Hacker News new | comments | ask | show | jobs | submit login
Eugene Kaspersky: What Wired Is Not Telling You (kaspersky.com)
160 points by jonemo on Aug 5, 2012 | hide | past | web | favorite | 80 comments

Original WIRED article looks like argumentum ad hominem attack on a technology company for its alleged links to Russian government.

It is sad that propaganda war between the US and Russia is spreading to 'technology' news media. We are better off discussing technology, not politics.

Discussing technology without politics is sticking your head in the sand. Technology has a political impact, and technological choices are politically influenced.

Half the topics on HN would be very different if you took away the political context. Unless you only want to discuss programming languages at an academic level, it's almost impossible to ignore the politics.

"...and technological choices are politically influenced"

Nope. Technological choices are solely influenced by the problem one is trying to solve. The course of war, peace and espionage may be determined by politics but the choice of technology is totally influenced by the problems war and espionage may present that technology needs to be able to solve. You can't build a "liberal" radar or a "conservative" radar or a downright "communist" radar. You can just build a radar to detect aircraft.

You're seriously suggesting cyber security research has nothing to do with politics?

Technology is not an independent force of nature. It's the product of people, and people are inherently connected to politics.

People: let me provide a little advice, please. If you click on the poster's name you can see their avg karma. You don't have to respond to just any dumb thing said out here, especially not when a person's comments are consistently voted as not useful -- e.g., photon137. That's why those scores are public.

When someone tries to cast a complicated political question like this in terms of yup and nope, just assume they are a dumbass and move along. And have faith that other reasonable people will do the same.

Really? You've to resort to name-calling rather than provide a logical argument as to why my statements would be wrong?

Would you have called me a dumbass if we'd have met in real-life? Or would you have been more civil?

Should I assume this representative of your behaviour towards people you haven't met face to face? Or do you think people have a "karma" number floating on top of their heads when they walk about?

First, I didn't say you're a dumbass. I said, assume that the person is a dumbass. In real life, yes I would assume that you're a dumbass if you had given this kind of argument.

I also would have ignored you and moved on if I had heard you giving this kind of opinion. If pressed to give a response, I would have said it's not a serious argument. And the point is that people don't have to respond to everything that is said, and additionally, it's preferable that they don't as that leads to wasted efforts and irrelevant discussion. I was responding to the effort dedicated to your argument.

Personally, how I determine whether or not an argument is dumb is if the first formulation of the argument does not consider and respond to the most obvious challenge. Yours does not consider for example, that a nobody would be making a radar dish if it weren't for politics, not does it consider that the whole history of technology has been driven largely by military (and thus, political) needs. That seems to be a very obvious hurdle to your argument, which as I understand it is basically a semantic game where the term "technology" is confined to "a technician and the breadboard or terminal in front of him/her."

That you kicked off a semantic exchange with a flat out "nope" just seems smug, making it all the more amazing that the subsequent argument was so naive.

Actually, let me just say this: I'm sorry I called you a dumbass. That was out of line, regardless of what I think about your argument or the way you presented it.

I'm sorry.

1. Ad hominem isn't really a good argument for ignoring a poorly composed post. 2. If you think that avg karma is a good metric for measuring the usefulness of a comment, you might be confused about confirmation bias...

1. The argument isn't to ignore the comment because the author is dumb. The argument is to ignore the comment because the comment is dumb, prima facie. That is, a reasonable person who has thought about the issues at hand would easily conclude that the comment is not the product of serious effort or consideration.

2. I'm offering a heuristic, not correlation.

Backpedaling when it's plain to see that you called him a dumbass doesn't work. You didn't attack his comment, you attacked his history of posts, using a flawed metric.

photon137 and eli have the same average karma.

I don't know if I was mistaken then, but I thought it was < 2.0 when I looked previously.

OK, interesting. I've averaged >10 karma per day for the last 3 years but my per-post average karma is pretty low. (Also "average" karma is calculated a bit strangely http://news.ycombinator.com/item?id=3148927 )

I'm seriously suggesting the underlying technology has nothing to do with politics. One can discuss buffer overruns and CSRFs and what not without any political overtones whatsoever (or should be able to).

There is no area of human life that hasn't been impacted by technology and very few of them actually involve politics in the traditional sense.

Forgiving tech media that covers political stories in the guise of "tech" news because tech is "inseparable" from politics is naive, at best. It is separable and should be. But then again, I understand media is indeed inseparable from politics.

"...people are inherently connected to politics."

I disagree. This varies from society to society - it might be true for America, not true for other places. People in those places know what the sphere of influence of politics is and many areas are totally separated from politics. In the US, in contrast, almost anything can be (and routinely is) made a political issue.

