If you're wondering what the backstory is here, well, join the club. Dave Aitel sums it up: US Senators John McCain and Marco Rubio claim the US IC has presented them some kind of smoking gun evidence that some kind of line was crossed. They're not planning to share more information. Anybody who tells you they know more about what's going on is probably just spreading gossip.
which references this July 11, 2017 Bloomberg BusinessWeek article, "Kaspersky Lab Has Been Working With Russian Intelligence - Emails show the security-software maker developed products for the FSB and accompanied agents on raids":
I rather do think that political inclinations are religions in the US, however, but the wars are largely phony and forced - hence McGuffin. I'm sorry it upset you.
People who take the time to correct others (particularly when it's off-topic) are generally motivated by the desire to genuinely help the discussion or by mean-spirited nitpicking. If the former, they're also interested in learning about how discussions tend to behave on the forum in which they're participating, which is why I chimed it. If I assumed the latter, I would refrain from commenting at all.
Correcting a commonly abused saying, and thereby slightly reducing the volume of bullshit if only imperceptibly. I have to wonder why you seem so interested in commenting mostly on the comments of others.
In general, though, I feel that the more precisely we use language, the more expressive it can be. Begging the question is different from raising the question. If we allow that conflation, it then becomes more difficult or requires more words to express what "begging the question" really is.
By analogy with Huffman coding, the meanings that are used less often should require more words to express than the more commonly-used meanings. And if you really want to express the meaning "assuming the premise", then you could just say "assuming the premise", instead of insisting on the "precision" of using a 16th-century mistranslation of petitio principii.
Would you mind sharing with me how you would have written my initial comment, (given what you know of my intention) that would have had the most positive effect on you? I'll take my answer off the air. Thanks again for your time and attention here. It's a rare opportunity and I do appreciate it.
I'm sure if Kaspersky sells tons of software on US soil, and most likely pay taxes on US soil, then they will sue and have a solid case against the US Government on discriminatory basis; unless of course said smoking gun will be made public. Otherwise it feels guilty until proven innocent (if given chance). Welcome to Russia, err. I mean: America.
Edit: if this falls thru, we have a very dangerous precedence; until now, politicians were taking money and lobbying for/against certain rules to help certain businesses to gain competitive edge. Now we have 2 Senators who happen to have "smoking gun" from "anonymous sources" (I presume) that could pretty much shut the whole company down. Whether Russian or American, irrelevant.
Could you be clearer about exactly which "discrimination" code or statute the USG would be violating, even if they were doing this capriciously?
Working in/on Russia - not Kaspersky
Working in/on Israel - not Checkpoint
Working in/on UK (e.g drone strikes) - not Sophos
Working in/on US - etc etc
Ultimately capability and costs of the software was the main thing but the more you heard about Kaspersky style stuff, the more its seems relevant. Hanging around the security space long enough, you meet people at Western security software companies who quietly will express some concern about what goes on inside their own places. It reminds me of Huawei hysteria.
I'm amused every second of my life that seemingly all of the US' "opponents" keep using US software which also mainly remains closed-source, while everybody knows that lines are constantly being crossed. It's both funny and mind-blowing.
- Michael Flynn was paid by Kaspersky to speak at its seminar (probably nothing, but mildly interesting)
- US Intel community considers Kaspersky to be an arm of the Russian government
- Kaspersky employee arrested in sting by Russian government for treason
- US Intel officials believe Kaspersky employees in US engaged in espionage
- Kaspersky employees investigated/interviewed in US by FBI
- Coincidence of a Russian military intelligence unit's ID in a certification for Kaspersky software
- Kaspersky denies it will ever work with any government on cyberespionage
To me that's real reason: they wouldn't play ball.
> Take all of that, and ask yourself this. Would the US govt, which already had suspicion to remove them, and had been getting the ball rolling since at least May or before then, ask them to spy on behalf of the US in Russia, and if they balk, remove their funding and damage their reputation?
To me that's real reason: they wouldn't play ball.
I'm no expert at this, but I can't think of any circumstance where US intelligence would both simultaneously believe they are a branch of the Russian govt and ask them to spy in Russia on their behalf. Almost with 100% certainty if the US is spying in Russia it is against their geo-political foe Russia's interest. You wouldn't pass your secretly gathered intelligence through a branch of the Russian govt before returning it stateside. The secret intelligence is almost certainly about the Russian govt - no way you'd pass it through them to get it back to you. At minimum they'd know what you know, at maximum they'd manipulate it to deceive you. Again this is all speculation on my part here, but I don't see it supporting that conclusion.
Clearly something changed to cause the sudden urgency to eliminate Kaspersky from govt computers. Additionally the urgency to me speaks more to eliminating a threat (of espionage or else) rather than retaliation. 30-90 days in govt time is pretty much as immediate as it gets.
I think something else changed or was discovered. An option is US intelligence found out evidence of escalation of alleged actions by Kaspersky either in the recent past or plans for the near future. Again I've got no evidence of this - but is what seems like it better fits the points we've seen so far.
This isn't sudden, this has been in the works for at least half the year. Congress and the FBI have been investigating Kaspersky since at least May, probably before then. In June, the House and Senate approved legislation to ban Kaspersky's software from use by the military. Legislation introduced by, you guessed it: John McCain.
It might not be about spying at all - they might just be wagging the dog. It's weird enough that the military and intelligence services are working in tandem (how often do you see that happen?) to cast doubt on and kick out Kaspersky. With Trump under scrutiny about potential collusion with the Russians, could it be that someone needs to look tough against a Russian entity and provide in return some favor, like 100 billion extra bucks in the DOD budget?
The newly passed FY18 military budget is 696 billion, up from 582 billion in 2017 - an almost 20% increase. What really amazes me is 60% of Democrats voted for this, which is an incredible concession considering how gigantic the cuts to their programs will be.
