
Kaspersky: The Russian Company That Is a Danger to Our Security - scdoshi
https://mobile.nytimes.com/2017/09/04/opinion/kapersky-russia-cybersecurity.html
======
nxc18
While its certainly true that we need to worry about these Russian products,
the damage that the NSA has done is enormous.

Can I trust Cisco VPNs? Can I trust Windows? Can I trust my router? The NSA
opens boxes in shipment to break their security, and they have the resources
to do a lot more.

Unfortunately for us in the U.S., the NSA threat is a real one, not a
hypothetical.

And a question for the people who know more than me: is there any IT vendor
who hasn't been corrupted by the NSA, the Russians or the Chinese?

~~~
bayesian_horse
The reason you "know" the NSA is a threat is because of the increased
"transparency" of western democracies.

There is no transparency in Russia. In a system of kleptocracy, bribery and a
questionable judicial system, there is no boundary between state actors and
any "private" corporation. If the FSB asks Kasperski for help, they can't say
no, and they won't tell.

If given the choice, I'd still rather trust American intelligence services. In
fact, I do believe American products to be safer in this regard.

~~~
Shank
> The reason you "know" the NSA is a threat is because of the increased
> "transparency" of western democracies.

The reason why we know so much about what the NSA does is because a few NSA
contractors have broken the law (for good or for ill) and leaked classified
information about operations. Without leaks, there would be no information
about what NSA does or doesn't do.

The only difference between NSA and FSB is that FSB hasn't used as many
contractors and hasn't had as many leakers in Snowden-like positions.

~~~
bayesian_horse
Leakers, and the ensuing discussion and spread of the leaked information, is
part of the western culture of transparency.

Of course government agencies don't want to expose their secrets voluntarily.
They have to be dragged into the open kicking and screaming. Doesn't mean that
they aren't, though.

~~~
0xbear
It's so much part of a "culture" that one of the leakers is only safe in
Russia, another spent five years in solitary confinement, and yet another is
holed up in an embassy to avoid extraordinary rendition. Some "culture" there.

~~~
bayesian_horse
Julian Assange is no leaker. He doesn't even have a good reason to pretend he
is being persecuted.

------
agarden
One can easily imagine reading an article like this published on a Russian
site, with 'Kaspersky' replaced with 'Symantec' and 'FSB' with 'NSA'.

~~~
mc32
TBH, regardless of the NYT and their recent "red-scare", I'd be concerned with
using them on sensitive systems -because either knowingly or unwittingly they
could have FSB moles working for them.

~~~
bayesian_horse
You really don't need FSB moles if the property and even personal survival of
the CEO is in the hands of an authocratic regime.

No Russian citizen in Russia, especially not anyone with any kind of wealth,
can deny the government's requests. Whether the influence on Kasperky is from
the top or only starts further down the chain, is more of a stylistic aspect
of handling intelligence assets...

~~~
agarden
This, too, is not unique to Russia. Joseph Nacchio was CEO of Qwest[1] when he
refused to hand things over to the NSA. Lucrative government contracts were
then dropped, Qwest's earnings took a hit, and Nacchio was subsequently
prosecuted for insider trading. As I understand it, the accusation was that he
knew they were not going to meet their earnings forecast and his contention is
that he did not because the government contracts being dropped was a surprise
to him.

"Since being freed in September 2013, Nacchio, 65, has repeatedly denied he
engaged in insider trading, arguing that he thought Qwest had opportunities to
get federal contracts that would have boosted its revenue, but those
opportunities were withdrawn after the company's alleged refusal to cooperate
with a National Security Agency surveillance program.

Nacchio has suggested repeatedly that the government's prosecution of him was
payback for not helping the NSA."[2]

Even if it turns out that Nacchio really is guilty of insider trading and the
government did nothing untoward, one can see how easy it would be for the US
government to destroy the life of a CEO they find uncooperative.

