Hacker News new | comments | show | ask | jobs | submit login
Israel Hacked Kaspersky, Then Tipped NSA Its Tools Had Been Breached (washingtonpost.com)
537 points by tptacek 7 months ago | hide | past | web | favorite | 284 comments

This is what I read between the lines:

An NSA spook was working on his home laptop and playing around with some special NSA malware.

Kaspersky AV detected it - AS IT SHOULD - based on heuristic or behavior-based technology that just about every modern AV has.

The data was sent back to Kaspersky servers. This is also how everyone else does it, because this is how A/V companies create signatures that are pushed out to all other people who use Kaspersky so they can be protected against malware that could quickly go viral.

Israelis were poking around KAV servers and found the malware, and told the US Gov.

Those are the facts, right? Everything else is speculation, no? Did I miss something that proves the thesis of the story and the government accusations?

According to the NYT article[0]:

> Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems. They provided their N.S.A. counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.

[0] https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-...

More specific detail regarding this was revealed today[0]:

> Wednesday's report, citing unnamed current and former US officials, said the help came in the form of modifications made to the Kaspersky antivirus software that's used by more than 400 million people around the world. Normally, the programs scan computer files for malware. "But in an adjustment to its normal operations that the officials say could only have been made with the company's knowledge, the program searched for terms as broad as 'top secret,' which may be written on classified government documents, as well as the classified code names of US government programs, these people said."

[0] https://arstechnica.com/information-technology/2017/10/kaspe...

"Everything else is speculation" ignores the well sourced "speculation" about Kaspersky's next step: letting the FSB know about this contractor so they could target and breach his machine.

It's speculative in the sense that we weren't there, but the information comes from the same source as all of those facts.

There is no single source for the article.

It refers to a "person familiar with the case" when they explain how an NSA guy exposed his malware to Kaspersky.

It refers to different sources which discuss how any malware might have made its way from Kaspersky to the NSA -- unnamed "information security analysts" (they think the KGB hacked Kaspersky), "other experts" (they say the Russian's version of PRISM picked it up) and Steven Hall, a former spook with no disclosed ties to the case (he says Kaspersky is "likely to be beholden to the Kremlin").

It is obvious to me that Kaspersky is beholden to the Kremlin. The founders of Kaspersky are after all Russian.

Why would a hacker not use Mac or Linux for sensitive stuff?

Why would a NSA guy use Russian security software?

Why would an NSA guy put secret government tools on his personal laptop?

Stupid as it may sound, but my experience with many many "why did you take the data there" dramas, the answer is:

To get things done you can not do at the office or you just lack the office time to get it done.

Too restrictive corporate policies?

User error

Why would a NSA guy even run any AV? Isolate and compartmentalize everything based on the task and its dependencies. You should assume everything you run could be bad or that you are already compromised.

He works for the NSA, but he was on his home computer which is unlikely to stay air-gapped unless he's content with making mspaint art and playing skifree :)

Straight up. They spew forth this stupid reasoning so that the general public will become frightened. Most people don't understand what any AV does, or how it operates anyway. For them to understand compartmentalization based on dependencies is way too far out there. The US government might have granted access as well in another effort to spread fear amongst the uneducated American populus.

Is this reasonable to do with number of softwares even average people use?

There was a person on the docker team, who had dockerized every other applications like chrome, firefox, ALSA sound server, and more. But even she found it hard to sandbox everything.

I'm using docker as a leading sandboxing tech. Do you mean something else when you mean sandbox?

I should warn that Docker was never planned as a security tool. If you read the documentation on Linux containers you will see that they are pretty complicated and therefore can have vulnerabilities.

Because he's a RIS mole pretending to be incompetent.

I assume if you voluntarily give Kaspersky root access to your laptop, they don't care whether it's Windows, Mac, or Linux.

Does Karpersky sell that run on Macs or desktop Linux?

According to Google they have both, and based on the descriptions they probably follow the same model as the Windows one. That said, it would be kind of ironic if the original comment actually meant, "Use Mac or Linux for sensitive stuff because there's a good chance Kaspersky doesn't exist (or work very well) on them."

Where did you read "letting the FSB know about this contractor so they could target and breach his machine."

I somehow missed to see that anybody but you claims that, so please give some link. I also, like the parent poster, only read that the antvirus program, as it should, collected the virus to the company servers.

I read that in the WSJ article that first revealed the security breach.


>The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

That quote doesn’t say anything at all that indicates Kaspersky “let the FSB know”, as you keep stating.

It is behind a paywall but the quote you give has no sense in the context of the rest of the information I've read. That narration would be different then. Israelis hacked Kaspersky offices, discovered what the antivirus automatically transferred. It is not claimed they discovered anything else there. NSA obviously didn't know what their worker did at home, until Israelis informed them, so how do they know he was targeted afterwards and that Kaspersky was directly involved? Something is still missing.

Here is sans paywall link: https://archive.is/hB3eo

No mention of FSB in that article.

Thanks. There is however:

"Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s PC, hackers working for Russia homed in on the machine and obtained a large amount of information, said the people familiar with the matter."

But that sounds very implausible, which entry would "the hackers" use? Note that nobody claims that Kaspersky did that "obtaining" that way (by hacking). But it appears to me that Kaspersky software simply first detected suspicious files and then also send them to the servers, which is what the software of most antivirus vendors does. And then the "hackers" story was invented to make it more dramatic. That better fits with the story of the NSA trojan files found on Kaspersky servers by the Israeli, as they hacked Kaspersky.

The implications may be that the FSB provided specific signatures for them to look for, they came back when they popped up on a machine located at this contractors house, then further assessments were performed. In context that’s not far fetched at all.

How do you think FSB "came back" to the machine of the NSA malware developer who's in the USA? I think that's exactly what is not plausible. He surely isn't going to open a trojan named isthatyou.jpg.exe in the e-mail sent by them to him. He actually made such stuff (trojans or something) himself as he let Kaspersky's software automatically collect the sample of his "work in progress." Now the unnamed government sources "leak" this as a case of apparent "Russian hackers" whereas the only known hackers in the story are the NSA and the Israel's hackers who hacked the office computers of Kaspersky. Kaspersky's software just did what other antivirus software does too.

I'm not a malware developer but you can tell an AntiVirus not to scan a specific directory so that could of been completely avoided. You can also tell an antivirus what not to send over to the AV developers / company as far as I remember. I stopped using antiviruses years back, but I remember this from when I would download cheating tools I would define a folder for those tools, some of which I had the source code to but they were all flagged as potential malware.

I always setup my AV software to ask me before it does any thing whatsoever. I don't trust most software, I'm not about to start trusting my AV not to randomly send proprietary software over to their homebase.

I'll cut you some slack because you stated you're not a malware developer. But even if you're a normal developer, you should know that telling software to do something does not mean that the software will do that something. When the software in question is subject to being controlled by adversaries, all guarantees go out of the window.

Yeah. I facepalmed at that assumption as well. It's as naive as a parent telling an 18 year old not to have friends over while they go on vacation for 2 weeks and thinking its all good from there.

You're saying nobody would be able to test if, when and what an Antivirus program is sending over the internet? If it all of a sudden is uploading enough data over to some server vs downloading (for updates) it's kind of a tall tale sign that it's phoning home with files. I don't use AV software anymore since I'm mostly on Linux, if I'm on Windows it's dedicated to Windows based programming, all my browsing is isolated usually.

You can go as far as finding the amount of data software is sending over the wire through the Task Manager -> Performance -> Resource Monitor. And to say an AntiVirus can hide this would mean it shouldn't be trusted whatsoever if it behaves like malware. The type of reputation any sane A/V company does not want to fall under.

Wait, does it really send (suspected) malware home, without asking the user?

Yes it's among most antivirus packages advertised features. And example from everyones favorite anti virus vendor https://home.mcafee.com/Secure/CloudAV/HowItWorks.html but they all market a similar feature.

As far as I know most antivirus companies have such defaults which the users can somehow turn off. That means they consider that the user is informed and has agreed by using the product with such a setting unchanged.

I think Microsoft for their threat detection software does the same.

So I guess all the antivirus companies from time to time have such "lucky finds" like these that were obviously automatically collected by Kaspersky. Even the "secret" viruses will eventually be detected in the broader areas from time to time.

Yes. All antiviruses do this. It's one of the major streams of malware samples, and for the company I use to work for -- the most important source -- because those are authenticated as being on real customers machines!

Kaspersky has been known to collaborate with the Russian government and promote Russian interest. They've actively pursued state actors that are hostile to Russian interest, for example The Equation Group (https://en.wikipedia.org/wiki/Equation_Group), which wouldn't be an organic part of the function or activities of a normal civilian cyber-security company. Such an "innocent" company would have no reason to get involved in cyberwarfare between state-actors, while Kaspersky is heavily involved in such activities and pouring considerable resources into them. This is especially damning since they are clearly targeting state-actors that are antagonistic to Russian interest, such as the US (Equation Group) and its allies (Israel), yet are totally silent on pro-Russian activity.

For anyone who's been at all aware of its history, it is clear that Kaspersky is at the very least actively collaborating with the Russian government, most likely doing its bidding, and possibly can be described as a cyber-security arm of Russian security forces.

I'm honestly surprised their products aren't already banned across all US government agencies.

> Kaspersky has [...] actively pursued state actors that are hostile to Russian interest, for example The Equation Group (https://en.wikipedia.org/wiki/Equation_Group), which wouldn't be an organic part of the function or activities of a normal civilian cyber-security company.

According to that Wikipedia page, The Equation Group refers to "a collection of tools used for hacking". Targeting hacking tools seems to me exactly what a security software company should be doing.

>Such an "innocent" company would have no reason to get involved in cyberwarfare between state-actors, while Kaspersky is heavily involved in such activities and pouring considerable resources into them.

Even if we assume these tools can only target governments and not businesses or individuals, perhaps Kaspersky wishes to obtain contracts with the governments targeted. I don't see how this is particularly sinister or illegitimate.

> This is especially damning since they are clearly targeting state-actors that are antagonistic to Russian interest, such as the US (Equation Group) and its allies (Israel)

Your Wikipedia link states: "The Shadow Brokers announced that it had stolen malware code from the Equation Group [...] Exploits against Cisco Adaptive Security Appliances and Fortinet's firewalls were featured in some malware samples released by The Shadow Brokers [...] Juniper also confirmed that its NetScreen firewalls were affected. The EternalBlue exploit was used to conduct the damaging worldwide WannaCry ransomware attack."

Three American companies and vast numbers of individual users and civil government institutions around the world (including the UK Health Service). Are they all Russian interests?

> According to that Wikipedia page, The Equation Group refers to "a collection of tools used for hacking"

Are we reading the same Wikipedia page? Here's what mine says:

> The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). Kaspersky Labs describes them as one of the most sophisticated cyber attack groups in the world and "the most advanced ... we have seen", operating alongside but always from a position of superiority with the creators of Stuxnet and Flame. Most of their targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali.

Kaspersky is preoccupied with this group, that by their own description, targets state actors that are hostile to the US. They've obsessively documented 500 of their alleged attacks worldwide, which would be negligible blip on the radar for any normal, purely commercial cyber-security company.

Doesn't it strike you as odd?

> Even if we assume these tools can only target governments and not businesses or individuals, perhaps Kaspersky wishes to obtain contracts with the governments targeted.

I'm going to take a wild guess that none of the targets of the Equation Group like Afghanistan or Syria will trust Kaspersky enough to hire them for a sensitive project. These countries are very busy with ground wars and have no attention or money to spend on cyber security.

The only government that may and probably does employ Kaspersky is the Russian one. Which of itself hints at heavy collusion between these two.

Kaspersky is preoccupied with this group, that by their own description, targets state actors that are hostile to the US. They've obsessively documented 500 of their alleged attacks worldwide, which would be negligible blip on the radar for any normal, purely commercial cyber-security company.

You keep saying this, and it is completely wrong which detracts from your point (which is right!).

All commercial cyber-security companies collect and report on hacking groups.

Here's the Mandiant/FireEye report on APT-1: https://www.fireeye.com/content/dam/fireeye-www/services/pdf... and here is the APT_28 one: https://www2.fireeye.com/apt28.html

Here's the report by a group of companies on the Chinese Axiom group: http://www.novetta.com/wp-content/uploads/2014/11/Executive_...

And finally, here's the FireEye one I linked to previously talking about the Equation Group: https://www.fireeye.com/content/dam/fireeye-www/company/even...

The only government that may and probably does employ Kaspersky is the Russian one.

That's not true either as a quick Google shows, eg: https://www.crn.com.au/news/kaspersky-to-protect-prime-minis...

>Doesn't it strike you as odd?

No, not in the slightest. Of course a security company tracks security threats, especially when those security threats utilize multiple zero day vulnerabilities that could end up in the wild after they are finished with them. Use your head, man. I get it, "better dead than Red" and all, but let's not lose our shit purely because of the speculation of an "anonymous source close to the case."

Way down this thread, so time to ask the question: Do American anti-virus, social media, and search companies do exactly the same, but for the US military?

I've always found it suspicious that Russia and China created their own social networks, email providers, and search engines. Almost like they know the power of a capable search engine or social network for intelligence gathering purposes.

Google and US anti-virus companies must work closely with the NSA too.

> Kuok repeatedly expressed fears that he might be dealing with an NSA, CIA or FBI agent, but continued to negotiate with the undercover officer, even cautioning him to avoid referencing the items by model number in e-mail, because "your country has this system to analyze" e-mail for keywords.


Also after the "theft" and premature release of Stuxnet by Israel, I wonder how strong the collaboration between the US and Israel is.

> A 43-year-old former Akamai employee has pleaded guilty to espionage charges after offering to hand over confidential information about the Web acceleration company to an agent posing as an Israeli consular official in Boston.


> Facebook, for example, previously announced its DeepFace facial recognition system is capable of determining with 97 percent accuracy whether two images are of the same person. The company, which itself is accustomed to criticism that it views users as guinea pigs, is able is make such accurate identifications because of the network of images from which it draws, something that could take police agencies a decade or more to build up.

Snowden worked for Dell as a cover for his intelligence work. Russia told their military to move off Linkedin the moment it got acquired by Microsoft. Do Dell and Microsoft work closely with the DoD and should this concern non-US citizens that rely on their software and hardware?


> Do American anti-virus, social media, and search companies do exactly the same, but for the US military?

Doubtful. Keep in mind that in Russia / China the state has a lot more leverage against commercial companies. It's very easy for the state to effectively shut any non-complying company, not to mention far worse (Russia and China have thrown businessowners into jail for no reason before).

> Almost like they know the power of a capable search engine or social network for intelligence gathering purposes.

Absolutely, the typical pattern is that some dominant foreign provider refuses to comply with say, Chinese Firewall rules, so the Chinese block it and instate a friendly domestic provider instead.

> Doubtful. Keep in mind that in Russia / China the state has a lot more leverage against commercial companies. It's very easy for the state to effectively shut any non-complying company, not to mention far worse (Russia and China have thrown businessowners into jail for no reason before).

That is pretty disingenuous. Noncompliance with an NSL is a quick route to contempt charges. On top of that, the gag order prevents you from explaining your position to shareholders or customers.

This coercion makes it much more straightforward for most businesses to simply comply with US demands, unless you voluntarily shutter your company, e.g. Lavabit.

NSL is a statutory authority document issued directly by the executive without judicial involvement. It is not a legal proceeding nor a warrant, nor is it even on court letterhead. There are no statutory penalties for noncompliance set out in the law defining NSLs, but it has provisions to request a court order to enforce if the recipient does not comply. That requires filing a federal case, bringing the intelligence operation to the attention of the judiciary, and probable argument with an opportunity for the target to argue. This is where you hear about folks like EFF defending an NSL, since replying to an NSL usually does nothing.

After a court issues an order, contempt of court is a possibility. Just clarifying that the route to contempt is not quick. It’s also largely untested. Writing an NSL is two pages in a Microsoft Word template, while arguing a federal case to get your way is a much bigger prospect; if the investigation is small enough, or they’re not totally legal in how they got intelligence, etc., etc., they might not wish to argue and calling the bluff might be smart.

The gagging facility of NSLs actually has a non-coercive purpose: as designed, an NSL basically invites an unknown third party into a sensitive intelligence or counterintelligence operation. Tipping off the target or anyone else could lead to a collapse of the investigation, burning other sources that were used before you got your NSL, diplomatic repercussions, and so on. That’s the thinking that went into it, and it’s actually understandable. Two problems are that (a) the gag is indefinite, with no circling back once the operation concludes and (b) NSL is horrifically abused for stuff it shouldn’t be, since FBI realized the gagging lets them mostly get away with it.

Source: Have held more than one and read the citations.

>It's very easy for the state to effectively shut any non-complying company


'I've always found it suspicious that Russia and China created their own social networks, email providers, and search engines. Almost like they know the power of a capable search engine or social network for intelligence gathering purposes.'

Seems like the Europeans are the only ones stupid enough not to.

It isn't stupidity.

Europe has been destroyed in WWII only to be liberated by the USA and the USSR (China is also among the winners). The USSR collapsed and withdrew from Eastern Europe, on condition that it remains a buffer zone (think about Ukraine in this context).

The EU is therefore essentially a peace project, subject to the peace treaties ending WWII (this hasn't happened in N. Korea, think about it in this context).

Those treaties are still in force today, including the stationing of liberating forces. This pretty much sets the boundaries, including the defense (read supervision) of strategic resources, such as gas pipelines, energy grids, and yes, communication lines and information technology. Obviously, these restrictions hardly reflect current German economic strength (just like after WWI), which inevitably leads to tensions (‘The Germans Are Bad, Very Bad’, as the POTUS puts it).

Europeans had a few. There was StudiVZ in Germany and tuenti in Spain.

Once Facebook arrived with localised versions on the European market it destroyed all of the clones. Talk about network effects.

But search engines and email services? Operating systems? Europe is really not on top of this game.

Operating systems seems like a weird one to throw in there. For a start I'm pretty sure some Finnish guy wrote and maintains one of the better-known operating system kernels, which happens to be used in certain popular operating systems as Ubuntu (UK) and SuSE (Germany).

Or perhaps you meant mobile operating systems, in which case I would note that the most promising and well-known mobile OS after Android, iOS, and Windows phone (all American) is SailfishOS, which is... Finnish.

So the US is definitely on top, what with all the software tech giants being based there, but Europe seems pretty relevant.

I was thinking more alongside of mobile systems, true, but I never heard of SailfishOS. I think it's pretty irrelevant in the market right now.

Also FOSS software can't solely be attributed to the one guy who started it. I would say the Linux Kernel is global and it took a lot from Unix.

Indefinite Pessimism. China and to a large extent Russia are Definite Pessimists.

The US and the UK are Indefinite Optimists while many in US tech are Definite Optimists (such as Elon Musk.)

Cultural attitudes about the future of our world has a huge influence on the type and velocity of innovation.

Those are generalizations, but just compare investment philosophies of various countries. EU: with a few exceptions that prove the rule, very conservative, less likely to back 100x technology innovations, more likely to back 2x innovations that have low risk and low reward (but enough reward to make a return.)

Russia and China: more likely to invest in keep-up technology (me-too stuff) that promotes domestic stability — much more defensive investing to promote Juche ideas. North Korean “tech” is the extreme example.

US: willing to bet huge on low percentage, future changing tech (speaking of the Valley specifically,) while much of the rest of the US tends to be closer to the EU in terms of risk tolerance, with notable exceptions.

You won’t have an EU investor funding self-driving cars generally and you won’t have a Valley investor funding incremental 2x tech (generally.)

All countries have visionaries and innovators, but due to who controls the finances (and tax policy,) most of those future Elon Musk types are shot down before they even get off the runway.

Exceptions abound of course, but that’s my general take.

