back to article On Kaspersky’s 'transparency tour' the truth was clear as mud

Attribution is one of infosec's biggest challenges: experts struggle to identify the source of attacks and only do so when they feel the evidence is insurmountable. Yet on Kaspersky Labs' "Transparency Tour" the company has advanced an explanation of its recent woes with no evidence at all. The Tour is an effort to persuade …

Page:

  1. TonyJ Silver badge

    But...

    ...you could say that any software vendor from the OS to applications and AV could be used in the same way.

    I'm not so sure they protest too much. What is clear is that they've butted heads with the likes of the NSA (remember when they exposed the equation group, as documented here on el reg.

    Nor am I convinced that just because they are in Russia, it's easier for the government there to put pressure or infiltrate them. Are we honestly to believe that the USA, UK etc wouldn't/won't/don't do the same kind of thing?

    It's also worth noting that the Polish have a very low opinion of Russia (for very good reasons) so there's certainly an axe to grind there.

    I guess like everyone else, I don't have the answers, just more questions, but I'm still on the fence with regards to them being any more dangerous (or less) than any other company.

    1. Christian Berger

      Well the big difference is...

      ... that as a German, my government probably would protect me from the Russians, but it surely wouldn't protect me from the US. So if I only had to choose between those two options, I'd rather have the Russians have my data.

      Though it's likely that the secret services have a good working relationship with eachother, so my data will end up in everybodies files anyhow.

      1. big_D Silver badge

        Re: Well the big difference is...

        @Christian the German Government won't protect you from themselves! :-D

        The courts have twice told them that the Bundestrojaner is illegal... But they are trying to push through yet another law to allow them to use such technology (I believe Bayern / Bavaria has already "legalised" it, although there is still the opportunity to bring that before the Constitutional Court AFAIK).

      2. Giovani Tapini

        Re: Well the big difference is...

        Well, they probably don't KNOW they have a good working relationship. The FSB and CIA spy on each other all the time, however it is not always given the gloss of the term collaboration though!

    2. big_D Silver badge

      Re: But...

      They got into trouble in Germany as well, because they marked the "Bundestrojaner" (State Trojan, a program used by the BND and police to infiltrate PCs of suspects) as malware, which didn't go down well in political circles.

      1. MonsieurTM

        Re: But...

        *Evil* Kaspersky telling us about trojans! Bad Kaspersky, and thus evil Russians!

    3. mutin

      Re: But...

      Well, two important topics are forgotten:

      - Kaspersky himself had and has friends in FSB. It means he will do what they ask for

      -They did not promise to stop sending information from user computer to Kaspersky data center(s), which where ever it/they is/are or will be will send info in Moscow. Where it will be available to Mr. K FSB friends. The same way they grabbed NSA info from stupid NSA contract facing bars. Running on government computers they will collect confidential info and send it ... I really to not care about my "personal" info. I simply know that "privacy" is good to believe in but does not exist anymore. But I think any government info should not be widely available. Mr K lovers can download and use Kaspersky company software.

      As soon as the company moves its headquarters in EU, and developments as well, and Mr K steps down, the problem will dissolve. But that won't happen simply because they use the company as FSB helper.

      1. MonsieurTM

        Re: But...

        So, you prefer preven US lackies to unproven Russian lackies, eh? Damn glad you are not in power...

  2. DavCrav Silver badge

    "Are we honestly to believe that the USA, UK etc wouldn't/won't/don't do the same kind of thing?"

    Do I believe that the UK government would murder your family if you say no? No, I really don't.

    Do I believe that the Russian government would murder your family if you said no? Well, they have done on several occasions.

    1. TonyJ Silver badge

      "...Do I believe that the UK government would murder your family if you say no? No, I really don't..."

      Unfortunately, I do believe that.

      Remember all the questions around Dr Kelly (weapons of mass destruction)?

      Remember the questions about the young MI5 agent found in a sports bag he'd apparently managed to zip up completely from inside?

      I am sure there are others if we look a bit.

      Of course, I am not saying these are in any way proof of such actions, just that there have always been weird, unexplained deaths where question marks hover over them about the possibility of government involvement.

      1. DavCrav Silver badge

        "Remember all the questions around Dr Kelly (weapons of mass destruction)?

        Remember the questions about the young MI5 agent found in a sports bag he'd apparently managed to zip up completely from inside?"

        Ah, I specifically said 'your family' for a reason, because I knew both of those were going to turn up. I think it's reasonable to say that the Russian government kills more people than the UK government, and is also a lot less squeamish about 'collateral damage'.

        1. John Mangan

          @DavCrav

          "I think it's reasonable to say that the Russian government kills more people than the UK government, and is also a lot less squeamish about 'collateral damage'."

          Citation needed.

          1. Giovani Tapini

            Re: @DavCrav

            @John Mangan

            I refer you to many Spetznatz operations to recover "hostages" with a variety of degrees of success and "collateral damage" where the Americans did not dare attempt. Instances more recently in use of gas in nightclubs or in the past in Beirut.

            Maybe you just have to be old enough...

            1. MonsieurTM

              Re: @DavCrav

              And the US in Nicaragua, Columbia, Mexico, Lybia, Iraq, Iran, Afghanistan, Vietman, Camboldia, Laos, etc, etc? Exactly how many deaths?

        2. Bernard M. Orwell
          FAIL

          "Ah, I specifically said 'your family' for a reason, because I knew both of those were going to turn up"

          You've come to the wrong forum if you're going to lean on semantics for the core of your argument.

        3. Roland6 Silver badge

          "I think it's reasonable to say that the Russian government kills more people than the UK government"

          Whilst it might seem from UK media reports that this might be the case and could be a useful working assumption, I would hesitate in concluding this is the case, until we have better and more reliable data/information sources. Remember we are dealing with a branch of government that does much to stay out of sight and isn't unknown to use it's influence to stop things becoming public.

        4. MonsieurTM

          Really? What about the UK meddling in Afghanistan, Syrian, Libya, etc, etc. How many deaths have occurred there because of UK meddling?

      2. Anonymous Coward
        Anonymous Coward

        "murder your family" vs either Dr Kelly, or the sports bag victim.

        However, I'm not sure that either Dr Kelly or the sports-bag victim could really be considered as evidence for "would murder your *family*", since (a) both were plausible direct targets, and (b) are not easily understood as *the family of* some other target.

        1. Robert Carnegie Silver badge

          Re: "murder your family" vs either Dr Kelly, or the sports bag victim.

          I think the story about Dr Kelly was that his wife would be left without support of his government pension unless he kindly committed suicide. As this is broadly before there were food banks, presumably she/they would then starve to death. HTH, HAND

    2. LDS Silver badge

      In an authoritarian regime without check and balances is far, far easier to apply pressures that are much harder to enforce in democratic countries - not impossible, but far harder.

      Still, you can have people who will comply without pressure, just out of nationalistic pride. Who would trust products from a Thiel company?

    3. anonymous boring coward Silver badge

      The UK government has sent UK citizens to, for them, foreign countries on the basis of having, apparently, insufficient documentation (technicalities, in other words). They detain thousands of people on vague grounds. The government is in the process of destroying the economy in the interest of a few tax dodgers and their useful idiot xenophobe friends. The government has sent people to die abroad on missions with extremely vague objectives.

      I can see them doing quite a lot to get their own way.

    4. Eddy Ito

      It's an odd question since I think any government would murder my family and myself without hesitation if they thought it would benefit them. It's likely that the only reason they haven't is because the cost:benefit ratio doesn't work in their favor. Likewise I don't see any cost:benefit working against Kaspersky.

    5. Adam 52 Silver badge

      "Do I believe that the UK government would murder your family if you say no? No, I really don't."

      I think it unlikely but not impossible. Blackmail is more the UK government's style. Would they plant child porn - absolutely.

  3. Detective Emil

    " … it won’t be long before Kaspersky is recognised as an Uber-style disruptor …"

    And this is good?

    1. big_D Silver badge

      Re: " … it won’t be long before Kaspersky is recognised as an Uber-style disruptor …"

      I don't think Kaspersky want to be tainted with that brush, they have enough problems as it is!

  4. smalldot

    Can we see the original evidence first?

    Where is the evidence that Kaspersky products are in any way more harmful than competing AV products?

    I have understood that AV programs are risky because they 1) constantly download updates from the internet, 2) accept any type of code or binary input to scan, and 3) attempt to decode or uncompress the input binary or even run it in a sandbox to see how it behaves. It's not difficult to believe that a serious attacker could try to use the AV product to attack company networks.

    But why would any AV company knowingly co-operate with government spies? That would be commercial suicide. Their whole business is based on trust. All the US has to do is to publish evidence on Kaspersky working with Russian spies, and the whole world will instantly uninstall Kaspersky AV. Or is it perhaps so, that soon we will learn about another NSA tool that uses Kaspersky AV to infect target machines?

