
Kaspersky Lab software may be a threat to national security - ytpete
https://www.nytimes.com/2017/09/04/opinion/kapersky-russia-cybersecurity.html
======
deanCommie
Everything the Soviet party told the people about the Soviet Union was a lie.

Unfortunately everything they said about the United States was true.

Things aren't changing.

When I (Russian-Canadian immigrant) visit my family back in Russia they will
spout endless bullshit about how Ukraine shot down that airliner to make
Russia look bad, how the Ukrainian government is fascist and represses the
ethnic Russians, how the US helped the Syrian rebels fake a gas attack and
blame Assad, and so on. And I can argue and bring up counterpoints, but they
just shake their heads and say I'm a naive fool for believing the "Western
propaganda".

But they'll also point to articles like this and ask "What exactly can the FSB
do that the FBI/CIA/NSA could not and have been PROVEN to be doing with
Google/Windows/etc? Should we stop using all American software because the
FBI/NSA may intercept the information/data without a warrant?"

And I have to agree with them saying, yes, the US Government is deeply myopic
and hypocritical.

~~~
danmaz74
"Unfortunately everything they said about the United States was true": more
like, they mixed some truths with lots of lies and exaggerations.

------
holmb
I don't get this. Or at least I am quite uncomfortable with the narrative.

The points being made in the article is that there was an "unequivocal no"
from six top US intelligence officials when asked whether they would be
comfortable with Kaspersky Lab software on their computers. And that these
claims somehow translate into that it is a fact, the author even uses the term
"beyond the evidence".

There is no evidence being presented in the article. At all. Although if the
statement would be that it would pose an increased and unwanted risk for US
agencies to use software developed in Russia, then yes, I would not object.
The same applies in reverse, for Russia, or any other state for that matter,
to use Microsoft/Apple/Google software in critical applications.

The author also claims that "oligarchs and tycoons have no choice but to
cooperate with the Kremlin". But as I understand it (I am not a US citizen)
the US government has the same capabilities when it comes to US based
companies? I specifically remember the Lavabit debacle. Or does the author
insinuate that there is some additional pressure (threat) on Russian companies
to comply?

~~~
smsm42
There are more legal protections in US than in Russia, but ultimately if FBI
wants the company badly and can get either drugs or National Security in the
picture, the company is toast. Well, maybe not if the company is Google or
Apple, but otherwise yeah.

------
dingo_bat
The first line of the article:

> The Kremlin hacked our presidential election

Stopped reading at this point.

~~~
pjc50
Not yet proven, but there are a _remarkable_ number of people around Trump
with ties to shady Russian businessmen.

It may not have been a direct hack of the election either, more the use of
Russian intelligence bot operations running an extremely effective social
media campaign.

~~~
smsm42
Any accusation is "not yet proven". There can be only two states of any
accusation: "not yet proven" and "proven". The one about hacking the election
has never been the latter, and never will be. I think there's a time where you
have to give up on "not yet" and accept the reality. For some people it takes
years or decades or never, of course.

> there are a remarkable number of people around Trump with ties to shady
> Russian businessmen

There are remarkable number of people around anything in US politics with
"ties to shady Russian businessmen". Ever heard, for example, of Podesta
Group? Google who they are and who were among their clients. Check out who of
the former presidents spoke at Russian Renaissance Capital bank for $500K.
Hint: his initials are WJC.

The reason is simple - Russian oligarchy has tons of money and interests in
the USA. So there would be a lot of people willing to take that money and be
around people with influence to prove that they deserve that money.

That, however, has zero relation to "not yet proven" claim that somebody
"hacked election". Because it... Did. Not. Happen.

> It may not have been a direct hack of the election either, more the use of
> Russian intelligence bot operations running an extremely effective social
> media campaign.

In other words, not a hack at all. Otherwise any troll band from 4chan is
"hacking elections".

------
meitham
Imagine the public reaction in the US if the Russian say "Windows might be a
threat to the national security".

~~~
Gatsky
But Windows IS a threat to national security.

~~~
sqldba
It isn't. Not from the perspective being given.

This isn't about "can a company cripple the government", its about "can a
FOREIGN company cripple the government".

So the US is safe with MS at the helm and Russia is safe with Kaspersky at the
helm; but not with each other's software.

And frankly after dismissing my own knee jerk reaction, I agree. Yes it's
ridiculous we're at the point where we can't trust non-free software and most
modern hardware - but that's where we are. Bring on the 2100's.

~~~
denzil_correa
I think that's exactly the point being made - Windows is a threat to Russia's
national security.

Or did I misread the parent?

------
geowwy
The opening line has a Red Scare feel to it, and sure enough the author is a
Democratic senator.

Still you'd be stupid to believe Kaspersky Lab doesn't have ties to the
Russian state.