1\.
[https://en.wikipedia.org/wiki/Joseph_Nacchio](https://en.wikipedia.org/wiki/Joseph_Nacchio)

2\. [https://www.bizjournals.com/denver/news/2015/04/29/joe-
nacch...](https://www.bizjournals.com/denver/news/2015/04/29/joe-nacchio-
speaks-out-on-prison-broken-justice.html)

~~~
bayesian_horse
That seems to be a rather particular case, of which the details are not
publicly known. It could easily be that the NSA had a particularly good reason
to withdraw the contracts, and obviously the company didn't have a right to
these contracts in the first place, or the NSA wouldn't have been able to stop
them.

On the other hand, the NSA is not controlled by the government, at least not
to the level of individual prosecutions, investigations or contracts.

------
downandout
Despite its statement of fact in the title, this is in the opinion section and
is riddled with innuendo, inaccuracies, and fearmongering, starting with the
oft-repeated and incorrect idea that Russia "hacked our election". This is of
course not the case - some email was hacked and it exposed some of the
illegal/unethical dealings of a candidate. Had the leaked emails all been
about how hard that candidate was going to work for the American people,
perhaps the result would have been more to the liking of the author of this
piece.

Perhaps it is a bad idea for the US government to use Kapersky software, and
perhaps it isn't. I wouldn't be able to determine that by reading this
opinion, because it contains no facts backing up the author's fears.

~~~
dkural
The NSA disagrees with you. Voting software suppliers and local election
officials were targeted, not just DNC emails.

[https://theintercept.com/2017/06/05/top-secret-nsa-report-
de...](https://theintercept.com/2017/06/05/top-secret-nsa-report-details-
russian-hacking-effort-days-before-2016-election/)

I do agree with you that without firm evidence & legal framework, the
government should not victimize private business interests.

~~~
downandout
According to this article, voting machines were targeted, but it seems very
unclear as to whether or not those attempts were successful or had any effect
on anything at all. Previous reports have all concluded that no votes were
actually affected by hacking, and this article strives to imply that votes
were affected but has no facts to back that up.

I would assume that attempts to gather information on and hack into voting
machines happen all the time, by both state actors and private individuals.
They key is whether or not such attempts are successful.

~~~
efuquen
Hacking the election doesn't mean having to actually flip votes, though the
Russians clearly tried to do that and we don't know if they were successful.
What is clear is that they tried to infiltrate election machines and the
companies that produced them, on a grand scale. What is also clear is they
waged a very successful propaganda campaign that pushed fake news stories,
primarily through social media. Votes could have been effected by the former
and almost certainly by the latter. Again, as the article points out below you
wouldn't have to flip votes to effect outcomes, simply keeping people from
voting could be enough, especially in a close election.

[https://www.nytimes.com/2017/09/01/us/politics/russia-
electi...](https://www.nytimes.com/2017/09/01/us/politics/russia-election-
hacking.html?_r=0)

------
i_dont_know_
So, Kaspersky also did lots of detailed work uncovering malware from "the
equation group" which was basically the NSA
([https://en.wikipedia.org/wiki/Equation_Group](https://en.wikipedia.org/wiki/Equation_Group)).

I'm honestly wondering if the reason they say not to use them is because they
detect NSA things.

------
1024core
Let's say I believe the good Senator from NH, that Kaspersky is evil.

What she has failed to show is how are Kaspersky's actions worse than those of
Cisco, Juniper, Microsoft, Intel, etc.? Can she state, with conviction, that
the NSA does not have backdoors in US products? That the NSA is not exploiting
holes (which they could get fixed by the vendors, but aren't) ?

BTW: the US has been "hacking" elections one way or the other all across the
globe for decades. I find this uproar in the US about being hacked laughable,
as we've been doing it for so many years! Sure, we may not use the exact same
techniques are the Russians, but we do meddle in other countries' elections
all the time.

~~~
sigmar
>Let's say I believe the good Senator from NH, that Kaspersky is evil.

This isn't what she wrote.

------
shade23
I really do not expect such journalism from New York times,

>But a backdoor is not necessary. When a user installs Kaspersky Lab software,
the company gets an all-access pass to every corner of a user’s computer
network, including all applications, files and emails.

Isn't this true for all antiviruses.

>The Kremlin hacked our presidential election, is waging a cyberwar against
our NATO allies and is probing opportunities to use similar tactics against
democracies worldwide

Any proof for this?

Just realized that this was written by a Democratic Senator who took a stand
against Kaspersky. That explains the lack of balance in the article and the
tone.

Also. I would have a problem with _any one_ having my data, be it Symantec and
NSA or Kaspersky and KGB.

~~~
averagewall
The idea of the Russians hacking the election is just a signal of political
bias. There isn't even any accusation of miscounting votes or any typical
election fraud. US voters still got what they voted for exactly as the system
is supposed to work.

~~~
chowyuncat
[http://abcnews.go.com/US/russian-hackers-targeted-half-
state...](http://abcnews.go.com/US/russian-hackers-targeted-half-states-voter-
registration-systems/story?id=42435822)

------
monochromatic
> The Kremlin hacked our presidential election

Stopped reading there.

~~~
dkural
They did hack the voting machines. It doesn't say the hack successfully
changed the outcome. What do you disagree with?

~~~
junkculture
The first I've heard of this. Any citations?

~~~
ScottBurson
Well, you could start here: [0]

[0]
[http://www.slate.com/blogs/the_slatest/2017/09/01/did_russia...](http://www.slate.com/blogs/the_slatest/2017/09/01/did_russian_hacking_of_vr_systems_affect_election_in_durham_county_new_york.html)

~~~
monochromatic
_Attempted_ hacking by _maybe_ Russians. And:

> The New York Times reporters acknowledge that it is uncertain whether the
> problems were caused by Kremlin-directed hacking or a more innocuous mishap
> like software malfunctions or human error. Furthermore, an NSA analysis was
> unable to determine if the Russian hackers were successful in compromising
> the election vendors or what specific data had been accessed.

I need a little more than that before I get all riled up about the Red Scare.

------
rdtsc
> The Kremlin hacked our presidential election,

That's the first line in the article and is stated as fact, what's the
evidence for that? How exactly did Kremlin hack our election?

Are they implying had it not been for their hackers we might have had Hillary
as a president. I remember her campaigning in California multiple times and
but I guess those sneaky Russian hackers changed her itinerary to never visit
Wisconsin. They also forced her to setup that stupid server and send
classified information over it. Then held the hands of her staffers as they
smashed those blackberries with hammers.

Saw someone else here stopped reading at that line, and can't blame them. This
is becoming like the WMD and the Iraq War story. At some point it becomes
counterproductive to repeat it because it starts to work in the opposite
direction. No doubt there it was a very well thought out PR campaign, but it's
time to wrap up and move on.

~~~
flukus
I've never even heard anyone explain how they could prove it in the first
place. How do they differentiate an attack launched from Russia with a Russian
attack? How do the differentiate state vs private actors? How do they rule out
intentionally created back doors?

It always comes down to "it was the Russians, trust us".

------
desireco42
I think NSA is such a danger and threat, aside from installing backdoors and
weakening security, the major reason is that it legitimizes such behavior, so
that others like China, Russia, Iran etc, can do the same and not even blush
about it.

As someone said, Kaspersky is danger because it is revealing NSA tools.

(and I can't write short sentences :) sorry)

------
icbm504
This is not a news article. This is an op-ed piece by a US Senator. The author
_may_ be concerned about NSA/CIA inserting their spyware into US products, and
_may_ also be concerned about various US intelligence agencies spying on US
citizens. Neither of these topics are significant to point the Senator is
making. The point of the article is that Russian spyware is a security threat
on the US. It is an op-ed piece, you can agree or disagree as to how credible
the threat is ... and if you are from NH you can get extra credit and can take
that into consideration when you vote on her candidacy next time she comes up
for reelection.

------
snakeanus
> But a backdoor is not necessary

> the company gets an all-access pass to every corner of a user’s computer
> network, including all applications, files and emails.

Isn't that a possible definition of a backdoor?

> is waging a cyberwar

Cyberwar is a codeword for "I have no idea what I am talking about".

> I hope to amend it to ban Kaspersky software from all of the federal
> government.

They should ban all proprietary software instead, that way they will avoid the
NSA backdoors as well.

------
snakeanus
Nobody sane would ever trust a non-FOSS security software and expect it not to
have backdoors.

------
newprint
and ex-CIA employees work for Cisco...

~~~
bayesian_horse
Russian propaganda to the contrary, there is a difference between the workings
of the CIA and FSB, and the general political and judicial systems of Russia
and the USA.

If ex-CIA employees work for Cisco, their work is subject to corporate
leadership. Whatever they do, or are allowed to do, is the responsibility of
the company as a whole.

------
gorbachev
The New York Times is on a roll!

Erik Prince editorial on how military contractors are the solution to
everything.

This article is just pure unadulterated bullshit. A propaganda piece from the
US Government, nothing else.

------
gnu8
I don't get why I am seeing a mobile web site when I am using a computer.

~~~
monochromatic
The link was submitted pointing to the mobile website.

