
U.S. Government Can’t Get Rid of Kaspersky Labs Software - lunchbreak
https://www.thedailybeast.com/exclusive-us-government-cant-get-controversial-kaspersky-lab-software-off-its-networks
======
infosecdoc
On the contrary, as an American not involved in government work, Kaspersky is
one few AV products I'd trust. American antivirus makers like Symantec,
Comodo, McAfee, Microsoft (Defender), Webroot, and CheckPoint are all subject
to secret warrants and infiltration by the US government. Others, like the
UK's Sophos, would be subject to US influence as well.

You have to think about the motivations of each country. Even if Kaspersky
were spying for the Russians, they won't give a damn about your porn, tax
cheating, affairs, your padding of expense reports, or whatever they find on
your computer. As an American, it's MY government that I'd have to worry
about.

~~~
zby
"Even if Kaspersky were spying for the Russians, they won't give a damn about
your porn, tax cheating, affairs, your padding of expense reports, or whatever
they find on your computer"

How can you be so sure about that? You never know what they would need from
you. You write on HackerNews - you are probably a computer professional, maybe
an admin somewhere, but maybe you just know someone and you'd be useful to put
pressure on that person? Think about the Swiss banker from the Snowden leak:

""" The Guardian said Snowden described a “formative” incident in which he
claimed CIA operatives were attempting to recruit a Swiss banker to obtain
secret banking information.

The operatives purposely got the banker drunk and encouraged him to drive home
in his car, he told the newspaper.

When the banker was arrested for drunk driving, an undercover agent offered to
help “and a bond was formed that led to successful recruitment”. """

The American agencies don't need to blackmail you - they can get access in
many other ways.

~~~
bluGill
True, there is that danger. However I have to trust somebody - I don't write
anti-virus software. I suppose I could, but it takes time to get expertise in
that, time that I wouldn't get to spend with my kids. Not to mention working
alone I couldn't fight all the attacks on my computer in a timely manor
without help, and thus I still have to depend on other people who might or
might not be trustworthy.

~~~
macintux
You could use a platform that doesn't require anti-virus.

~~~
sigfubar
Platforms don't require AV software: people do. A security-minded user could
live in Windows and never catch a virus. On the other hand, I've seen careless
individuals become infected with the worst malware by downloading the wrong
thing to their Mac.

~~~
craftyguy
By choosing Apple or Microsoft products, you are still going with a company
under US jurisdiction, which is silly if you wanted to avoid US AV companies
for that reason.

~~~
sigfubar
Oh, certainly! I'd even go as far as call irresponsible the use of any closed
source software in situations that call for tight security. In this sense,
choosing Mac, Windows or PutinOS (oh, how I wish such a thing existed!)
carries exactly identical consequences.

~~~
craftyguy
> PutinOS

It's like Red Star OS, except it uses you!

~~~
Fjolsvith
Virus protection for the masses.

------
juliangoldsmith
I'm rather surprised the United States government would be using foreign
software for information security. Really, I'm surprised that they're using
outside software for it at all. As much as I'm a fan of the free market, that
isn't the sort of thing I'd trust to an outside company.

If only there was some sort of group in the government that handled
information security... Some sort of security agency, if you will.

~~~
csydas
It's not that surprising. Typically when you work with Governments, everything
is specially done, doubly so for the US Government. Custom Federal forks of
the main product (with feature parity), heavily customized SLAs, full access
to the source code for review, and lots more to ensure that it meets the US
Federal standards.

The Anti-Kaspersky stuff is likely just chest beating. I get it at the base
level, and that AV software in general grants a much deeper reach that most
softwares, but most likely they're not installing the same Kaspersky that
anyone else is.

My current employer is a rather large non-US tech company, and we have custom
branches for every product specifically made for the US Federal Government.
It's all rebuilt from the ground up on US soil by US Nationals and the US
Government has freedom to review the code.

It's the price you pay to play with the US Government. I would find it very
hard to believe that Kaspersky doesn't have something similar.

~~~
tssva
For the vast majority of COTS software the US Government uses the same
software versions as everyone else. This holds true for anti-virus software.

------
AdmiralAsshat
This should be fairly alarming to all parties, not the least of which being
the government.

I mean, let's just hypothetically assume for a moment that Kaspersky _is_
compromised and doing intel gathering for the Russian government. Can you
think of a more perfect weapon than a compromised suite of software that is so
deeply entrenched in a nation state's stack that they can't remove it, even if
they wanted to?

