
CIA created code to impersonate Kaspersky Lab: WikiLeaks - mediawatch
https://www.itwire.com/government-tech-policy/80740-cia-created-code-to-impersonate-kaspersky-lab-wikileaks.html
======
tareqak
Given that [https://www.scientificamerican.com/article/how-cia-fake-
vacc...](https://www.scientificamerican.com/article/how-cia-fake-vaccination-
campaign-endangers-us-all/) happened as well, this allegation is sadly
unsurprising and probably true.

Can Kaspersky Lab sue the CIA / the US government for hurting their reputation
/ business in this manner?

~~~
londons_explore
Sure they can try... Chance of winning in a USA court.. near zero. Chance of
winning in a foreign court, high, but they'd never get the payout.

~~~
bearbearbear
Suing the CIA is like trying to get revenge on a table saw for cutting your
finger off by punching feeding the rest of your arm into it.

------
codinghorror
How is wikileaks a credible source these days?
[https://www.wired.com/2016/07/wikileaks-officially-lost-
mora...](https://www.wired.com/2016/07/wikileaks-officially-lost-moral-high-
ground/)

~~~
btilly
The fact that you don't like what they do doesn't mean that they don't
accurately report on the information that they receive.

~~~
TehCorwiz
There seems to be evidence that the Clinton emails released by Wikileaks were
edited before release. This would conflict with their stated goals and I think
is what's hurting their credibility the most right now.

~~~
throwahey
There is absolutely no evidence to suggest that (outside of the Clinton camp
and Podesta) and given Wikileaks track record, it's highly unlikely.

~~~
willstrafach
I think some wires are being crossed here, as there has been recent evidence
of modifications to earlier leaks from Guccifer 2.0 of DNC documents. These
were not published by WL but they are often grouped with WL due to Guccifer
2.0 claiming to be a WL source

------
0x0
What's the actual technical thing that happened here? Did they manage to trick
Thawte into issuing real SSL certificates for Kaspersky's internet domains?

~~~
willstrafach
> Did they manage to trick Thawte into issuing real SSL certificates for
> Kaspersky's internet domains?

No, that would be huge news. They just created an invalid self-signed
certificate with a Kaspersky domain in the CN. This would allow their implant
traffic to hide better, as in a program like Wireshark it would just look like
a server downloading some anti-virus updates instead of sticking out as a C2
beacon.

Check out the source bundle - Same can be done to create self-signed
certificates for stealth in other scenarios which may require a different
domain name (For example, if the target uses another program such as Chrome
which periodically contacts a server to fetch automatic updates, it would use
the domain of that server).

There is no significance of Thawte, other than being the CA which Kaspersky
uses. This is to be expected, as the self-signed certificates are naturally
going to need to look like the originals, only differing in keys of course.

------
pleasecalllater
If this is true, the future will be sad. The next time someone will discover a
real problem, people will ignore it.

------
ireallydonot
Who trust CIA after all that they lied to us ? \- I dont

------
petraeus
Good for them?

------
porfirium
Mere mortals trying to understand the inner workings of intelligence agencies
make me cringe.

There are no good boys and bad boys here.

~~~
jmnicolas
I would say there are only bad boys.

------
jasonmaydie
Here comes Wikileaks to the Russia Rescue again. Their reputation is shot
afaik