The Europeans were developing one of the most interesting secure distributed platforms 10 years ago as part of the European Multilaterally Secure Computing Base initiative, but it appears to have gone dark. Maybe funding priorities shifted, or the technology was deemed to be something that shouldn’t be open.

Most of the countries had a local one.

Being local ones, they didn't have the same network effects like the US ones. Some of them still live, though.

also: Czech Republic has seznam.cz , which makes a big difference in their market

Poland has several, but none can match the juggernauts

Well there were the Snowden revelations of the PRISM program which apparently had all the major US tech companies onboard. So it’s highly probable.

>Way down this thread, so time to ask the question: Do American anti-virus, social media, and search companies do exactly the same, but for the US military?

Is the Pope catholic?

> I've always found it suspicious that Russia and China created their own social networks, email providers, and search engines.

Yandex search predates Google.

Not to mention that the quality of it's search in Russian had been much better than Google's until at least 2010, as a Russian when I needed to search for something in Russian I didn't bother with Google because their search results were visibly much worse.

Facebook has CIA related people on its board.

That's true. At least in the beginning, there were some people near the CIA on the board and some of the early investment funding came from entities close to the CIA.

However, that's a very old story, I doubt that there is much of a connection now.

While it's quite plausible CIA has penetrated Facebook, the interference is very unlikely coming in through the board meetings.


Really? Which ones?

Poster is probably referring to Peter Thiel who's company Palantir was funded through CIA contracts.

Care to expand on the "theft and premature release of Stuxnet by Israel"? Most information seems to point to it being a joint US-Israeli creation or even primarily Israeli.

We do know for a fact that US General James Cartwright pleaded guilty to leaking Stuxnet. And then got pardoned by Obama.

No, he pleaded guilty to making false statements, not to leaking Stuxnet. More specifically, he admitted to providing classified information to reporters in 2012, over a year after Stuxnet was identified.

Now, whether or not he was guilty of more than that, I don't think we know, but that's often the nature of plea deals.

Good catch, sorry about the fake info!

for example The Equation Group (https://en.wikipedia.org/wiki/Equation_Group), which wouldn't be an organic part of the function or activities of a normal civilian cyber-security company.

While your basic point might be correct, this part is absolutely false. All major security groups actively research all APT groups, no matter where they are from.

For example, here's a 2015 report from (US Company) FireEye[1]. Page 11 talks about the Equation Group (as well as the UK-based Regin group).

It is worth acknowledging that Kaspersky was the first company to identify and name the Equation Group. However, this is likely to be because of the geographical overlap of activities: Kaspersky provides defensive support in Russia and the Middle East where the Equation Group is most active.

This is exactly the same as how Mandiant/Fireeye identified ATP-1 and Cozy Bear/Fancy Bear: they get called in to investigate breaches in the US where those state-supported groups are most active.

[1] https://www.fireeye.com/content/dam/fireeye-www/company/even...

> Kaspersky has been known to collaborate with the Russian government and promote Russian interest

I would like to see some actual evidence of this, instead of just allegations.

How else can you explain their obsessive occupation with The Equation Group, which they themselves claim to be a (US) state actor, targeting other (US-unfriendly) state actors?


An ordinary anti-virus company would never get involved in state-vs-state cyber warfare, let alone pour tons of money into researching it. How does that support their business model?

Do you think it's normal for a commercial company to spend so much time, money, and effort researching areas that have nothing to do with their core business, and will likely get them in trouble with their customers and antagonistic governments?

Are you saying state sponsored malware should not be looked into?

It seems like American companies tend to find Russian state-sponsored malware and Russian ones keep finding US/US allies-sponsored malware.

And in addition Israeli hackers keep on finding malware in locations they've hacked into..... hmmmmm

I could make the very same argument against CrowdStrike, which has been focusing on uncovering Russian cyber attacks. Also here's some "damning evidence", too:

“There’s a Balkanization of cyberspace that’s occurring, and companies need to choose which side they’re on,” said Dmitri Alperovich, co-founder of U.S. security firm CrowdStrike.


Sounds to me like they've "chosen a side", like you're implying Kaspersky has.

This is a lot of BS. Kaspersky have also documented Russian government malware, so that is one nail in a very weak argument.

Having a lot of experience in this space, no loyalties to Russia, and all loyalties to the US, if anywhere, I strongly disagree that there has ever been any meaningful current or historical link between Kaspersky and the Russian government.

Posts like this do not seem to be informed by actual industry experience and those speculations are not even agreeable to those who are suspicious of Kaspersky. You're sharing a lot of FUD.

Well, it makes perfect sense to use Kaspersky then, if you're worried about the NSA. If you're more worried about Russian industrial espionage, on the other hand, e.g. as a US company with trade-secrets, you should probably better go with a US product.

For most private citizens that aren't of particular interest to the Russian government (e.g. aren't politicians, activists, dissidents), Kaspersky seems like an excellent choice.

Every AV product will be defeated by a targeted attack anyway.

Even if Kaspersky still fits your threat model (and it might), this revelation is still an existential threat, and if you use Kaspersky for an institution it's probably a good time to explore alternatives and have a plan for what to use if Kaspersky goes under.

Failing to find Equation Group tells alot about american antivirus companies as well. Who else they are hiding?

Kaspersky, Snowden, Positive Technologies(which are also russian) are doing great service to community. Cyber weapon is still weapon and people should know about it.

Equation Group were making hacking tools so opposing them is what any decent AV company should do. Doing so they protect all their users around the world.

You could argue exactly the same way against US security firms such as CrowdStrike, and a few others, which seem to focus on uncovering Russian malware.

Our company uses the enterprise version of Kaspersky. But if we drop this over surveillance issues then it would be a pretty hypocritical to switch to AV software from the USA. Since they are proven to do the exact thing that Kaspersky is now suspected / blamed of doing.

So, fellow Europeans, what now? Avast? Any other options?

EDIT: Ok so I found a pretty useful Wiki list[1] with European made AV products. I haven't used them so I can't judge to their effectiveness, especially the enterprise versions. But here are some alternatives to US / RU anti virus suites.

Czech Republic: AVAST, AVG, TrustPort

Finland: F-Secure

Germany: Avira, G-Data

Iceland: FRISK (F-PROT)

Romania: Bitdefender

Slovakia: ESET

Spain: PANDA security

[1] https://en.wikipedia.org/wiki/Comparison_of_antivirus_softwa...

This is purely anecdotal, but back when I was doing a lot of Windows sysadmin work (and when viruses were rampant) I wound up tearing through a lot of AV vendors in short order.

Only a handful survived my tests, and now I see them all listed here as European AV vendors. Interesting.

Symantec, by the way, was by far the worst. It got to the point where I would immediately uninstall their products on sight. My favorite was when one of their automatic updates started causing boot failures. That sure kept me busy!

Hire a team from your native country to manually inspect each packet before it is passed on to the client machines.

This kind of Biological neural network isn't always the fastest approach but you can be sure it isn't forwarding all your traffic to the government.

Network security monitoring is fairly common in competent enterprises.

Your ridicule is misplaced. We truly cannot trust the computers we use, from the silicon up.

To call that paranoia isn't naivity anymore, it's foolhardiness.

Standard intelligence practice is to assume that your information is already compromised. All it takes is a mole, or a disgruntled employee and all the cybersecurity in the world is naught. You'd be foolish to think anything else.

Standard Practice is to have honeypots, and watch carefully who puts his paws where..

> Iceland: FRISK (F-PROT)

FRISK was bought by Israeli company Commtouch several years ago. They wound down operations in Iceland to the point that I doubt any real technical work goes on there.

What’s wrong with Windows Defender?

This is the real answer here. For the only alternatives you're forced to trust yet another party and with something like AV that basically equates to the third party having full control over your machine should they decide to do so. At least with Windows Defender you aren't adding another adversary although it seems pretty hypocritical to avoid American AV while still using an OS that the NSA can push updates to.

Get Windows Ten should have been an eye opener for everyone, vetting updates isn't anywhere close to good enough, if Microsoft is compelled to do so they can run whatever they want on your computer.

Use Linux :) there is no other option

Many open source projects are infiltrated. You may use Linux but if you run on x86 you are already owned.

Not via Linux, but via the IME that Intel puts on every CPU with full access to all memory and the network cards.

One source of entropy in Linux is the RDRND instruction. If you control or predict its output you can do a lot of harm.

It really depends on a lot of the software as well. Linux doesn't inherently trust just the CPU instructions for entropy. In fact, it recently borrowed a new feature from OpenBSD and added it called getrandom():


Like what?

I think a Mac would work too, but that relies on trusting individuals.

How would switching to macOS provide any protection against an APT? Against Malware in general yeah sure but against the NSA or FSB in a targeted attack I don't see how that benefits you at all. If the NSA can put the screws on Microsoft then Apple should be no different. Apple refusing the FBI is one thing but faced with a gag order and an NSL their only recourse is to appeal to a secret court that basically always sides with the government.

Also as of late it seems like macOS has been nothing but security incident after security incident like the recent bug where encrypted disks had a password hint of the decryption password or when somebody found out that the system preferences app was basically using an undocumented API that had no authorization at all and gave root access. Or that keychain vulnerability that gave complete access to the entire keychain to anything running in a web browser!

I think an APT would have a field day if their targets started using macOS.

Everyone who think they are safe using macOS should see this presentation : https://www.youtube.com/watch?v=q7VZtCUphgg

Patrick Wardle has reversed the C2 com protocol and found it had "advanced" capabilities (remote exec, key and mouse sniffing, screenshot, etc.). The malware was found on several thousands Macs too (mostly in the US).

Any suggestion a good tools (good source one) on mac that can scan and detect this kind of malware?

the guy in the video has created a bunch of "osx sysinternals" tools for this exact purpose : https://objective-see.com/products.html.

Apple pays people to "astroturf" that they're immune from Viruses and backdoors. IMHO, that makes them much worse than Microsoft.

Well, nothing's totally secure. You can but reduce the odds of having problems and Macs seem to be hit less. For example in the N Korea hack on Sony the Macs survived https://9to5mac.com/2014/12/18/sony-hack/

>“Some people had to send faxes. They were dragging old printers out of storage to cut checks,” she said. “It was crazy.” ... "People using Macs were fine,” she said. She said most work is done on iPads and iPhones.

Perfect is the enemy of good and all that.

>Macs seem to be hit less.

Yes but my point is that this is completely irrelevant to an APT. When an attacker moves from opportunistic to targeted having an OS with a lower adoption rate isn't going to matter. They aren't going after the most amount of victims possible, they're going after you specifically.

Mac? No!! Apple controls every aspect of your life on a Mac. Linux and especially custom built ISO is your only option for privacy.

Plus if you assemble the RAM and processor by yourself, you never know how much viruses are there in our bootloader!

Linux is secure in the sense that nobody can use it.

Yeah - I agree EU software is the safest option: https://medium.com/@zby/the-safest-option-is-eu-software-abc...

Filter on the benchmarks and then dig into ownership and reputation. Bigger vendors have more to lose and more resources to fight legal and cybersecurity issues. Too big / multinational vendors then get leaned-on by national security services with an “include this and give us customer information or we blacklist you” offer.


That is assuming they're not infiltrated, hacked or voluntarily participating of some foreign surveillance/espionage program.

Of those, all but Finland are NATO members.

NATO is a military alliance, not a intelligence sharing agreement. We know that five-eyes intel doesn't go to NATO, and it is pretty doubtful that eg Turkey and Germany share their intel.

It's been shown somewhat recently[1], that German intelligence not just exchanged data with the US, but also collected data for the US services in Germany and worldwide.

[1] https://www.theguardian.com/world/2016/jun/28/germany-curb-s...

Indeed. But this isn't some NATO thing, it's a US/German agreement.

If you must use AV, better look for AV solutions with clear written policies on the information they collect https://www.f-secure.com/en/web/legal/privacy/security-cloud


Article from 2015: "Israel, NSA May Have Hacked Antivirus Firm Kaspersky Lab"


So, if I understand this right... some NSA TAO employee was doing work on their home computer (???), where they installed Kaspersky AV (reasonable), and Kaspersky promptly identified the malware they were working on as malware and uploaded it?

And then Israel hacked Kaspersky 'cause that's what they do or something, found the NSA development malware, and was like "Hey NSA, you should figure out how this got here"?

This seems like a very different story from any of the Kaspersky stuff I've been hearing. I'm sort of surprised Kaspersky had servers vulnerable to Israel, but I'm really surprised it was acceptable for NSA TAO employees to do work on their personal machines. I merely work in algorithmic trading, and everyone in the industry is paranoid about code leaving the building (at least one employer I know of straight-up doesn't have a VPN at all, from what I've heard). How is the NSA not as paranoid here?

>Kaspersky promptly identified the malware they were working on as malware and uploaded it?

If the news story is to be believed, Kaspersky was scanning for classified data using US intelligence codewords as a selector.

>I'm sort of surprised Kaspersky had servers vulnerable to Israel

I'm not, everyone's servers are vulnerable. Intelligence agencies can buy exploits. If they want in, they get in.

>but I'm really surprised it was acceptable for NSA TAO employees to do work on their personal machines.

I don't believe it is allowed. That said controlling access to data is hard, lots of people probably do work at home with classified stuff when they are told they shouldn't.

> If the news story is to be believed, Kaspersky was scanning for classified data using US intelligence codewords as a selector.