I'm reminded of this quote:

"Your question is: why am I so interested in politics? But if I were to answer you very simply, I would say this: why shouldn't I be interested? That is to say, what blindness, what deafness, what density of ideology would have to weigh me down to prevent me from being interested in what is probably the most crucial subject to our existence, that is to say the society in which we live, the economic relations within which it functions, and the system of power which defines the regular forms and the regular permissions and prohibitions of our conduct. The essence of our life consists, after all, of the political functioning of the society in which we find ourselves. So I can't answer the question of why I should be interested; I could only answer it by asking why shouldn't I be interested?" - Michel Foucault

I agree politics is a very important part of our society and people should be interested in it.

But technology is a means to solve problems whether they're presented by the struggle of humans to make their life better against the elements - in which case the solution would ought to be non-political - or whether they are presented by humans living, interacting and governing themselves in a society - in which case a solution may be driven by politics but is a solution nonetheless.

A blueprint of a missile doesn't say that it's driven by a particular ideology - it's just a solution for a political/social problem. Anyone can discuss it without involving politics. However, humans by their very nature add context to things (in this case, it'd be political) and that's perfectly alright. My argument is - ok, it is possible to discuss these things productively without involving politics or political opinions at all.

Huh? What is your definition of "politics"? What society are you thinking of? North Korea? Even there (maybe especially there) politics plays a huge role in technology.

True, but you can build a radar that displays flocks of geese as F-15's (to make up a bogus example) if that satisfies the needs of your client.

Ignoring the non-technical aspects of technology is as short-sighted as ignoring technical aspects you don't happen to care for.

> Nope. Technological choices are solely influenced by the problem one is trying to solve.

Let me guess: you've never worked in government contracting before?

My statement still holds: the lowest quote is part of the problem.

(And to answer your question: nope - and I hope not to).

Right. So you're not aware of Richard Stallman? You've never met a rabid 'M$ $UX!' guy?

I can still write software, discuss ideas and think about architecture etc etc. while totally ignoring both of those guys.

Academic politics are just as ferocious as country politics and in many cases (e.g. global warming) almost inseparable.

Is there really a propaganda war between the US and Russia (in the technology space)? I've worked with a few Russiana and they were all dedicated professionals. I've worked with a lot of Americans and a few of them were criminals. I suspect that if I worked with enough Russians, I'd eventually run into a small percentage who were criminals too.

Let's just agree that any population is going to have a few and stick to having technology discussions here.

Turn it in a new direction. How about the US and China? There have been some interesting articles posted here recently about Chinese and American technology, especially when it comes to Chinese manufacturing products used by US. And the IP issues have definitely become political, with propaganda on both sides.

You're confusing spheres. Propaganda and geopolitical intrigue is completely separate from crime.

I had a print subscription to Wired the first year it came out. IIRC it was fairly political even back then.

For anybody else who missed the original article, this seems to be it: http://www.wired.com/dangerroom/2012/07/ff_kaspersky/all/

A while ago I thought about what a perfect gateway Antivirus software would make to gain access to millions of machines. In order to stay up to date they are allowed to make regular calls home, are proprietary, and most often for end users even given away for free. Motivated by this post I just went through a list of the Worldwide Antivirus Vendor Market Share[1], looked up their country of origin, and I have to admit that I find the fragmentation of the industry and the internationalization quite remarkable. Of cause I have no datapoints for comparison, but I still find it interesting that so many nations are home to their very own Antivirus software provider.

Company Marketshare CountryOfOrigin

AVAST SOFTWARE 12.37% Czech Republic

AVG TECHNOLOGIES 12.37% Czech Republic

AVIRA GMBH 12.29% Germany

MICROSOFT CORP. 11.24% United States

ESET SOFTWARE 9.98% Slovakia

SYMANTEC CORP. 8.77% United States


MCAFEE, INC. 4.50% United States


COMODO GROUP 2.79% United States

TREND MICRO, INC. 2.15% Japan

PC TOOLS SOFTWARE 2.00% Australia


SOFTWIN 1.11% Romania

F-SECURE CORP. 0.95% Finland

OTHERS 6.16%

[1] http://www.opswat.com/sites/default/files/OPSWAT-Market-Shar...

Microsoft Security Essentials was(and I believe still) developed in Israel.

Schachman alleges that Medvedev's visit to Kaspesky Lab and work for Russia's major government bank somehow means that Kaspersky has nefarious links to the government. This is baloney. It's like saying if Obama visits Facebook or Google headquarters these companies now are CIA outlets, or saying if the Fed hires Symantec to secure their networks Symantec is now linked to US government.

Of course Central bank of Russia would hire leading Russian security company to secure their network, who else they would hire? What's surprising in that? Of course leading politician may visit a company that is internationally known for its success, especially Medvedev who insisted on emphasizing the "modern hi-tech president" image. Cooperation between security researchers and cybercrime divisions of security services is also nothing new - what else security researchers would do with their findings? They can't prosecute computer criminals themselves... And of course they would get licensed by Russian security services - how else one could get government contracts, which in every country are not negligible source of income for many companies?