    1. lglethal Silver badge
      Go

      Re: Can we see the original evidence first?

      "That would be commercial suicide."

      And refusing to co-operate with the government is likely to see you either in prison (various embezzelment, corruption or conspiracy charges) or worse.

      I'm not just talking Russia here, any regime where the government has complete control of the courts and the media - China, Vietnam, etc. - all make it incredibly dangerous to say No when the government comes knocking. I'm sure in places like the UK, US, etc it is also difficult to say No to the men in black suits. But there's a difference between something being difficult and something being dangerous...

      1. Anonymous Coward
        Anonymous Coward

        Re: Can we see the original evidence first?

        Isn't every major AV vendor except Kaspersky under suspicion of collusion with the United States government?

        Any AV software is most certainly a potential threat. Proprietary code, automatic updates, god-mode access. If you really want to secure a computer, you don't simply "add security", you remove non-essential components and lock down potential attack vectors. And if you're that concerned about security, you shouldn't even be using a computer.

        It's long past time for the US Government, in particular, to reckon with that.

      2. MonsieurTM

        Re: Can we see the original evidence first?

        Ever heard of D-notices & the Official Secrets Act, mate? These are UK inventions. That make it dangerous in as far as going to jail is dangerous.

    2. Roland6 Silver badge

      Re: Can we see the original evidence first?

      Or is it perhaps so, that soon we will learn about another NSA tool that uses Kaspersky AV to infect target machines?

      Not sure of your logic here, personally, I expect we will be hearing about another NSA tool from Kaspersky: some US government employee decided their work machine was running a little slow whilst working from home, so downloaded the Kaspersky scanner which uploaded the unknown executables for inspection...

    3. Christian Berger

      There is no evidence...

      ... that's the whole point. All AV products have a theoretical benefit at best, far outweight by the many actual practical problems with them.

      It's simply not wise politcially to demand or present evidence, because then you'd be forced to act logically and would therefore have to publicly declare your goals.

  5. sitta_europea Silver badge

    Why is nobody even asking why anti-virus products like Kaspersky's are so popular?

    The single biggest contributor, by a very long way, to insecurity in IT is an American company called Microsoft.

    So isn't it time to drop Microsoft products too?

    Surely it must be obvious that the whole Kaspersky issue is an irrelevant sideshow which can do nothing but distract attention from the real issues.

  6. Anonymous Coward
    Terminator

    CIA wrote code to impersonate Kaspersky Lab?

    "WikiLeaks says it has published the source code for the CIA hacking tool ‘Hive,’ which indicates that the agency-operated malware could mask itself under fake certificates and impersonate public companies, namely Russian cybersecurity firm Kaspersky Lab."

    Kaspersky is possibly the only AV company not compromised by the NSA, remember AV software gets to run on all the computers on the planet, as root and report back to the mother-ship. Every-time you update you don't know what it's really doing.

    @smalldot "why would any AV company knowingly co-operate with government spies?"

    Well, the AV companies wouldn't knowingly co-operate, that's why they're called spies and since the end of the cold war, rather than engaging in mutual spying, the various state security apparatus currently engage in mostly exfiltrating industrial secrets from companies for monetary gain.

    1. Alan Brown Silver badge

      Re: CIA wrote code to impersonate Kaspersky Lab?

      "since the end of the cold war, rather than engaging in mutual spying, the various state security apparatus currently engage in mostly exfiltrating industrial secrets from companies for monetary gain."

      That's mostly what they were doing before the end of the Cold War too.

      The USA is one of the worst offenders, particularly with any technology that might possibly threaten their hegemony - a "kill it in the crib" approach is clear in a number of cases. (such as, say jet fighters - see TSR2, etc)

  7. Michael H.F. Wilkinson
    Coat

    "Please do not let me detain you"

    The problem with the word "transparency" is that it immediately reminds me Lord Vetinari, who often claims his motives are completely transparent, which in his case most likely means you cannot see them at all.

    I'll get me coat. The one with "Going Postal" in the pocket

    1. lglethal Silver badge
      Go

      Re: "Please do not let me detain you"

      "Ankh-Morpork had dallied with many forms of government and had ended up with that form of democracy known as One Man, One Vote. The Patrician was the Man; he had the Vote."

  8. Alister Silver badge

    ...doth protest too much

    I sense a shift in editorial stance on this, and I wonder why.

    If governments want to claim that Kaspersky is a security risk, perhaps they'd like to offer some evidence of this.

