
issues. The only difference might be that they are educated and trained to be
very efficient at doing one very specific job and that's all.

~~~
keyme
It's the same with any such "mystical" organisation. There are no Hollywood
super-humans anywhere. It's regular people cooperating and doing their jobs
all the way down.

------
tvaughan
I can't recommend Empty Wheel enough for in-depth analysis on these stories.
For example: [https://www.emptywheel.net/2017/10/11/on-the-kaspersky-
hack/](https://www.emptywheel.net/2017/10/11/on-the-kaspersky-hack/)

These stories still are almost certainly revealing just a fraction of the
story. All ignore Kaspersky’s reports laying out US and allies’ spying tools
(explaining why Israel might hack Kaspersky and share the details, if not the
work). And the most logical explanation for the FSB démarche is that Kaspersky
— as they said at the time — reported the hack to their relevant law
enforcement agency, which is the FSB, who in turn yelled at the CIA.

See also:
[https://news.ycombinator.com/item?id=15441516](https://news.ycombinator.com/item?id=15441516)

------
tptacek
It would be really surprising if Kaspersky survived this.

~~~
DigitalJack
Do you mean the company or the man?

~~~
tptacek
The company. The man will be fine.

~~~
katastic
Tell that to McAfee

~~~
astura
What about McAfee? He divested from the software/company shortly after it was
created. He has a colorful personal life, but I doubt that has much of
anything to do with the software that he hasn't been involved with for a
around 2 decades.

(Other than the software made him rich/a minor celebrity.)

~~~
thephyber
> He has a colorful personal life

I think the gp was referring to what accusations people have made of McAfee
since he sold the company.

Showtime aired up a documentary[1] about him. I think "colorful personal life"
can only be interpreted as a euphemism since he was accused of murder, rape,
running a local armed gang, fleeing the country from the police, etc.

I have no reason to believe Kaspersky will have similar issues as I suspect
McAfee was eccentric from the start.

[1] [http://www.sho.com/titles/3437264/gringo-the-dangerous-
life-...](http://www.sho.com/titles/3437264/gringo-the-dangerous-life-of-john-
mcafee)

~~~
koolba
He also ran for POTUS as a Libertarian.

~~~
jmkni
He was born in Scotland so that was never going to work, lol

~~~
kevinmchugh
Born on an Army base to an American father. John McCain was born under similar
circumstances, Ted Cruz and George Romney were both born abroad and neither
was seriously considered disqualified. The only difference between McCain and
McAfee afaict is both McCain's parents were US citizens at the time of his
birth. That may be relevant, that part of the law can change, but simply being
born oversees doesn't stop a person from being a "natural-born citizen".

~~~
jmkni
Didn’t know that, cool!

I’m not American so not that clued up on the specifics.

~~~
astura
Its a common misunderstanding among Americans "you have to be born in the US
to become president." I'm not sure where that came from but it's not exactly
true. The Constitution says you have to be a "natural born citizen" to become
president. "Natural born citizen," however, is _not_ defined.

IMO, I think the reason it wasn't defined is because the meaning is obvious,
there's two ways to be a citizen, - by birth ("natural") or by naturalization.

Tons of discussion on the topic here: [https://en.wikipedia.org/wiki/Natural-
born-citizen_clause](https://en.wikipedia.org/wiki/Natural-born-
citizen_clause)

As mentioned above, Ted Cruz was a serious contender for POTUS yet was born in
Canada as well as George Romney, who was born in Mexico. Those two about as
close as we got to "settling" the issue.

John McCain was born in the Panama Canal Zone which, at the time, was an
unincorporated territory of the United States. Does that "count" as being "the
United States" if you're going to interpret "natural born citizen" that way?
People may disagree. They also may disagree if military bases "count" the same
way as the Panama Canal Zone.
[https://en.wikipedia.org/wiki/Panama_Canal_Zone#Citizenship](https://en.wikipedia.org/wiki/Panama_Canal_Zone#Citizenship)

US Senate passed a non-binding resolution that McCain was a "natural born
Citizen" of the United States.

There have been several Presidents who have one non-citizen parent, the most
recent being Barrack Obama.

------
home_boi
Note that Windows Defender also uploads files on scans which is opt out.

~~~
tptacek
All the mainstream endpoint protection software does this, so if you're going
to run it at all --- don't --- you're going to have to pick which company you
trust not to do what Kaspersky apparently did.

~~~
cpach
This makes me curious. How many companies in the Fortune 500 are going without
AV software on their Windows PCs? AV software surely is crappy, but it still
seems to be standard within a big majority of the large corporations.

------
bhouston
What is the timeline on this? If Israel knew this in 2015, why is Kaspersky
tools just being banned in the US now? Was this only shared recently?

~~~
zeveb
> If Israel knew this in 2015, why is Kaspersky tools just being banned in the
> US now?

Now _that_ is an excellent question. Why didn't the Obama administration do
more to protect U.S. government computer systems from this threat?

------
joewee
Perhaps he/she had the data on a SAN while performing development from a more
“secure” computer and one of his personal computers with AV installed was
connected to the same SAN. A likely scenario as far as scenarios go.

~~~
devoply
One other possibility is that Kaspersky stole nothing, that it found the
malware on computers it was tasked with protecting. And one should wonder did
they add signatures to their A/V product to find and protect against this
malware or not?

~~~
tptacek
NYT:

 _Israeli intelligence officers informed the N.S.A. that in the course of
their Kaspersky hack, they uncovered evidence that Russian government hackers
were using Kaspersky’s access to aggressively scan for American government
classified programs, and pulling any findings back to Russian intelligence
systems. They provided their N.S.A. counterparts with solid evidence of the
Kremlin campaign in the form of screenshots and other documentation, according
to the people briefed on the events._

As reported, this isn't incidental collection.

~~~
seabird
That paragraph reeks of either journalistic license or a journalist who
doesn't seem to understand what antivirus does.

 _Every_ antivirus program aggressively scans for malicious programs and sends
them back to the security firm for inspection and creation of fingerprints. If
the collection wasn't incidental, what mechanism could the FSB exploit to non-
naively identify tools that it didn't already have, and flag them for
retrieval?

~~~
tptacek
Your comment doesn't really say anything. Obviously, most AV software relays
files back to the AV vendor's servers. But that's not what this graf implies.
The graf suggests that Russian hackers are sending selectors down to the
installed base of AV software to retrieve specific files, and that, once they
obtained files that way, they passed the files on to Russian intelligence.

~~~
seabird
You seem to miss the part where I say

>If the collection wasn't incidental, what mechanism could the FSB exploit to
non-naively identify tools that it didn't already have, and flag them for
retrieval?

Emphasis on "non-naively." Antivirus seems like a highly ineffective tool for
espionage of the sort being claimed in the article. You either have to blindly
fish for something or already have a fingerprint of what you're looking for.

~~~
tptacek
Obviously, they have fingerprints of what they're looking for.

~~~
seabird
To have a hash of a file, you need the file (or a large portion of the file),
especially in the context of antivirus, which searches for very specific files
and needs to have a very low false positive and false negative rate.
Consequently, they would already have to have the tool (or a large portion of
the tool) to find it and retrieve it. A little non-productive, don't you
think?

Saying that they "obviously have fingerprints of what they're looking for" is
an active attempt to make the events fit a narrative.

------
myegorov
Why would anyone unaffiliated with NSA be alarmed that its tools had been
breached? What legitimacy does it have at this point? Serious question.

~~~
pgeorgi
The NSA is angry that their toys were lost because of their incompetence of
using a tool that was just doing its job (to find malware) on a system that
also hosted their secret toys. They're even more angry that they didn't notice
themselves so their buddies from Israel had to tell them. _That_ must have
burned.

Since the cover-up among relevant folks failed, and since Russia is slowly
elevated to "not really friendly" status again by the US gov't, there's a
great opportunity by the US deep state to send a big f*ck you to Kaspersky for
their impertinence of doing their job.

~~~
willstrafach
> The NSA is angry that their toys were lost because of their incompetence of
> using a tool that was just doing its job

That is not true at all. The software was run on an employee’s home computer,
who had illegally brought classified content home.

------
mankash666
Which antivirus should I use? "Find & Replace" Kasperskey with McAffe and FSB
with NSA, you end up with American 3 letter agencies that have all your data.
Every company has a home country, and every country a rule to decipher data.

------
rwz
At this point you just assume that any sufficiently large company based in
Russia with capabilities of misusing their power in a way to profit Russian
state government will be coerced into doing so or go out of business at some
point. Russian thugs have no issues applying pressure till the victim
collapses or agrees to cooperate even against their interests. I lived in
Russia for 25 years and I saw that happen many times.

~~~
wallace_f
Unfortunately, it does happen here as well(1,2).

1-[https://theintercept.com/2017/10/10/recordings-capture-
bruta...](https://theintercept.com/2017/10/10/recordings-capture-brutal-fbi-
tactics-to-recruit-potential-informant/)
2-[https://www.theguardian.com/technology/2013/aug/08/lavabit-e...](https://www.theguardian.com/technology/2013/aug/08/lavabit-
email-shut-down-edward-snowden)
3-[https://en.m.wikipedia.org/wiki/Marvin_Heemeyer](https://en.m.wikipedia.org/wiki/Marvin_Heemeyer)

~~~
theylon
If your company is in Russia, China or the US, and the government in that
country has any interest in the data you collect, you will have to give it
away. In Russia and China they just do it, in the US it's a matter of
"National Security". I'm not sure why this would surprise anyone - maybe
because most of us are on the side of the latter.

~~~
rtpg
Russian and China coercion are on a completely different scale, and we all
know it. Especially after the Snowden backlash.

Imagine any major Chinese IT company pushing back against government requests
like Dreamhost did. Even the biggest ones can't/won't. It helps that the
government is a huge investor in most of them, of course.

"Chinese IT company rebuffs government demand for user information on its
website". This headline does not exist.

~~~
geowwy
A lot of that is because Russia and China don't feel very secure compared to
the US for various historical/geopolitical reasons. The US govt is known to
act ruthlessly when it feels there's an existential threat.

~~~
foxhedgehog
As a Ukrainian Jew, the idea that Russia doesn't act as, if not more,
ruthlessly than the U.S. is pretty laughable.

~~~
AtlasLion
As an Arab Muslim, the idea that the US is any better is laughable.

~~~
foxhedgehog
You must not live in Afghanistan.

------
JBSay
What a wonderful Orwellian world we live in! Government agencies that develop
dangerous hacking tools which end up in the wild are the good guys and the
anti-virus company who finds them out is the vilain of the story.

------
tesnic
Interesting that Check Point Technologies use(d) Kaspersky AV engine embedded
in its UTM platforms for many years up until the US government mandates this
year (resulting in a non KAV install option). Check Point trust them but not
the US government.

------
bayouborne
So, Israel Hacked Kaspersky, and discovered Kaspersky had been helping hack
NSA tools, which in part show NSA was hacking Iran..

------
jpelecanos
Is the Unit 8200 involved in this operation?

~~~
leroy_masochist
Given that 8200 is their unified SIGINT enterprise, yes.

------
bitL
So everybody is spying on everybody. How can we use that to our advantage?

------
miaklesp
I world prefer to keep distance from US government rather than Russia/China. I
do not have any activity in those countries and this is irrelevant to me
whether they have profile on me or not.

------
bitmapbrother
Kaspersky should spin this into an ad campaign on how their machine learning
malware A.I uncovered secret NSA malware and uploaded the files for analysis,
thus, preventing another Stuxnet/Olympic Games outbreak.

~~~
peteretep
There's no realistic spin for Kaspersky for anyone who wants to protect their
data from the Russian government. True or not, the reputational damage is
complete.

~~~
olivermarks
"Israeli government hackers saw something suspicious in the computers of a
Moscow-based cybersecurity firm: hacking tools that could only have come from
the National Security Agency".

The Israelis seem to be able to poke around on other people's servers whenever
they want....

~~~
wolco
I think that is the message being missed. They are poking around American
servers as well. Future problem I guess.

------
hourislate
It seems very plausible that the FSB is using Kaspersky to alert them every
time the software finds something of interest. It would then make further
sense that the FSB would locate the target and investigate. It's probably how
they found this NSA Employees PC. Entry to the device was probably rather
simple since they already had some level of access through the Kaspersky
product.

Quite brilliant to use a popular Anti Virus software to scan millions of
computers for interesting software. The FSB probably couldn't believe its luck
when they found this target. I am in disbelief that the US Government would
even use Kaspersky in the first place. I am just a simple consumer and would
never trust their software knowing how the Russian system operates. There is
no such thing as independence from oversight.

Leave it to the Jews to figure all this out. Super smart, it's in their
genetics.....Bravo...