~~~
sqldba
They can be forced by the nation they are in to work against other nations -
something I feel like the US pioneered and continues to push. It isn't nice
but it does have a beautiful feeling of karma to it.

------
seabird
I'm more than ready for this Russian hacking sensationalism to wind down. This
is a conspiracy theory that's approaching the same level of ridiculousness as
the one surrounding Obama's birth certificate; we have this entirely unfounded
claim that two unidentified, unfathomably sophisticated attackers have somehow
been _positively_ linked to the FSB through unspecified, "magic" means, and
that the usage generic tools/software originated in and used throughout
Eastern Europe is somehow concrete "proof" of this. I could also posit that
the Russian interference was orchestrated by Vince McMahon, and it's been him
all along. Until intelligence agencies present an actual smoking gun, all we
have is a lot of smoke and mirrors.

I would be fine with the nutters carrying on with this conspiracy theory (more
concern for national security and voter verification is not a bad thing,
although these same nutters are generally only advocates for these things when
Trump is involved), but blind "Red Scare" type FUD is not the right approach.
Kaspersky has offered complete access to the source code of its products for
use in a clean build process controlled by the US government. This is not a
winning strategy if your company's endgame is to infiltrate US government
systems.

------
danmaz74
In Putin's Russia no big company can afford to not be close to Putin. Those
who aren't get bought out or simply dispossessed (just look at VKontakte,
Yukos and many other ones).

This might sound like "red scare", but, just like I would never use Google
Mail if I were working for the Russian government, I would never use Kaspersky
software if I was working for the US (or any other NATO) government.

~~~
balladeer
This is true (or partially true) for many states.

Turkey might already be there and a country in Asia is inching closer to it
(no, I don't mean China).

------
tclover
"may be". Or may be not. We don't know for sure yet but we sure want more
clicks.

~~~
vesinisa
This is an op-ed by a senator published by the NYT. I think the title
adequately reflects the core message.

------
smsm42
OK, so the article claims Kaspersky developed software that FSB uses and
helped them to do whatever they do. Now, how evil is that?

Well, I may have developed software that FSB uses too. I don't know for sure,
but I participated in a number of widely used open source projects, and given
how big FSB is, it's not impossible somebody somewhere there uses one of them.
Thus, I apparently am kinda Russian spy?

Also, Kaspersky cooperated with FSB in their enforcement activities. Nothing
US security company would ever do, I mean cooperating with law enforcement?
Are you kidding me?! OK, FSB is not you common law enforcement. Probably not
all of these activities are what we'd call good, and some of them what we'd
call pure evil. But using somebody's technical expertise does not
automatically make all products by that company somehow insecure. If they
specifically did the evil stuff - yes, maybe - but then dig up which stuff
they did and show the specifics! So far the only specific activity mentioned
was fighting DDoSers, which is not exactly evil.[1]

I mean, maybe Kaspersky _is_ a Kremlin puppet. Or maybe not. I have no
slightest idea. Maybe it's a good idea not to use software from the company
which is in a total grasp (as any company in Russia) of a large geopolitical
foe for critical infrastructure. Certainly sounds like a good idea. But this
article spends so much text on not adding anything to this obvious idea but
vague innuendo and describing common things in menacing tone. Very common to
the general journalistic treatment of the Red Scare 2.0 we're observing right
now and it gets more tiresome by the day. I'm not even defending Kaspersky
here, I am defending minimal standards in reporting tech stuff.

[1]
[https://www.bloomberg.com/news/articles/2017-07-11/kaspersky...](https://www.bloomberg.com/news/articles/2017-07-11/kaspersky-
lab-has-been-working-with-russian-intelligence)

------
Dolores12
Having backdoor in CPU is more dangerous threat than random software i can
uninstall. When will they cover that story?

------
mikorym
More like: "National security software is a threat to national security. Oh
yeah, and also Kaspersky."

------
gardnr
Wasn't this a story two weeks ago? Am I the only one that reads the inquirer
anymore? [https://www.theinquirer.net/inquirer/news/3016108/us-
governm...](https://www.theinquirer.net/inquirer/news/3016108/us-government-
admits-that-fbi-is-urging-firms-to-ditch-kaspersky-software)

------
wheresvic1
I think it's high time that companies seriously considering using linux as
their default OS. It has come a long way and it would be really easy to
standardize a distribution based on hardware requirements.

I'm not arguing that linux is immune from backdoors and the like, but a
comprehensive security audit for all new software could potentially be done.