    Why would El Reg ask Kaspersky for evidence that the US is persecuting them? It's quite obvious that the drive to demonize Kaspersky started ever since Kaspersky's Antivirus identified malicious software on an NSA staffer's machine in 2014.

    1. MiguelC Silver badge

      Thatl probably won't do them any good, even if public opinion is in their favour governments aren't likely to cede in such a matter (either if it's being done for security reasons or just as punishment), but protesting is really the only thing they can do for now (as their court actions have all been rejected because of... reasons...)

    2. LDS Silver badge

      "perhaps they'd like to offer some evidence of this."

      If evidences may put sources at risk, you may want to avoid that. Even journos will not reveal their sources if they believe there's an actual risk.

      1. Alister Silver badge

        Re: "perhaps they'd like to offer some evidence of this."

        If evidences may put sources at risk, you may want to avoid that.

        So that means then, that governments, or journalists, are free to publicly accuse an individual or company of malfeasance without presenting any evidence to support those accusations.

        This is surely not how it should be?

        1. LDS Silver badge

          "This is surely not how it should be?"

          But it's what happens. Have media evidences, for example, that Ivanka Trump is obtaining copyrights in China just because of hidden deals between her family abusing of presidential powers and the China government?

          Still, strong suspicions are published, and if anyone has sources within the Chinese government wouldn't be so fool to expose them.

          Evidences are conditions sine qua non for a trial and sentence - but did you never act on a strong suspicion, with just some corroborating info?

        2. Destroy All Monsters Silver badge

          Re: "perhaps they'd like to offer some evidence of this."

          If evidencesnot writing what's on the handout may put sourcesaccess to "inside sources" at risk, you may want to avoid that.

          FTFY

      2. Adam 52 Silver badge

        Re: "perhaps they'd like to offer some evidence of this."

        "Even journos will not reveal their sources if they believe there's an actual risk."

        You just cling onto that happy fantasy!

        1. Anonymous Coward
          Anonymous Coward

          Re: "perhaps they'd like to offer some evidence of this."

          > You just cling onto that happy fantasy!

          Depends on the journo. More specifically on their integrity and how good they are at protecting your information. Some are extremely good, others utterly incompetent.

          While thankfully I have never personally dealt with journalists of questionable integrity, they abound.

  9. This post has been deleted by a moderator

  10. John Mangan

    I find the under-lying assumptions quite surprising.

    Maybe I'm mis-reading it but there seems to be a presumption that "of course a Russian company will act as a trojan for it's government'' (which I'm not arguing for or against) but "that would never happen in the West" (which I do have an issue with).

    There is clear evidence that Russia likes to interfere and, like any developed nation, engages in shady practices to protects its interests.

    But there is even clearer evidence (Snowden) that the West, e.g. including but not limited to U.S. and Britain, do exactly the same. Both countries employ gagging orders so you can't even talk about being approached by said shady agencies.

    I'm not 'for' these activities and I'm not 'for' Russia but I am 'against' the apparent editorial assumptions which seem to be without basis.

  11. Anonymous Coward
    Anonymous Coward

    So, I have a choice...

    So Kaspersky treats spyware from US crooks the same as UK ones. They treat them the same as from the rest of Europe and the rest of the planet. That is what I want. They are not subject to the NSA or any other criminals. This is good.

    I am happy that they block the US nasties. The NSA is not there for my protection. I don't think it it is there for the protection of US citizens either but that's not my problem. Russian spooks may not have much interest in me. US ones probably don't either but they are controlled by the US government who, in turn, is controlled by US corporates. I am more troubled about them.

  12. HmmmYes

    Frankly, Id be happier burning the whole lot - Windows + AV.

    Stinking, multi layered piles of shit.

  13. PyLETS

    The only security relevant code with transparency

    This has to be open source and has to be developed in the open, and with reproducible build capabilities * so that anyone interested can verify it or collaborate with any number of interested others to share and discuss the verification of it. Anti-virus on closed platforms has to operate with root and kernel level access due to its very nature. Having a consortium of universities or an audit "partner" able to inspect code based on vendor criteria in the forum offered and managed by the vendor doesn't guarantee that the urgent update you need to defend against a recent and critical threat has been independently verified.

    * for why reproducible builds are required see: https://reproducible-builds.org/

  14. Jason Bloomberg Silver badge

    They hate us and want to kill us

    "The "America wants to destroy us" argument was delivered with broad brush strokes, but zero evidence".

    That America and others in the west demonise and seek to ban them without producing credible evidence for doing so suggests to me Kaspersky are correct in their assessment.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021