Hacker News new | comments | show | ask | jobs | submit login
[dupe] US bans Kaspersky software in federal agencies amid concerns of Russian spying (washingtonpost.com)
97 points by ryan_j_naughton 5 months ago | hide | past | web | favorite | 49 comments



Oracle, Palantir, Symantec and IBM have close links with American intelligence agencies.

Perhaps all non-American countries should ban the use of their products.


If you're a non American government agency using American software or hardware you should absolutely be concerned about American intelligence services co-oping them.

I think every government should be wary about using software from an adversarial country.


They didn't ban the use in general, people are free to continue Kaspersky privately. They banned the use by US government agencies.

Of course, other governments should ban the use of US products if they believe that the US might use them as entry doors for espionage. It boils down to whom you consider your ally or not.


I suppose that countries which have open conflicts with the US would be wise to do that. But I also think they already know.


That wouldn't be smart unless they consider US a hostile country. As long as they benefit more from the relation with the US the spying stuff won't ban any US product.


Sure. But I think most people operate on realistic threat and risk models. If the U.S. had as vast and entangled a relationship with U.S. software companies and espionage as does Russia, that might make sense.

As it stands, probably not so much ...


Setting aside the spy game rumors, isn't this essentially "US government prefers to purchase products made by US companies"? That if I followed the money on this I might find a Symantec or Mcafee lobbyist behind it.


You say that as if its a bad thing.


I always wonder if there is any substance to such claims other than that it is made by a russian company.

In which case one might as well claim "ties" between Symantec and US intelligence or Checkpoint and Israel.


Yes.......are you saying there are no such ties?

Your tone implies "as if the US government would EVER do something like that". We're the GOOD GUYS.


Surely US federal agencies have to worry more about Russia spying on them than about US intelligence spying on them?


It is pretty unlikely that there are no such ties, hence you should choose your security products accordingly. It's kind of obvious that government employees of one country shouldn't use software from another, not very befriended country for handling sensitive data.


Downvoted for making sense...


Thus begins the softwar in which software trust runs on national boundaries and the reciprocal bans will drop into place everywhere.


It already happens for quite some time. China and Russia has their own copy cat versions of most western software/services. It's even moving to hardware level as both of these countries are working on their own CPU and infrastructure equipment.


Soon, it will be illegal to transport encryption technologies across national borders.


It used to be illegal to export crypto from the US. Nobody remembers the RSA "this tshirt is a munition"?


I still have that t-shirt in my drawer. If you've not seen it, here's a link: http://www.cypherspace.org/adam/uk-shirt.html


Why was the other side of the story banned on HN, but this one allowed?

This is retaliation for Kaspersky showing the middle finger to CIA backdoors, as was reported in multiple non-western news outlets over the past week.


The banned story was hosted on a shady website and quickly flagged. The reason for that was (if I remember correctly) that the website was some kind of right wing outlet.


Reminder: Russia does have a vast troll operation, complete with websites, writers, commenters, TV station, fb pages and so on. https://www.google.com/search?q=russian+propaganda+machine+i...


And the US doesn't?

By the way "propaganda" and "public relations" are exactly the same thing.


>> By the way "propaganda" and "public relations" are exactly the same thing.

If it's identified as US State Dept said "this" you know what to expect. So, IMO, it's different. Very different


It would be difficult to find, outside of a full totalitarian regime, a country that doesn't exploit media, including news, advertising and pop culture, for manufacturing consent customized to monetize and motivate the populace to be compliant, profitable, useful consumers.


This bill was passed end of last year.

In the true Orwellian fashion now typifying 2016, a bill to implement the U.S.’ very own de facto Ministry of Truth has been quietly introduced in Congress... http://www.mintpressnews.com/propaganda-bill-congress-give-a...


These are totally different things. In public relations the source is clearly identifiable. If the Kreml or White House gives a press conference, it's up to you whether to believe them or not. No problem with that, comrade!


How can this comment be the top one on the thread? The other side wasn't banned. It just wasn't upvoted. I would expect this comment on Reddit, not here.


It was flagged, amid speculation in the thread that the story was a hoax on account of the site hosts links to anti-semitic "resources"

edit: not sure why this is being downvoted, all I am citing are facts from this thread https://news.ycombinator.com/item?id=15227543


HN doesn't ban stories friend. Why don't you post a link?

Maybe Kaspersky is completely innocent, but the fact is they are based in a country which would have no problem in asking/coercing/outright forcing them to spy on other nations. That is a competitive disadvantage for a security company. If you think that's unfair then talk to Putin.


> ...they are based in a country which would have no problem in asking/coercing/outright forcing them to spy on other nations.

As a non-US citizen, I laughed at this.

https://www.nytimes.com/2014/05/21/business/us-snooping-on-c... https://qz.com/105490/how-the-us-government-uses-information... and so on


I'm not American either.


that's even sadder


[flagged] US “explodes” after Kaspersky closes “CIA Backdoor” embedded in all MS Software | https://news.ycombinator.com/item?id=15227543 (1 day ago, 57 points, 12 comments)

> DiabloD3: Can we get a more authoritative URL over this?

> godelski: I have a hard time taking this website seriously.

> driverdan: I'm surprised this got so many upvotes before it was flagged.

DHS Issues BOD Banning Kaspersky from Federal Government | https://news.ycombinator.com/item?id=15240839 (18 hours ago, 71 points, 105 comments)

Not sure what new angle this Washington Post article brings that the current discussion wasn't flagged as a dupe. Maybe enough time has passed and de-duping is only done when both are on the front page?


> HN doesn't ban stories friend.

Not only will the mods ban stories if they're offensive enough, but quite a lot of "social justice" stories get flagged into oblivion by the userbase. All sorts of things vanish from HN. Some of which is necessary.


Hasn't US been spying on Germany, the ally, according to the leaked docs?

Anyway, your statement is completely true, and in my opinion it applies across the board to all countries.


What you're seeing are two malicious actors making use of their propaganda arms. Regardless of high-horsing, everybody spies on everybody.


It would be valuable to us newcomers to this issue if you could provide us with some links to these stories. Also I'd be interested in seeing that these got banned on HN.


Could it be http://www.reuters.com/article/us-usa-cyberspying/russian-re...

"The U.S. National Security Agency has figured out how to hide spying software ... That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations."


After a quick search I didn't find those stories (although I remember reading something about that, too, many months ago, and I also remember seeing Kaspersky blog posts deconstructing US-made malware like Stuxnet and whatnot), but I did find this interesting article, specifically these paragraphs are interesting:

> Officials tell CyberScoop they believe the FBI has engaged in deliberate media leaks and overblown classified congressional briefings to build the case around Kaspersky.

> The FBI has briefed private sector companies across several industries, urging them to cut ties with Kaspersky on security grounds

> Officials from the NSA, CIA and DIA have spent the last year privately criticizing what they perceive as the bureau’s escalatory strategy, which they say is often based on lackluster intelligence work.

> No evidence of a relationship between Kaspersky and the Kremlin has been made public, which has fueled a public debate about Washington’s tactics against the private company.

> “There is little doubt that the U.S. government’s handling of their Kaspersky claims will cause trouble for U.S. companies,” Jake Williams, a former NSA employee and founder of Rendition Infosec, told CyberScoop. “The data released so far against Kaspersky is weak and inconclusive and applies to many U.S. information security companies. Making claims without substance to back those claims will just lead to speculation that U.S. companies are involved in similar activities. Rebuking these claims is made difficult since the burden of ‘proof’ established by the U.S. is so low.”

https://www.cyberscoop.com/kaspersky-fbi-investigation-nsa-c...


What is the other side of the story? Link to the article please.


The "two-sides" cargo cult is often a false equivocation: like teaching evolution and creationism. There are some obviously wrong opinions that aren't worth legimitizing. That is different than a reporter playing devil's advocate, finding adversarial opinions and asking tough questions. It is especially onerous when one "side" is one of these alt-right or mainstream rags that push talking points agenda instead of honest facts.


Maybe, maybe not.

In any case, if you want to primarily protect against US government snooping, Kaspersky might be a better choice than a US anti-virus product. If you want to primarily protect against Russian government snooping, Kaspersky seems like a bad choice.

To me it seems perfectly reasonable to prohibit US government authorities from using Russian antivirus software that installs with highest privileges. I'm amazed they were allowed to do this in the first place.


>> This is retaliation for Kaspersky showing the middle finger to CIA backdoors, as was reported in multiple non-western news outlets over the past week.

Yes, comrade! They did the same to FSB backdoors, no?

On a different note, do you have open offices, free sodas etc https://www.engadget.com/2015/03/27/interview-russian-troll-... ?


This comment breaks the site guidelines: https://news.ycombinator.com/newsguidelines.html. Please read and follow them from now on.

Insinuating astroturfing and shillage is the short path to internet hell. It's a game of snakes and ladders. Avoid that snake.

I've posted about this many times if anyone wants to read more about why HN has this rule: https://hn.algolia.com/?query=by:dang%20astroturfing&sort=by....


They do not have to. If Kaspersky blocks the CIA backdoors and McAfee blocks the FSB backdoors, it will be fine by me.


The agencies want to increase their own spying and started an anti-Kaspersky campaign (remember the anti-chinese network equipment campaign and the Cisco backdoor?). Since they have access to US antivirus vendors, they want everybody to use those tools so that they can spy on everybody. The agencies have less ways to spy on you if you use Kaspersky.


Going through a comments section on subjects like this is playing a game of "Who's the spy?".

Has anyone developed a honeypot or other system for identifying astroturf comments?


on a related note the service our work uses flags all sites which might have a Russian domain and we cannot gain access from our desktops to them. this hits some blogs and such I like to use at work because their cloud providers are in the wrong part of the world.


... Giving new meaning to the term "security theater."




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: