Hacker News new | comments | show | ask | jobs | submit login
mediawatch on Nov 13, 2017 | hide | past | web | favorite

I don't think the two cases are comparable.

kaspersky's link with russian hackers:

>the program searched for terms as broad as “top secret,” which may be written on classified government documents, as well as the classified code names of U.S. government programs

cia plot to implicate kaspersky:

>Three examples included in the source code release built a fake certificate for Kaspersky Lab

the former proved that kaspersky software had capabilities to find and steal sensitive information, whereas the latter is a weak attempt at implicating kasperksy (it's a self signed certificate). they just needed a non-american security vendor to "implicate" so an american vendor isn't taking the heat. the best company for this purpose was kaspersky.

(note: am currently employed by a kaspersky competitor, opinions my own)

exactly. as far as i can tell, this cert was created to impersonate kaspersky to silly middle-boxes and wireshark-using admins, who might just look at the name in the cert and not check whether it was valid.

it makes sense for a random endpoint to be contacting your AV vendor's infrastructure, so it's a reasonable way to hide. (other reasonable targets, like, say, windows update, might be disabled or managed by the enterprise)

there doesn't seem to be any intent at all to impersonate kaspersky w.r.t. attribution of malicious actions. rather, it's an attempt to hide malware c2 traffic as legitimate av traffic.

the narrative being pushed here seems to be an honestly transparent attempt at misinformation, borne out of... either a significant misunderstanding of the situation, or, as much as i hesitate to say it, intentional manipulation.

wouldn't be surprised if some target happened to be using kaspersky, and this cert was created specifically for that.

(also might point out that the original poster's account appears to entirely consist of submissions from their personal blog, which doesn't seem... great?)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact