
US officials: Kaspersky “Slingshot” report burned anti-terror operation - privong
https://arstechnica.com/information-technology/2018/03/kaspersky-slingshot-report-apparently-exposed-us-military-cyber-ops/
======
stordoff
I'm not sure what's particularly newsworthy about this - an anti-malware
tool/outfit found malware. It's not as though Kaspersky could, or arguably
should, know the source was the US military. It'd probably be a bigger story
if Kaspersky was overlooking government sanctioned malware.

~~~
theandrewbailey
Yup, it sounds like Kaspersky was doing their job. It seems incredibly
disingenuous to say that they endangered people by doing so.

~~~
willstrafach
> It seems incredibly disingenuous to say that they endangered people by doing
> so.

Not really, it could be a fact based on knowledge. Although I’d agree it would
be disingenuous to say it was intentional.

------
whack
The final paragraph of the article is weird.

 _" Kaspersky's exposure of the program will likely not win the company any
points in its battle to get off a US federal government blacklist."_

Is that just rhetorical flourish? Or is Kaspersky actually going to be
penalized for doing their jobs? Is there an implication that other security
companies have been "recruited" by the government to turn a blind eye towards
government-sponsored malware?

~~~
peterwwillis
Six months ago I speculated
([https://news.ycombinator.com/item?id=15242367](https://news.ycombinator.com/item?id=15242367))
that Kaspersky was banned from US Govt use due to not playing ball with a
political entity in the government. Now we know that simply by pursuing their
normal business objectives, Kaspersky has hurt the government's
counterterrorism efforts.

This could've happened by accident, but the way they were treated over several
years by the intelligence services, military and Congress to me says
Government knew this would eventually happen and tried (and failed) to get
them to not flag this kind of malware. It's possible that by not agreeing to
curtail research of certain malware, they were punished by having their
contracts taken away.

------
guelo
Makes you wonder if American antivirus companies are instructed not to reveal
American military malware.

To guard against that you could theoretically scan using a wide range of
international antivirus companies. But the problem with that is that the
militaries are using the antivirus software themselves as an attack vector.
Kaspersky was recently caught stealing American government secrets via its
software. It's impossible to know who to trust.

~~~
MatthiasP
The amercian government secrets Kapsersky was "stealing" turned out to be US
sponsored malware. Which is exactly what a good anti-virus is supposed to do.
But if you want something more NSA friendly, you can always use McAffee who
announced a few years ago that they will happily turn a blind eye on NSA&FBI
malware.

~~~
guelo
You don't know that. Nobody knows anything because this is all spy vs spy
stuff so it's impossible to know what news reports are real or propaganda or
disinformation. But fwiw:

\- WSJ: Russian Hackers Stole NSA Data on U.S. Cyber Defense:
[https://www.wsj.com/articles/russian-hackers-stole-nsa-
data-...](https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-
cyber-defense-1507222108)

\- NYT: Israelis hacked into Kapersky and caught them using their software as
"a sort of Google search for sensitive information"
[https://www.nytimes.com/2017/10/10/technology/kaspersky-
lab-...](https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-
russia-hacking.html?hp&action=click&pgtype=Homepage&clickSource=story-
heading&module=first-column-region&region=top-news&WT.nav=top-news)

------
AceJohnny2
Note that as the military themselves said, this is just their "cost of doing
business".

------
xkcd-sucks
This highlights the need for independent security organizations located in
mutually unfriendly political jurisdictions.

------
gnode
To use an analogy, this would be like blaming the developer of an antibiotic
or anticholinergic for rendering your weaponized anthrax or nerve gas
ineffective. Cyberweapons can easily fall into the hands of criminals
(especially given their low-bar for deployment) and the marginal cost of using
them is almost nothing. For an example, see WannaCry, which used the
EternalBlue vector also developed by the US.

------
staunch
When the FSB exposes NSA/CIA hacking, that's an NSA/CIA failure. Their (very
technically difficult) job includes not allowing enemy agencies to expose
their activities.

Cold War 2.0 rages on.

~~~
Mononokay
Kaspersky isn't even necessarily an FSB arm - they're just (seemingly) the
most competent non-Five Eyes-compliant security company right now.

~~~
zsk88
I mean they don't even try to hide that its FSB. Eugene Kaspersky literally
went to KGB school that trains KGB officers.

------
natch
An argument could be made that the US government should try to make nice with
Kaspersky, instead of provoking them to be an enemy. Then maybe this would
have played out differently, with a bit more sensitivity to US concerns.

~~~
gumby
I think the military simply needs to do a better job. After all plenty of
covert operations have been exposed in the pass due to innocent civilian
observation, thus the military does a better job of hiding things.

And indeed, if kaspersky could find something than various sophisticated
adversaries certainly could too. So why bother to court that one private
company?

~~~
natch
Well I wasn't saying court them... there is a spectrum of ways to treat
companies. Courting is at the far end, right now the US is at the opposite end
of that spectrum with respect to its treatment of Kaspersky. Being more toward
the middle of the spectrum would also be a possibility.

[Edit: ok, "make nice" (my words) does sound like courting, but I was thinking
of it in a more neutral way.]

That being said, I really don't know whether Kaspersky deserves the treatment
it's gotten... not having followed their behavior closely. It very well may,
for all I know. But it's possible there is blowback from that.

------
lolc
Good work by Kaspersky. This doesn't look good for their competitors. Either
they didn't know about the attacks, or they permitted it to happen.

------
tmuir
If it is your goal to prevent your enemies from learning about your
activities, and then someone stumbles upon those activities in the course of
their normal work, but doesn't realize who is responsible for said activities,
then your huffing and puffing about your absolute dire need to operate in
secrecy is revealed to all as pure theater when you fill in those very details
yourself to reporters you summoned.

------
Kenji
I have zero pity for the US anti-terror operation. Digital weapons are
dangerous and must be rendered ineffective through security patches, no matter
who made them and who used them.

~~~
tmuir
But the last guys that made big bad weapons with unforeseen consequences
weren't as smart as we are. Trust us, this time is different.

------
forapurpose
The US security establishment unfortunately is an unreliable source for such
claims. For example, off the top of my head consider the original stories
about Jessica Lynch, Pat Tillman, the people imprisoned in Guantanamo (who
originally were identified as all serious threats, but turned out to be mostly
otherwise), testimony on NSA activities, exaggerations of the consequences of
Snowden's leaks (IIRC), and many more. They seem to claim what suits them
until proven otherwise, and like to attack leakers and journalism.

That's a problem in a democracy, where we need to vote on these issues,
because we rarely have other sources for secret information. But trusting an
inaccurate source because you lack another, while tempting, is flawed
reasoning. Better to say, 'I don't know'.

I wonder if some parts of the security establishment are more reliable than
others. There are some individuals I trust more than others, at least.

~~~
tmuir
I agree. You can't maintain credibility by telling everyone that you are the
only legal source of information about a subject, even if that subject is
yourself. Because in situations like these, the facts of the case look
indistinguishable from an operation that was revealed by an unofficial,
unauthorized source.

That tells me that there are in fact times they would like the general public
to know about their operations, and separately, those unauthorized sources
seem to match the official ones a lot of the time. With that established, we
can move on to trying to discern their motivations when they decide it is
important we know the details of their operations, and why they would
seemingly go against the very advice that they so rabidly bark to everyone
else.