Making it sound as if pretty standard business practices and realities - which apply both to such undeniably corrupt country as Russia and to the US and to many other developed countries - as a sign of some ominous secrets is a journalistic malpractice. It may sound to somebody uninformed as there's something shady there - but in fact there's nothing in all that stuff. There might be secrets hidden somewhere - but Schachman findings are extremely weak in that regard.

> It's like saying if Obama visits Facebook or Google headquarters these companies now are CIA outlets

I feel like you should have used a better analogy, since Facebook is effectively a CIA outlet. They received funding from them.

got a citation?

Facebook at one point took some funding from some people who had some tenuous connections to the CIA's VC fund. Saying they are a "CIA outlet" is pretty far out into Alex Jones conspiracy theory territory.

There were 15 different Federal Intelligence agency just in the DC White Pages! You think all the employees of 15 different Federal Intelligence agencies (that they admit to, or all the private subcontractors like BLACKWATER) take no secret actions?

All those reflexively flinging "conspiracy theory" labels are just sheep in deep, deep denial.

You are using false dichotomy here. Intelligence agencies, of course, perform clandestine activities. That does not mean these activities are in the form your favorite conspiracy theory describes. E.g., they probably watch persons of interest, but no, they probably are not in the least interested in your facebook updates, unless you happened to maintain active email correspondence with Usama Bin-Laden circles.

Ah, of course... so that means the fact that there's no evidence to support you theory is itself evidence to support your theory. Ingenious!

Do you really believe Facebook is not sending all their data to CIA?

Yes, I do. What CIA would do with so many lolcats? Unless they found a way to make lolcat-powered drones, in which case it is really scary.

Seriously, though, what CIA would do with such amount of useless data? I could in principle believe Facebook cooperates with targeted surveillance requests (though doing something secret on facebook is incredibly stupid, but there are stupid terrorists too), sending all their data to CIA would be pretty useless.

Information is power. And the guys in and around CIA are starving for power.

The CIA doesn't have the infrastructure for that. FB just holds the data on their own servers and lets the CIA look at it there.

Seriously? The combined annual budget of CIA, NSA, FBI, Pentagon, occupation forces, etc. is around two trillion $ per year, but they don't have the infrastructure ...

Hm, NSA, possibly. FBI, no. http://arstechnica.com/information-technology/2012/07/how-fb... CIA, probably not much better off, for the same reasons.

>And Kaspersky agreed to appear in a documentary that used his son’s abduction as a prime example of why social networks are dangerous. Those are facts that neither he nor I can avoid.

It's sinister that Kaspersky appears in a documentary talking about privacy concerns? Shachtman's really grasping at straws.

It's sinister that he's using it to argue that access to the Internet needs to be tightly monitored and controlled, especially as we're talking about Russia where (for instance) if people couldn't use the Internet to broadcast messages that were hard to trace we wouldn't have all gthe photographic evidence proving massive ballot-box stuffing and electoral fraud in the last election that we do have.

That was a quick rebuttal. It was also awful. The author fails to counter point by point Kapersky's detailed response. Shachtman comes off as arrogant and defensive.

It wasn't any worse than Kapersky's rebuttal, which also didn't counter point by point the article other than generalized statements, i.e. "registered in Great Britain" so obviously we are on the up and up, "I really like Facebook", etc.

Just he said, he said until one of the parties actually releases documentation (Wired can release emails showing Kapersky's co. cooperated closely with the fact checking, Kapersky can release docs to show the opposite, etc.)

As someone who is a casual reader of Wired and knows little about Kapersky, I don't know who to believe. Russian stereotypes and the current actions of Putin's government would push me towards believing the Wired article but that doesn't make me comfortable enough to say anything with confidence.

"registered in Great Britain" isn't a generalized statement, it's a fact.

Shachtman paints a picture of Kapersky being in bed with the Russian government around innocuous anecdotes such as a government contract and a Christmas card.

The onus is on Shachtman to provide compelling evidence for his assertions. In my opinion he has failed to do that.

The generalized statement is Kapersky's assertion that being Registered in Great Britain means they aren't doing anything nefarious or unethical. Just because they are registered in the U.K. doesn't mean they are clean, I'm sure there are plenty of companies registered in the U.K. that are up to no good.

Shachtman may have failed to provide compelling evidence for his assertions, but in my opinion, Kapersky's rebuttal was very weak and did very little to prove his case.

Frankly, both rebuttals were weak and probably written in haste without examining how they would come across to an impartial third party.

