Be careful with that ax, Eugene
One molecule of evidence you're doing more than taking a sauna with FSB and you can kiss your biz goodbye.
Russian computer security biz Kaspersky Lab is working closely with Russia's intelligence services and gathering information on its customers, it has been claimed. An exposé, published by Bloomberg, details allegations that since 2012 Kaspersky has been replacing senior management staff with those close to the Russian Federal …
Respect the Intelligence of TheRefister's readers - stick to the facts, numbers and prooflinks. Bloomberg article is full of false statements. This post shows based-on-the-facts journalism. Let's focus on disxussing the truth as TheRegister is not a tabloid. That being said your comment is basically a speculation that is as offensive. And... Anonimous coward, really?:)
If the OP wonders why they're being downvoted, it's probably because many readers regard the whole "no smoke without fire" style of rumour-mongering a dirty trick and see the OP as perpetuating it (rightly or wrongly). Is it possible that Kapersky has been suborned by the Russian government? Of course it's possible. Do we have any particular evidence? No, not that I am aware. What we DO know for a fact, is that Kapersky do actual serious-level security research and recently exposed a major and highly sophisticated US malware-based spying system. And that means that they will have majorly pissed off various high-ups in the US power-structures. Would we expect some retaliation in the media for that? Very probably.
I'm not going to go on record saying Kapersky don't do anything wrong - how would I know for sure? But you can't start throwing mud without evidence. I recently had to assess anti-malware solutions and Kapersky and TrendMicro were the two with consistently the most comprehensive cover. Several others weren't bad, but those two were the leaders in my research. So until someone who is both less biased and has actual evidence (at least one of these would be nice), I'm going to carry on recommending it.
"many readers regard the whole "no smoke without fire" style of rumour-mongering a dirty trick"
For evidence to the contrary, you just have to look back at comments on articles here about climate change. Clear proof that spreading FUD about science has been very effective.
This insidious tactic against Kapersky Labs will quickly undermine them.
quite a bit of the things on that link (a list of APTs) appear to be Russian in origin. That level of attack, is almost always assumed to be government sponsored, so it appears he IS talking about Russian state-sponsored spyware (even if he's limiting his statements to "Russian speaking authors").
The point is, given the long Russian history of running false flag operations, there's no reason to believe:
1. That Kaspersky actually generated (or has the resources to generate) their report on the Equation Group themselves. They could have been handed all or part of it by the FSB. The FSB certainly has the resources to generate the report, regardless of whether it's based on real NSA spyware or simply an FSB fabrication.
2. That anything in the report is actually true, until it is confirmed by independent 3rd parties who got their code samples independently of Kaspersky, the FSB, or any other intelligence connected entity.
...found any yet?
The smart move by the Russians would be to pirate on the NSA's efforts. Remember that the NSA's data collection efforts are as pointless as they are brilliant in their execution. Why go to a lot of trouble building competing spyware when all you need to do is borrow their data? They can also leave the NSA alone in the belief that they are the only people in the world -- the Universe, even -- who can do this sort of thing, they're masters of everything, so they'd not make sure their own systems are invisible but also provide appropriate data sources for the NSA to work with.
This is a global chess game -- and the Russians are good at chess. Think Bletchley Park scaled up by several orders of magnitude.
.. because Kaspersky has flat out refused to EVER tag government spyware of any origin as benign.
It appears certain organisations are a tad upset that his team is getting rather good at unearthing campaigns that must have costed a good deal of development effort, hence the marketing campaign.
He's got my vote - still.
...which I am entertaining just for hypothetical argument, you would need to consider who you were most threatened by as an ordinary citizen. Assuming a Western reader living in a Western country, the chances of Russian Intelligence or law enforcement causing you problems is pretty much zero - you're simply not their concern. In comparison, the chances of your own country's law enforcement or government causing you (or your loved ones) hassle, is considerably higher.
Assuming that Western firms are compromised by Western governments (which we know happens) and Russian companies by theirs, which company would you logically wish to be informing on you?
>>It's a sad state of affairs that the default assumption is that of law enforcement "causing you problems"
Sad perhaps, but true nonetheless. Few if any have the power to ruin your life with impunity that the government and law enforcement of your company do. Any random person could kill you, but they could not do so without grievous consequences.to themself. The government can lock you up, prevent you getting jobs, all manner of things without anyone making those decisions risking any reprisal to themself. No body has so much power over you with so little risk from using it, than your own country's rulers. The rulers or people of other countries are no threat by comparison.
Interception of various forms can easily be traced back to the middle ages and, if you try a bit harder to other civilisations far further back. It has certainly been fully active wherever I have lived for all of my life. The impact it has had on my life has so far been very close to zero. I said close to zero and not zero because there have been times when interception and observation have failed. Then I have been closer than I would like to things that really would have ruined my day.
Oh and for the record I find the imperial thug Putin to offer more threat than almost any other legitimate or quasi legitimate government, though still managing to be far lower than sundry death cult sects.
You do have to say that he has played most leaders for the misguided innocents that they appear to be and got everything he wanted along the way. It has been so easy for him; why would have need to break a sweat and make any sort of real effort?
State sponsored actor or not, Kaspersky Labs does a lot of very valuable work cutting cyber threats down to size. Now, it's pretty safe to assume that US based companies are likewise working hand in hand with the CIA, FBI, NSA or whatever. So how would it be different for Kaspersky? Plain and simple, it's probably not.
The difference that the US wants to point out is that they are the "good guys" and the Russians are the "bad guys". Yeah, right.....
"Of course US are good guys compared to Russia. You really do not see the difference between democracy and a post-communist mafia-style country?"
The US is a corporatocracy where corporations buy politicians to represent their interests. Not that different from fascism.
I think we have as case of the pot calling the kettle black. So many here seem to forget all the stuff their own governments are doing and have done. And don't forget they are all holding hands. I did some research,and Kaspersky only writes about supposed Russian malware AFTER others have discovered it! Find me one case where Kaspersky was the first one to uncover malfeasance by Russian hackers! I'm not saying the NSA did not do anything wrong,but lets be real hear, the five eyes ARE the good guys.
"Of course US are good guys compared to Russia. You really do not see the difference between democracy and a post-communist mafia-style country?"
You are being facetious I assume. The US a democracy? I think not:
More similar to Russian oligarchy than most free societies.
http://mic.com/articles/87719/princeton-concludes-what-kind-of-government-america-really-has-and-it-s-not-a-democracy is an interesting (albeit badly flawed) article. Certainly I believe that the USA is indeed an oligarchy, much as (classical) Rome was in the decades before the civil war (when it ws nominally a republic). But that article is more likely to weaken my belief than strengthen it. It's a great pity you chose to reference that junk, looper.
But the graph showing that the 20th percentile was often above the median, although good for a laugh, is a pretty appalling piece of nonsense - no-one with any sort of mathematical literacy could believe that it was even remotely near being accurate. It destroyed my ability to believe anything in the article was reliable.
Of course the absence of democracy problem isn't restricted to the USA; the UK, Spain, France, Germany, Italy, Belgium and the Netherlands are all oligarchies or something else distinctly non-democratic too. I don't know the rest of Europe well enough to state for certain that nealy all the remaining European countries are either dictatorships or oligarchies too, but I'm pretty sure the vast majority are. So is India, from what I've seen of it, in fact I don't believe there is a real democracy anywhere on earth - except maybe Switzerland.
The US does not have a state sponsored criminal hacker element like Russia & China does. It does not have the blatant graft and corruption that Russia & China does. The US has laws that most people obey. It's almost a game in Russia and China to see how you can beat the laws.
No one likes their communications being monitored but the US is only looking deeply at "bad actors", everything else they look at is at a 50,000 ft meta data level. Agreed, if you use any full cradle to grave encryption method or search for things like making explosives or jihad they will be much more interested in you. If you can't live with that fact, better buy some pencils and paper.