Assuming you mean the linked article, it doesn’t say that. It says that Kaspersky uses “silent signatures”, which are supposed to be indicators of malware, but could hypothetically be adapted to search for classified data instead. But it doesn’t allege Kaspersky was actually doing that.

(edit2: But the NYT report [2] does seem to allege that! This reporting is such a mess…)

Apparently, silent signatures are a technique to test new signatures where instead of blocking files with the signature, the AV reports the finding back to a server, allowing the vendor to identify false positives before fully deploying the signature. The question is what exactly Kaspersky is/was reporting to their server. I googled ‘silent signature’ and found a patent [1], issued to Kaspersky, which describes sending only hashes of the executable with the signature. But this article seems to suggest that they were sending the executable in full - at least if the leak of NSA tools occurred via that mechanism. (The article doesn’t say it did, but it sounds like a plausible route for a customer’s executable to find its way to Kaspersky’s network.) If this is the case, it sounds extremely troubling from a privacy perspective even without any intelligence services getting involved.

edit: Actually, I think the body of the patent does disclose sending the whole file to a server, which isn’t mentioned in the summary. The text is a little vague, though.

> If no threat is detected in step 720, statistics regarding the executable file and the frequency of launches of the executable file are collected in step 740. Then, in step 750, the file is downloaded and sent for a further analysis in step 760. After the analysis, either a white list or black list can be updated with a signature of this executable file.

[1] https://www.google.com/patents/US20110126286

[2] https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-...

> But this article seems to suggest that they were sending the executable in full

It doesn't necessarily need to be an executable.

Imagine this filter:

- File type: .docx

- Silent Signature: "TOP SECRET//COMINT//NOFORN"

That means all word documents with:

- the "top secret" classification

- in the "Special Intelligence(ComInt)" area

- marked as "No Foreign Nationals"

will automatically be sent back to servers for review.

Why the heck is a file that says "TOP SECRET//COMINT//NOFORN" on anyone's personal laptop? Isn't that, like, not just a firing offense but also a criminal offense?

Again, in my industry I'm not allowed to take code home with me; I have to remote into work and edit it on my work desktop. And the worst-case scenario of code leaking is basically that a competitor makes money that we would otherwise have made. Can't people who literally have (in their belief, at least) the fate of the free world in their hands be at least this careful?

> Assuming you mean the linked article, it doesn’t say that

It's from the original NY Times article, which is linked to from the WP article.

Pretty much all AV products do this, for "suspicious" files too. Doesn't even need a signature to get collected. This includes non-executables such as docs or pdfs, since those are common 0day vectors.

> ...detected in step 720, statistics regarding ... collected in step 740. Then, in step 750, ...

All line numbers are module zero for ten? Is the code written in BASIC with the anticipation of line additions? I miss my C64!

They also have huge catalogs of 0-days and unreleased exploits, probably, in addition to human intelligence sources within major AV, infrastructure tech companies.

I can think of at least 1 reason why Israel would hack Kaspersky...https://en.wikipedia.org/wiki/Stuxnet#Discovery

>>I can think of at least 1 reason why Israel would hack Kaspersky...

Reason 4512F : Hamas leader uses Kasperky

and so on and on. AVs are in tens of millions of computers and have "license" to go looking for files, to take files out of the computer (talk back to the server) and firewalls let them through because you installed it. What more can you want?

I can't believe nobody else brought this up sooner. This was my first thought.

Perhaps he was doing the bidding of his employers in order to test a theory that Kaspersky was an attack vector?

I mean, this is exactly how you tell if your data has been breached or your source code leaked -- you put fake but unique records in your database then watch the dark webs for folks selling dumps containing those values; and plausible but bogus code containing unique constants then check competitors' binaries against those values.

Real data works too.

Not if your competitors have the same data in their DB.

Acceptable, no. People not following rules, it happens.

some NSA TAO employee was doing work on their home computer

Given that they haven't been charged, it's pretty likely there's more to this story.

Two possibilities:

It wasn't actually their home computer, but it was a non-classified system where code was being move for non-attributable active deployment.

The code was developed or acquired in a non-classified space first.

There are probably more possibilities too. There's some good speculation here: https://www.emptywheel.net/2017/10/06/the-conflicting-homewo...

Given that they haven't been charged, it's pretty likely there's more to this story.

Probably their best employee, his mom died...it was a mistake, a bad one but a mistake. Prosecutorial discretion.


I've been in SCIFs. It would take a lot of effort to make a mistake like that.

No, it's strictly forbidden to access classified information from an unclassified machine. I'm not saying it didn't doesn't happen, I'm saying it's highly against protocol (and the law).

They probably didn't hack anything, they just have people who receive these AV samples as malware researchers. Any intelligence agency worth their money should.

And yes, this is the gist of what's behind all the Kaspersky hysteria. The NSA trying to obscure another extremely embarrassing leak.

Every AV software uploads new detections for analysis. It just so happened that this fool used Kaspersky. It's abundantly clear that behind all the make believe is a mostly incompetent agency that can't keep it's secrets any better than Equifax.

Read the original New York Times story, it gives a lot more technical details on the hack than this one[0]. Assuming the Israeli and NYT accounts are to be believed, this was a very deliberate hack. Israel watched in real-time as Kaspersky sent out searches for NSA codename programs on all computers with Kaspersky AV installed (this was related to the whole Duqu 2.0 intrusion into Kaspersky's network that Kaspersky blogged about 2 years ago). And the NSA tools were some of the files reeled in from those searches.

That said, it's still extremely embarrassing. Why is someone from TAO taking this kind of work home?

0. https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-...

It's the NYT for crying out sake! Unless you believe they have the knowledge on staff to do any sort of original reporting on this, this story is exactly what a "government official speaking on the condition of anonymity" has whispered to them. It's the fricking party line.

It's right there in the article:

    The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules.
There are two options here, obviously. Someone revealed actual classified information, in which case apparently multiple government workers committed a felony to tell the NYT about a story that is entirely flattering for the employer they just betrayed. Or, and given the incidence of "government officials .. spoke on the condition of anonymity" in NYT stories the far more likely option, the press office of the NSA called the NYT, whispered some dangerous words about "off the record" and then delivered the official press release that for some reason they just didn't get to put on NSA website just yet.

This is the NYT writing a government press release into a bad thriller guided not by independently verified facts (how could you) but sheer ideology to fill in the gaps.

> Israel watched in real-time as Kaspersky sent out searches for NSA codename programs on all computers with Kaspersky AV installed

That happened _after_ Kaspersky identified the "NSA codename programs" as malware. That is exactly what an anti-malware application should do: look for instances of known malware.

>Assuming the Israeli and NYT accounts are to be believed,

An assumption nobody who knows anything about history will make.

This shouldn't be modded down.