Turning a spy is espionage 101, chapter 1.
Turning a spy would be a covert action. Saying "your company better spy for us, or else we'll pull our contracts" is absolutely not. The previous poster was arguing the latter was what is going on.
This is never an official policy, but it is a de-facto one, in the intelligence community anyway. Companies sometimes self-police to prevent these situations. But they will absolutely act to protect their interests, in one way or another.
Why would they? Wouldn't they just ask Microsoft instead? I don't see what particular value or access Kaspersky would bring to the table here. They have no particular "spy" channels into the Russian government, they just make software.
"For the record: I never worked for Russian military intelligence. As I mentioned above, I worked as a software engineer at the Ministry of Defense."
The NSA was tapping calls from the personal cellphone of the Chancellor of Germany. The CIA created a Twitter clone that Congress funded just so they could destabilize the Cuban government. There's many more examples of our infiltrating foreign entities with men in sunglasses who all claim to work for the state department.
Asking a non-US company to spy for the US government, and then retaliating against them when they balk, seems minor on the average scale of geopolitical intrigue.
Your supposition that DHS has cracked down on Kaspersky in retaliation for Kaspersky's refusal to spy for the US is not.
Again: big, if true!
I have never found this to be case, infact it seems to me that financial firms tend to be behind the times when it comes to IT Security. Especially banking. How many ATM's are still running XP Embedded as an example
It seems while the US knew about this it had a spy within Kaspersky and was their source for finding out what they were up to. The accused spy was arrested by the FSB recently so likely the US no longer is willing to take on the risk of allowing Kaspersky to run on us govt machines. Marco Rubio appeared to hint at some classified info about known govt risks of dealing with Kaspersky. Additionally the second link mentions Kaspersky is moving into protecting critical infrastructure, which seems notable giving the sudden frequency of mentions of the weakness of US infrastructure to network attack.
The problem with classified security stuff is you never find out the full story. Only bits and pieces around the edges of it. It's almost never in their best interest to reveal the depths of what they know because it exposes their methods and awareness.
Earlier article on then working with the FSB.
I have never understood why this is a shocking revelation.
FSB is russia version of CIA/NSA. Every single US technology company works with the CIA/NSA as they are required to by law, every company in any other nation is going to work with their government as required by law
If you are in the UK you will be working with GCHQ/MI5, if you are in the US it will be NSA/CIA, if you are in Russia it will be FSB, etc
In the actual article link it quotes Russian govt. officials saying they arrested them for treason, and for giving secrets to a US Intelligence Agency that wasn't the CIA.
I do appreciate skepticism in response to claims, but please do read through the article first before contesting.
As I'm not, though - my point was the current Russian regime is not constrained by niceties like the rule of law and accusing enemies, real or perceived, of being nefarious agents of a foreign power is their favourite thing. So 'this guy was an American spy' is already a fairly shaky foundation, 'the arrest of this particular guy caused this change in US policy' is a reach bordering on baseless speculation. We just don't have any good way of knowing how much or any of this is true.
The Holocaust Hoax Exposed
The Synagauge of Satan
9/11 Nuclear Demolition
The HIV Myth
Adolf Hitler Greatest Untold Story
And this details the workaround:
What I'd like to know (and lack the ability to figure out for myself) is whether other antivirus products implement the same kind of workaround as Windows Defender, i.e., calling FltGetFileNameInformationUnsafe etc.
What a happy, happy windfall for all the Symantec / McAfee sales reps with Federal accounts. If you're at a bar with one, they're buying :)
That is probably great news if your an European, or especially Asian software vendor trying to compete with any US based company for local government contracts, as the US have now legitimized any concern about foreign governments(including the US) forcing back doors into commercial products.
It might not be all that good if your an Californian start up trying to make money on the European and Asian market as what was a hard sell, now got harder.
Though it's not a new trend as were heading towards a situation where IT procurement is getting incredibly political and where the legal department is increasingly vetoing solutions that otherwise would have gotten selected due to jurisdiction issue in relationship to stored data.
Love it or leave it, literally. Unless you like a Siberian prison.
FSB walks in, point to a dozen laws you've broken and then ask, how are going to do this. And you've almost certainly broken the laws (it's nearly impossible to operate otherwise in such countries), and even if you didn't a judge will say you did.
Would also makes sense to ban Microsoft at least in the EU for anything government or military related and only used a custom tailored Linux. EULinuxs instead of Red Linux :-)
Also, interesting you posted a Glenn Greenwald article - he has been accused by some people in the U.S. of dismissing things Russia has done recently in these fronts.
2. Why take any risk that you can avoid?
Wow, I feel terrible.
Premise: US AV companies are deeply connected to the US intelligence communities.
Conclusion: Deep suspicion of criticism that a Russian AV company may be connected with Russian intelligence communities?
See how NSA spied on internal Google networks, even if Google was already in PRISM.
"The BOD calls on departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive"
That number of days could be critical. If they have intel telling them that Kaspersky can be used as a vector to exploit their systems by Russia, then this could be used outright to further exploit their systems and possibly (?) plant more ways to attack, even after Kaspersky has been removed.
I am assuming that DHS will already have in place another security company to handle other potential scenarios and ensure the security of their system while the transition process is happening.
It's a weird move, and I would like to imagine that there is some solid reasoning behind the endeavor besides posturing and playing up to hot-button issues. But it really does just seem like the sort of issue that either ends up in bureaucratic limbo (e.g., Kaspersky remains installed for months while agencies look to find a replacement that meets their criteria) or that leaves the computers unprotected while the search continues.
In 2017 in tech we're progressing towards a fragmented future where governments don't trust each other and big tech companies hold strong intelligence power in people's lives.