All the more reason for Kaspersky Labs and ANY other anti-virus software manufacturer or their employees to be suspect as there are many "features" built in to anti-virus programs that could potentially be used to steal users banking or other personal info.
Anyone with an innate knowledge of such programs and a criminal motive could be very dangerous indeed. A lack of funds is often all the motive needed.
As long as we are making wild suppositions, whose to say that those same people did not write the hacking exploits that are available for sale, especially as many anti-virus programs don't find these exploits?
Nice article by Kaspersky. I like the way he thanks them, a major news organization, for doing a thorough analysis and coming up with all the facts. Quote:
"The result of investigative journalism revealed these REAL facts:
I go to banya.
We fire and hire employees.
60% of employees are Russians (I have to admit not all of them are fluent in English. We are working on it).
Our Chief Legal Officer served in the Border Control when he was 18 and at that time the service was a part of the KGB."
In other words, with all Bloomberg's investigative resources, they gave him a clean bill.
Too bad their report is so badly written.
From my position of towering ignorance about all this
Antivirus packages come under such cross-vendor scrutiny due to market pressure, it's hard to see how Bloomberg are the ones that wrote this up. Wouldn't one of the many other competing vendors spot Kasperskys 'accommodation' and 'go to town on their asses' ?
Not that it matters, but I was born in the US. So I am an American. I have not lived there in about two decades, so there it is.
I have a Huawei router. It MIGHT have a backdoor built in, to the Chinese spy agency du jour. However, since I live in a 5 eyes nation, I can be pretty sure that the NSA has a 'tap' into my chosen ISP, or rather ANY ISP as they have tapped one end or the other of the Southern Cross cable. (My best guess is somewhere in Hawaii.) So why would I be worried about the Chinese? I also use Kaspersky AV. So why would I be worried about the Russians? Are the Chinese or Russians going to 'disappear' me? Can't really imagine. Are any of the US three-letter agencies likely to? Percentage-wise, I'd say that the chances of that happening are 1000% better... And, it would be LEGAL! Now, if I were Chinese or Russian I might feel differently. But frankly, I REALLY DON"T have anything to hide from either the Chinks or the Rooskies. As well, I have nothing to hide from the Yanks, either, but I still worry more when I cross the US border than the Chinese or Russian borders. Isn't that a shame?
No, They are are not concerned with you as an individual; you are just a statistic.
What They are interested in is statistics by the million, just like the ad agencies and supermarkets look at the millions. Snowden has said little or nothing about Big Statistics. Maybe he is not a statistician, or maybe that is where the real secrets are.
The origins of Kaspersky Labs and its relationship with the Russian government is well known so there's nothing new here, just a bit of innuendo to try to paint the company as some kind of 'menace to freedom'. Which I suppose in a way it is -- Kaspersky Labs has become a serious thorn in the side of the NSA, its undermining the NSA's freedom to compromise everyone's data at will, undoing decades of diligent work and wasting billions of tax dollars by its irresponsible exposure of the NSA's methods and goals.
I doubt if its an official Russian agency because they would be more likely to figure out what's going on but not tell anyone. If there's one thing better than an exposed secret its a secret that the owner thinks is still a secret.
Kaspersky is not telling the truth about his years at the KGB School. During the years 1982-1987 he was registred to the Technical Faculty of The Higher KGB School (Высшая краснознаменная школа Комитета Государственной Безопасности при Совете Министров СССР имени Ф. Э. Дзержинского).
Should you search the Internet you may find a nice picture of Kaspersky in his uniform with the Russian text "Курсант Высшей школы КГБ" (Cadet of the Higher School of the KGB). There are also several other Russian sources which acknowledges his five years with the KGB.
The fact that he once studied at the second most prestigious KGB school was of no real harm to him and his ccompany. The fact that he today lies about it all is very suspect.
Three steps on how to kill the competition.
1. Lobby your government with sketchy evidence about a competitor.
2. Drip feed sketchy information with no real proof to the media
3. Sit back and watch them get banned.
Huawei springs to mind as another good example.
Regardless of the truth of it Kaspersky will be screwed if the story rolls on..