I didn't get the same generalised impression. His point was his company is governed by the laws of Great Britain not Russia. So if some sort of law was broken, he could be held accountable in Great Britain. The article implies his company can run amok under the guise of a russian corporation and be protected by the Kremlin. His rebuttal asserts this not to be true rather directly.

Except that we've seen Western companies act with nearly complete impunity in highly regulated industries (most recent and notably in the banking industry in both the U.S. and the U.K. as well as companies with close gov. ties like Blackwater). And although it's registered out of the U.K., it's operating mostly in Russia. It could run amok and the U.K. courts would have a difficult time even investigating any possible transgressions, especially if the company is as close to the Kremlin as the article implies.

Instinctually I trust a company run by a former Soviet intelligence officer just as much as I trust a company run by a former CIA or MI-6 officer, which is to say very little and I would assume said companies would cooperate fully with most government requests or initiatives with little resistance.

That's not to say the Wired article isn't bunk, it may very well be nationalist fud.

How could one prove that one does nothing unethical? The onus of the proof is always on the accuser - if you accuse somebody on doing unethical stuff, bring your proof.

Just because they registered in UK doesn't of course prove they are clean, but it indicates that if there were some shenanigans, it would be easier to uncover them than if they were registered only in Russia or some offshore. Since nothing was uncovered so far, it serves as evidence - though not proof - that there wasn't anything to uncover. Of course, this evidence can be trampled by the evidence to the contrary - but this wasn't done.

But would you assert Shachtman's proposition is true because it has not yet been proven false?

Absolutely not. The burden of proof is on Shachtman.


" Just because they are registered in the U.K. doesn't mean they are clean, I'm sure there are plenty of companies registered in the U.K. that are up to no good."

Definitely. There are UK-registered companies that are little more than shells, but are connected to arms dealing organizations and similar.

Did you notice tag "Crazy Ivans" below the article? That's pretty offensive...

Looks like it's a recurring tag for Wired: http://www.wired.com/dangerroom/tag/crazy-ivans/

I guess somebody at Wired thinks they're being funny. IMO they're being stupid.

C'mon people. How many "former" KGB agents do you know go completely legit and not have some ties to the Kremlin? Unfortunately, their track record with former spies is pretty well documented.

Once an agent, always an agent.

What? How many former KGB agents do you know, period?

C'mon, you surely must know that the KGB outlet he graduated from was a math school on steroids, not the 007 training facility. The chances of him still being an agent because of that are well comparable to being simply hard-pressed into cooperation after his company acquired a momentum.

Most of the famous "Cambridge Five" studied languages and history and were some of the most successful Russian spies of the 1950's. Just because he studied math does not excuse him from his association with the KGB.

I'm not saying he's still active, but those relationships are for life, and you don't just walk away from the KGB/FSB unscathed. Just ask Alexander Litvinenko.

You are refuting a point that I didn't make.

They are all evil, yeah. But their girlfriends are always pretty (just watch the Bond movies)! ...

Kaspersky was definitely not the first to document Flame[r]: http://www.crysys.hu/skywiper/skywiper.pdf

They may simply have been unaware of other documentation on it.

Or too proud, of course.

I have no doubt that Kaspersky has close ties to the FSB and Kremlin. Just as I have no doubt that U.S. security companies have close ties to the CIA/FBI. Pick your poison.

The tag on the Wired rebuttal to the rebuttal: Crazy Ivans.

That's just bad. I really thought Wired were above that. I guess I was wrong.

Both sides are weak. Sounds like a personal thing frankly.

I hate to break it to him, but Indiana Jones is a fictional character and, were he a real person, would have been considered a terrible, terrible archeologist -- on par with 19th century "archeologists" who dynamited ruins and chiseled choice bits off monuments.

So, basically, you are saying that Kaspersky thinks that Indiana Jones was real. What a thoughtful nitpick.

No, that Kaspersky used a bizarre example to illustrate a dubious point.

For the same reasons that I expect Kaspersky corp to be attached at the hip to the FSB, I expect Oracle and Facebook to be attached at the hip to the CIA.

Did he just use Indiana Jones (a fictional character) as a precedent for himself?

I don't find it unusual. He's building rapport with a reader base by referencing american pop culture, and possibly knowing that many linkbait-y blogs will jump on this as a hook. Nothing too weird, but imo more of a way to bring publicity to his rebuttal than an actual argument point.

To me, it seemed rhetorically counter-productive, but its a minor point really.

I don't see why using a fictional character to make this point is harmful. A much wider range of people know who Indiana Jones is than who (take your pick of experts consulted with by a government) is.

Because he chose a more widely known (albeit fictional) example, more people are able to better grasp the idea he is presenting. It's just good communication.

Another good reason for using fictional examples when it fits your argument is that their contexts are more limited and less likely to trip context-driven ideological or emotional biases.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact