I find it ridiculous that any time a really well written malware is found it is assumed that it must have been written by a government. Since when has government been the example of efficiency and clarity that is requisite to high quality software? The Open-Source world is full of examples of non-state programmers writing excellent code that does amazing things.
Stoxnet was discovered by Belorussian anti-virus company, Duqu & Project Sauron were discovered by Kaspersky Lab. Are US-based anti-virus companies that bad or ...?
I think that is a bit of a skewed sample. Stuxnet infected mostly Iranian computers, not a lot of US AV companies there. Duqu and Sauron also infected mostly Russian companies, which are far more likely to use Kaspersky Labs than a US AV company. Similarly, most of the reveals of Russian state-sponsored malware is done by US AV companies, for instance the DNC hacks, because Russian state-sponsored malware will tend to target US entities.
DNC hacks are actually leaks. :) Attribution is still not clear for me as any proficient hacking group could do this. It's not NSA after all.
>Russian state-sponsored malware will tend to target US entities.
I haven't heard of any. So its either 1) there is no such malware, 2) it stays undetected, 3) it is detected, but now is wrong timing to disclose it.(if ever)
I don't really afraid of Russians. Snowden's leak & Kaspersky research shows that NSA is far more superior threat to anybody, citizens included. And US-based anti-virus companies fail to protect me regardless of what their reason is.
Or what? I'm not following, but I think its clear that state malware disclosure is political.
If Kaspersky finds a Russian FSB trojan, they won't go to the press. They'll call their pals at the FSB and ask what to do. In an authoritarian state, revealing such a thing could be life threatening. In other words, Kaspersky isn't going to report on Russian state malware, which we certainly know exists considering the documented attacks on Ukraine, Baltics, Georgia, etc.
The US/EU has a stronger freedom of the press tradition and doesn't often follow autocratic staples like murdering inconvenient journalists and serving them polonium tea, but obviously jail-time can be in the cards if laws were violated. I imagine its just safer to report on Western state sigint compared to autocratic/authoritarian state sigint, thus we hear about Western sigint efforts a lot more, especially in the Western press. One of the downsides of having an open society is that you see the warts and all, but a more closed autocratic one has better infomation and propaganda control, so the perception of "those things don't happen here" is easy to sell to low-information constituents, and special efforts are made to keep them low-information.
Also, I think its clear Russia uses Kaspersky to make western intelligence look bad. Its more demoralizing to have a AV vendor point this stuff out than one's own security apparatus and its a good cover for the FSB's own hacking. Wired has written about the FSB/Kaspersky connection before. Note its almost always Kaspersky finding Western state malware, not the dozens of other competent AV firms and thousands of top tier researchers. Funny how that works.
Anyone stumbling across their own state's payload and attempting to publish details is likely to rapidly receive a visit and be put in the picture that they've to drop it.
Admittedly there's no actual murders or suspected ones (that I've ever heard of) but the polonium tea example was not about computer virus revelations either.
>I think its clear Russia uses Kaspersky to make western intelligence look bad. Its more demoralizing to have a AV vendor point this stuff out than one's own security apparatus and its a good cover for the FSB's own hacking. Wired has written about the FSB/Kaspersky connection
This seems like the most relevant part -- it's not that Kaspersky is THAT much better, but that they have a lot of help from the state, which has way more resources than an anti-virus company. How much of that is true, I have no idea.
Also, "free" in the way you use it is a pretty shaky concept: In theory, you're "free" to record police officers acting in the course of their duty, but that doesn't mean the authorities won't ruin your life because of it. (To say nothing of how eerily easy it is for the government to issue gag orders.)
I am not a security expert, but it doesn't seem that hard to figure out how this is being done. Lots of money to an insider/spy/human that has access to the places one would like to install said malware. Most of these stories seem to involve good, old fashioned social engineering. Albeit, social engineering with with lots of money or another kind of leverage.
Or... maybe I am naive. I just tend to look at this stuff with how can we get this done the easiest way??? Human emotions are much easier to target than silicon.
Anti-Virus only finds the very most common virus' and malware.
I think only 30% of malware is detected~ I remember reading about that a while back and this was after advanced heuristic methods had been around for a while.
That's not really what I meant. I mean in the cases where such 'super-malware' has been clearly identified and plucked apart by security researchers, could your average commercial AV kill it? I did some googling and found out for myself that apparently, they do:
Oh in the case where they're very publicly known they will, even if the US government wanted to suppress it, they do not have power over all AV companies. So it would be damaging to those companies.
And in any event, when we find out about nefarious state-sponsored software it's almost always super old.
Schneier is basically blogspam. Quotes entirely from another article, follows up with "I don't know what this means???" Why do people keep reading him?
He's a content curator for a particular category of content. Would you prefer to follow all of the relevant sources and sift through the cruft yourself?