------
linkregister
Kaspersky AV is an excellent product. For years it was the unrivaled market
leader for non-signature-based malware detection in Windows operating systems.
Its competitors are closing the gap, however. Qihoo 360 is also a good
product.

Among the reverse engineering / exploit development crowd, I haven't heard
much complaining about Symantec's detection mechanisms.

There are also bespoke anti-malware solutions marketed to the U.S. government,
and they are not commercially available specifically to mitigate the risk that
malware authors will test their products against anti-malware engines. These
bespoke solutions are understandably far more expensive due to their smaller
deployment and high quality.

It's reasonable that the U.S. government has to consider the need to have the
best, reasonably affordable, commercially-available solution for the majority
of its systems. This is balanced by the threat that the Russian Federation's
government could interdict the software being delivered to the U.S. government
client. Intermediate solutions, such as the project that Huawei set up with
the UK government, or the source-code sharing that Microsoft does to get
Russian contracts, seem to be optimal.

------
arca_vorago
ClamAV is ripe for creating a FOSS disruption in this arena. If I were in a
position of governmental power I would be pushing for foss solutions instead
of proprietary black boxes that can't be audited.

~~~
tinus_hn
Security today is very much about blind trust, certifications and not paying
too much attention to the man behind the curtain. If your security software is
open source anyone can point out its weaknesses.

~~~
anfilt
Even then we still have the issue of binary blobs of firmware. Also hardware
it's self may be exploitable. For a truly secure system everything would have
to be audit-able. Also as soon as you run or insert anything into system you
did not audit that whole system might as be treated as un-audited as well.
Since what ever that was may have modified firmware or software.

That also exclude any subtle bugs that people may miss.

------
peterwwillis
FWIW, the anti-Kaspersky train has been rolling for over three years.

Since the time that Kaspersky revealed (after Symantec) global co-ordinated
state sponsored malware programs such as Reign, created by the NSA and GCHQ.
[https://www.theregister.co.uk/2014/12/05/regin_kaspersky/](https://www.theregister.co.uk/2014/12/05/regin_kaspersky/)
[https://en.wikipedia.org/wiki/Regin_(malware)](https://en.wikipedia.org/wiki/Regin_\(malware\))

Or the time that Kaspersky publicly humiliated the NSA by revealing their
hacking of hard drive firmware.
[https://www.dailykos.com/stories/2015/2/17/1364910/-Breaking...](https://www.dailykos.com/stories/2015/2/17/1364910/-Breaking-
Kaspersky-Exposes-NSA-s-Worldwide-Backdoor-Hacking-of-Virtually-All-Hard-
Drive-Firmware) [https://www.scmagazineuk.com/is-nsa-worlds-most-advanced-
thr...](https://www.scmagazineuk.com/is-nsa-worlds-most-advanced-threat-actor-
revealed-by-kaspersky/article/537596/)

Since then, congressional hearings, committees, and US intel agencies'
warnings of "security threats" from Kaspersky had been rolling out with
regular frequency. Last year's ban was just a culmination of other efforts
already underway.

Kaspersky's role of tracking nation-state malware inflitrations gives them a
position as a quasi-intelligence agency. US intelligence agencies hate
Kaspersky because they out every program the US has going on, and because they
operate out of Moscow.

Literally every US intelligence agency has testified before Congress about how
they specifically don't trust Kaspersky.
[https://www.npr.org/sections/parallels/2017/07/05/535651597/...](https://www.npr.org/sections/parallels/2017/07/05/535651597/congress-
casts-a-suspicious-eye-on-russias-kaspersky-lab) So the US and its allies
infiltrated their network and reverse engineered its software in order to find
whatever dirt they could. [https://www.observeit.com/blog/kaspersky-lab-
nation-state-at...](https://www.observeit.com/blog/kaspersky-lab-nation-state-
attack/) [https://theintercept.com/2015/06/22/nsa-gchq-targeted-
kasper...](https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/)

The information they have on global intelligence operations, their location
outside of an ally's control, their insistence on embarrassing nation states'
covert operations and exploits, and the fact that their software isn't the
most secure
([https://www.forbes.com/sites/thomasbrewster/2015/09/23/googl...](https://www.forbes.com/sites/thomasbrewster/2015/09/23/google-
ormandy-finds-kaspersky-0days/#2263a6b65493)) has given the US government
enough reason to want them out of their infrastructure. It's just politically
untenable.

~~~
linkregister
* > Basically, Kaspersky's role of tracking nation-state malware inflitrations gives them a position as a quasi-intelligence agency. The US government didn't like that, because they constantly out the various programs going on, and because they operate out of Moscow. So the US and/or its allies infiltrated their network and reverse engineered its software in order to find whatever dirt they could. [https://www.observeit.com/blog/kaspersky-lab-nation-state-at...](https://www.observeit.com/blog/kaspersky-lab-nation-state-attack/) [https://theintercept.com/2015/06/22/nsa-gchq-targeted-kasper...](https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/*)

Is revenge the only motive to do this, if indeed it was the NSA (it's likely
it is)? Wasn't there an allegation that Kaspersky software had exfiltrated NSA
employees' and contractors inappropriately-stored classified material? Or
wouldn't it makes sense for the NSA, an intelligence agency, to spy on a
foreign company with good access to information about foreign officials?

~~~
peterwwillis
Kaspersky didn't exfiltrate anything. An NSA contractor brought home
classified files and put them on a machine on the internet that had Kaspersky
AV. The AV tagged the files as malware and uploaded it to Kaspersky's servers
to be analyzed. It's another ridiculous screw-up by the NSA that they had to
cover for. [https://www.nbcnews.com/news/investigations/russian-
hackers-...](https://www.nbcnews.com/news/investigations/russian-hackers-
stole-nsa-tools-contractor-who-used-kaspersky-software-n808101) Quote:

    
    
      "Not only is the work of the NSA and CIA increasingly visible, there is
      a certain aggression implied by this," he said. "It's a 'game-on' moment."
      
      Kaspersky, he said, should be treated as a hostile actor.
    

Israel was inside Kaspersky's network, found the Russians looking for US files
(or so they claim) which had been just hanging around on their servers for a
year, and so they notified the NSA about the breach.
[https://www.nytimes.com/2017/10/10/technology/kaspersky-
lab-...](https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-
russia-hacking.html)

I don't believe any agency operates based on revenge. They operate based on
politics. Can they really continue to fund this organization that is
constantly pulling their pants down? Kaspersky's biggest flaw here is just
having shit security.

~~~
linkregister
Considering that non-malware related documents were reportedly taken, you're
not telling the full story.

You make some good points.

That said, the politics of the NSA and the politics of Congress are often
quite orthogonal and shouldn't be equated.

~~~
mcguire
From the article:

" _However, the anti-Kaspersky train picked up steam following revelations
last year of a bizarre incident in which the company slurped up classified
documents and source code from the home computer of a National Security Agency
contractor running Kaspersky Internet Security software. That contractor,
Nghia Hoang Pho, pleaded guilty last year to willfully mishandling classified
material by taking it home._

" _Kaspersky claimed the incident was an unintended byproduct of its routine
malware scanning. The source code was for an NSA hacking tool, which
Kaspersky’s product properly flagged for analysis by malware researchers. But
because the code was bundled in a ZIP archive with the classified documents,
Kaspersky’s software uploaded the entire thing. When Eugene Kaspersky realized
what had happened, he ordered his researchers to immediately delete their copy
of the documents and code, the company asserted in a blog post last year. “The
archive was not shared with any third parties,” the company wrote._ "

Presumably, it was an _isolated incident_ and we can _trust Kaspersky 's
statement_ about their actions. No?

------
GnarfGnarf
The U.S. Government doesn't want us using Kaspersky because Kaspersky blows
the whistle on the back doors the gov't has installed in various software.

------
cryptoz
> Congress didn’t give anyone money to replace these devices,

Seems more like the U.S. Government doesn't _want_ to get rid of Kaspersky.
They choose not to replace compromised devices. Doesn't seem like it is a hard
technical challenge at all, rather the lack of action seems more intentional.

Surely we can all agree this is an issue of National Security. And if the task
is to be done with no Federal assistance or financial help whatsoever, it
seems clear that the government is compromised.

~~~
juliangoldsmith
This seems more like a Pointy-Haired Boss-type move to me. Bosses in actual IT
businesses often don't understand what's involved with a large IT project;
what hope does a 79-year-old senator have of understanding what removing
Kaspersky software from the entirety of the United States government's systems
would take?

~~~
Scoundreller
They don’t. But starting Monday, we’ll find out.