Security services are completely unreliable and release these things for their own benefit. The question with this is why are the Israelis pushing this now?

The NYT has a poor record on this stuff as does pretty much everyone.



I've seen what now looks like state sponsored bullshit blogs posing as tin foil hatters being posted to HN saying Kaspersky is part of the Russian intelligence apparatus, and that's why the US government pressured stores to remove Kaspersky AV from store shelves, etc etc etc.

Most likely, they did their job, and they did it correctly. The NSA can't really defeat competent AV researchers who aren't even looking at the NSA in the first place.

Whatever the "bullshit blogs" might be (I haven't noticed these stories, but maybe you can provide links?), they're in good company now, because that's more or less the story the NYT, WSJ, and WaPo have developed.

There's not a lot of attribution going on here, though. Take the WaPo story, they just tell us what's possible and leave us to draw conclusions ourselves -

“That’s the crux of the matter,” said one industry official who received the briefing. “Whether Kaspersky is working directly for the Russian government or not doesn’t matter; their Internet service providers are subject to monitoring. So virtually anything shared with Kaspersky could become the property of the Russian government.”

Late last month, the National Intelligence Council completed a classified report that it shared with NATO allies concluding that the FSB had “probable access” to Kaspersky customer databases and source code. That access, it concluded, could help enable cyberattacks against U.S. government, commercial and industrial control networks.

Kaspersky is pretty well known to have a close relationship with the Russian government, though. Hell, Kaspersky himself used to work for Soviet military intelligence. There's several articles cited here: https://en.wikipedia.org/wiki/Kaspersky_Lab#Allegations_of_t...

I'm not saying Kaspersky is a part of the Russian intelligence apparatus, but I wouldn't trust them to report on Fancy Bear campaigns, nor would I trust their AV software if I were a particularly juicy target.

> Kaspersky himself used to work for Soviet military intelligence

This is straight up not true. He studied at an institute that was administered by the KGB.

They are not known for any such thing, and Eugene did not work for military intelligence. He has addressed this many times.

The DHS is "tin foil hatters"?


> The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.

> The DHS is "tin foil hatters"?


To be fair, that is kind of their job. I don't suppose their precept says that they should be paranoid and believing in conspiracy theories - in those exact words. But, that seems to be how it is manifest.

I guess Kaspersky is rumoured to be to the Russian government what Apple / Google / Microsoft / Facebook are proven to be to the US government.

Secret FISA courts rule away all of your basic privacy rights? Fear not. Russia is the enemy.

Correct. Russia IS the enemy.

Secret warrants by a secret court is also the enemy.

One is just more important and dangerous than the other (look out of the window).

Perfect example of whataboutism BTW.

Russia is the enemy of the state, not your enemy. The state also thinks of you as an enemy. You really shouldn't be afraid of a foreign state, your state is the only real threat to you here.

But Russia can and would turn against you if they thought you could be useful to them. You should be afraid of both.

Except Russia doesn't give a rat's ass about little you. The NSA on the other hand...

>One is just more important and dangerous than the other

Not if you're not American. The American government has shown it doesn't care at all or stop at anything to promote its self interest through American made software outside the US.

I wrote on this before.

Somebody is going to be on top.

Would you rather have US, Russia or China be the superpower?

How about none of them? Your premise is wrong.

> Russia IS the enemy

In what sense?

In a very direct sense.

It's a de facto totalitarian dictatorship. Its proliferation harms human rights, poses real danger to Ukraine, claims lives. ( https://en.wikipedia.org/wiki/Casualties_of_the_Ukrainian_cr... , corruption also claims lives https://www.youtube.com/watch?v=3eO8ZHfV4fk )

You could say a lot worse about many US allies. Saudi Arabia anyone? Human rights are irrelevant when the US government decides who is an enemy and who is an ally.

But you could say much of the same about the US.

Much of the same?

Do you refer to military intervention in Iraq, Afghanistan, Yemen, Syria, ...?

Do you dispute that these countries/areas are/were different from Ukraine?

No you couldn't. This is from the point of view of the US state. The US is not a direct enemy of the US.

You are right. It's not so black and white.

One fact you can't argue with is Russian government is telling their people US is the enemy.

Follow @JuliaDavisNews . She posts gists of Russian state-controlled TV.

If it's not US, it's EU/NATO/gays/"democracy" (I'm not kidding you about democracy)

When has the Russian government ever said the US was the enemy? The only saber rattling sound is coming from Washington.

Israel (Mossad?) can hack something in Russia, see tools and recognise those tools as top secret NSA gear. Do you wonder how they made that recognition? Were they shared with Israel so they knew, in which case the source could have been Israel being hacked, right? Or they knew because hacking the NSA is something multiple nation states have done. I'd be completely amazed if the NSA wasn't absolutely full of spies acting for foreign powers and organised crime.

At this point should you just fire everybody in the NSA and start again? If not, why not? I'm struggling to see genuine competence in improving the security of Americans amongst the constitutional attacks on the citizenry, attacks which most definitely have the opposite effect.

I can look at a Git commit and tell you exactly which of my coworkers wrote it without looking at %cn. Code has style, like spoken language has accents.

One could argue that e.g. German spy tools copy the American style so that those decompiling it will think it is American. I argue that is a lot harder that it sounds. Code style is much deeper than whether or not to use braces around lone if clauses. The whole way of thinking, layout of data structures, use of getters/setters or properties, breakdown of what goes where and into which classes, breakup of large methods, etc etc etc. These signatures and many more give one a feel for the software's origin. Not proof, but a very solid foundation for suspicion.

You might find De-anonymizing Programmers via Code Stylometry ( http://www.princeton.edu/~aylinc/papers/caliskan-islam_deano... ) an interesting read.

I suspect that coding style guides are detectable in compiled output too.

As an aside, a bit that caught my eye here:

> This material is based on work supported by the ARO (U.S. Army Research Office) Grant W911NF-14-1- 0444, the DFG (German Research Foundation) under the project DEVIL (RI 2469/1-1), and AWS in Education Research Grant award.

>I suspect that coding style guides are detectable in compiled output too.

I strongly doubt that (while I concur that source coding style is often recognizable).

More or less a decompiler (when it works properly) attempts to interpret the machine code and translate it into the source. In order to do so, it must have some "templates" corresponding to regognizable "patterns" in the code, so the source derived from the decompilation will reflect these templates and not the "original".

Israel is listed as an "observer" in the Five Eyes alliance.

So yes it's quite likely that the US et al have shared assets with them.


Governments never fire spies. They move them to reserve and pay them good pensions.

Kaspersky Finds New Nation-State Attack—In Its Own Network


"There was one victim, however, that didn't fit the profile of other targets. Raiu says this was an international gathering for the 70th anniversary of the liberation of the Auschwitz-Birkenau concentration camps"

"But perhaps the most interesting targets were the venues hosting the P5+1 meetings. P5+1 refers to the five permanent members of the UN Security Council plus Germany, who have been in negotiations with Iran over its nuclear activities."

In fine, that NSA is not that super agency filed with very talented n math/crypto/cs people like the majority depict in their mind. They are employing average folks who use average tools and get caught by average issues. The only difference might be that they are educated and trained to be very efficient at doing one very specific job and that's all.

It's the same with any such "mystical" organisation. There are no Hollywood super-humans anywhere. It's regular people cooperating and doing their jobs all the way down.

Part of the problem is the push to let the "free market" fix the government, to outsource many facets of the government to contractors. This has led to corruption and fraud amongst the contractors:


They're similar to Google/Apple/Facebook in that regard. Sure there are some great people there, but most devs are just going to be average.

I can't recommend Empty Wheel enough for in-depth analysis on these stories. For example: https://www.emptywheel.net/2017/10/11/on-the-kaspersky-hack/

These stories still are almost certainly revealing just a fraction of the story. All ignore Kaspersky’s reports laying out US and allies’ spying tools (explaining why Israel might hack Kaspersky and share the details, if not the work). And the most logical explanation for the FSB démarche is that Kaspersky — as they said at the time — reported the hack to their relevant law enforcement agency, which is the FSB, who in turn yelled at the CIA.

See also: https://news.ycombinator.com/item?id=15441516

It would be really surprising if Kaspersky survived this.

If he is forced out of the antivirus business then he and his staff could potentially do blackhat stuff. I suspect that everybody would loose from such a development - because a very competent guy he is. (one is supposed to think in terms of capabilities when thinking about security related stuff ;-)

We saw a similar situation with the Russian rocket and nuclear scientists who lost their jobs after START I. Many of them started providing knowledge to rogue states and in at least one incident, to a private 'organization'.

One would hope that we are more careful with removing Kaspersky and his brilliant employees' legitimate professions this time.

Do you mean the company or the man?

The company. The man will be fine.

Why would they be done for? If they are basically funded by the FSB then they can't really die, no? Or is it more that it's over to them wrt running in the USA in general

They are not funded by the FSB. Not even Washington thinks that. They're a very successful multinational antivirus company, and they make one of the least bad products in that space.

Russian institutional and government contracts are their major revenue stream. There is about 0% chance for any Western company winning any of those, regardless their technical merits.

In the case of McAfee, the man and company both have terrible reputations. And quite frankly deserve them

Tell that to McAfee

What about McAfee? He divested from the software/company shortly after it was created. He has a colorful personal life, but I doubt that has much of anything to do with the software that he hasn't been involved with for a around 2 decades.

(Other than the software made him rich/a minor celebrity.)

> He has a colorful personal life

I think the gp was referring to what accusations people have made of McAfee since he sold the company.

Showtime aired up a documentary[1] about him. I think "colorful personal life" can only be interpreted as a euphemism since he was accused of murder, rape, running a local armed gang, fleeing the country from the police, etc.

I have no reason to believe Kaspersky will have similar issues as I suspect McAfee was eccentric from the start.

[1] http://www.sho.com/titles/3437264/gringo-the-dangerous-life-...

No euphemisms here. Perhaps you are unfamiliar with this definition of colorful?

>Involving variously disreputable activities.

He also ran for POTUS as a Libertarian.

He was born in Scotland so that was never going to work, lol

Born on an Army base to an American father. John McCain was born under similar circumstances, Ted Cruz and George Romney were both born abroad and neither was seriously considered disqualified. The only difference between McCain and McAfee afaict is both McCain's parents were US citizens at the time of his birth. That may be relevant, that part of the law can change, but simply being born oversees doesn't stop a person from being a "natural-born citizen".

Didn’t know that, cool!

I’m not American so not that clued up on the specifics.

Its a common misunderstanding among Americans "you have to be born in the US to become president." I'm not sure where that came from but it's not exactly true. The Constitution says you have to be a "natural born citizen" to become president. "Natural born citizen," however, is not defined.

IMO, I think the reason it wasn't defined is because the meaning is obvious, there's two ways to be a citizen, - by birth ("natural") or by naturalization.

Tons of discussion on the topic here: https://en.wikipedia.org/wiki/Natural-born-citizen_clause

As mentioned above, Ted Cruz was a serious contender for POTUS yet was born in Canada as well as George Romney, who was born in Mexico. Those two about as close as we got to "settling" the issue.

John McCain was born in the Panama Canal Zone which, at the time, was an unincorporated territory of the United States. Does that "count" as being "the United States" if you're going to interpret "natural born citizen" that way? People may disagree. They also may disagree if military bases "count" the same way as the Panama Canal Zone. https://en.wikipedia.org/wiki/Panama_Canal_Zone#Citizenship

US Senate passed a non-binding resolution that McCain was a "natural born Citizen" of the United States.

There have been several Presidents who have one non-citizen parent, the most recent being Barrack Obama.

Hah. If anyone can figure out what category of people McAfee is a bellwether for, I'd like to hear it.

Good riddance.

What was so bad about Kaspersky that you consider it good riddance? I recall reading about legitimate good security work and breach investigations from them just a few years ago. It's not like anybody forced you to use their software.

I agree on the high quality research etc but personally I dropped Kaspersky products for the same reason as the original Norton Antivirus products, they became obnoxiously loud with unnecessary notifications. Kaspersky ramped up their annoying notifications that I went from recommending it in small corporate environments to not even mentioning it.

Antivirus/antimalware is incredibly important, but it should generally be silent and protect a system.

For whatever it's worth, my employer forced me to use their software. My 2015 MacBook Pro would regularly grind to a halt. We recently switched, hopefully for the better.

The fact that they collaborate with the Russian gov't secret services.

You mean you can't even stand their mere existence even without ever actually touching any of their products? Note that I'm not asking why you're not installing their antivirus, I'm asking why you don't want them to exist...

I don’t because they are collaborating with a fundamentally dictatorial gov’t.

If you want a slightly more nuanced understanding of Russia, I found this quite good as a crash course to why Russians like Putin:


Are you referring to the US Deep State? The one who has secret FISA courts and secret laws to protect the NSA?

Yeah, and Israel too in Russia.

I mean what could happen from here. Even if NSA get evidence that their networks were hacked without doubt, which is a hard thing in itself as there are thousands of vectors and even harder is to say that it had been directly done or funded by Kaspersky, they are likely not going to expose themselves in court. Israel has even bigger reason, considering Kaspersky has at least some relation to Russia.

Also, there is evidence that NSA attacked Kaspersky first, which gives them a very good reason to carry out a counter attack to secure themselves.

What does that even mean? A "counter-attack to secure themselves"?


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact