The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden.
The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.
British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
Anti-virus software is an ideal target for a would-be attacker, according to Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy. “If you write an exploit for an anti-virus product you’re likely going to get the highest privileges (root, system or even kernel) with just one shot,” Koret told The Intercept in an email. “Anti-virus products, with only a few exceptions, are years behind security-conscious client-side applications like browsers or document readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there.”
(Disclosure: One of the authors of this report, Morgan Marquis-Boire, spoke at a Kaspersky Lab event in Puerto Rico in 2013 and at another in London in 2014. He was not paid for either event, but the cost of his travel and accommodation were covered by the company.)
“Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability and SRE is essential in order to be able to exploit such software and to prevent detection of our activities,” the warrant renewal request said. “Examination of Kaspersky and other such products continues.” The warrant renewal request also states that GCHQ reverse engineers anti-virus programs to assess their fitness for use by government agencies.
The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
Software reverse engineering, or “reversing,” is a collection of techniques for deciphering and analyzing how a program operates. The process can be as simple as observing the flow of data into and out of the program, or as complex as analyzing the machine code — 1s and 0s — to look into the software’s inner workings, including portions of the code that are not explained in the manual or other program documentation. Put simply, it often means taking thousands of commands that instruct the computer exactly what to do and working backwards to translate them into a format that’s more intelligible to a human being.
Reversing is a common, often benign practice among software developers that can be used to enable software from different companies to interoperate or to identify security vulnerabilities before they can be exploited by third parties. Software makers, fearing piracy, hacking and intellectual property theft, often forbid the practice in licensing agreements and sometimes protect the most sensitive inner workings of their software with encryption. Governments have passed laws, with digital media in mind, that strictly circumscribe tampering with this encryption. Software companies have also sued to block reverse engineering as copyright infringement, arguing that it is illegal to make a copy of a program in violation of their restrictions on such copying.
GCHQ felt it needed legal cover to conduct reverse engineering, writing in the warrant renewal application that the practice could otherwise be “unlawful” and amount to “a copyright infringement or breach of contract.” As we explore in a related story today, the warrant is legally questionable on several grounds, in that it applies ISA section 5 to intellectual property for the first time, and GCHQ may be applying ISA section 5 to certain categories of domestic policing.
It is unclear what GCHQ accomplished in its analysis of Kaspersky software, but GCHQ has repeatedly reverse engineered software to discover vulnerabilities. Rather than report the vulnerabilities to the companies, spy agencies have quietly stockpiled numerous exploits for a wide range of commercial hardware and software, using them to hack adversaries.
The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report.
The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
In a statement emailed to The Intercept, Kaspersky Lab denied that its “User-Agent” strings could be used against its customers. “The information is depersonalized and cannot be attributed to a specific user or company,” the statement read. “We take all possible measures to protect this data from being compromised, for example through strong encryption.”
But Kaspersky’s measures sometimes appear to fall short. In 2012, Twitter user @cryptoOCDrob posted a screenshot of Kaspersky software leaking unencrypted data while checking website reputation. Two years later, another Twitter user, Christopher Lowson, claimed that his email address, license key and other details were being sent by Kaspersky without encryption.
Testing performed by The Intercept last month on a trial copy of “Kaspersky Small Business Security 4” determined that, while some traffic was indeed encrypted, a detailed report of the host’s hardware configuration and installed software was relayed back to Kaspersky entirely unencrypted. By the time of publication, Kaspersky told The Intercept via email, it was unable to reproduce these results.
Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software.
Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.”
After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
There is a certain logic to monitoring reports flowing into anti-virus companies. Such reports include new malware, which can potentially be re-purposed, and intelligence about hostile actors. What’s more, information about security vulnerabilities in the AV software itself can be harvested. Anti-virus companies commonly, though not always, respond slowly to such reports, leaving a window in which spy agencies can potentially exploit these flaws. A 2012 report from Google security engineer Tavis Ormandy documented how, after alerting Sophos to multiple security vulnerabilities in its anti-virus software, the firm estimated it would require six months to patch all of the bugs. That estimate was later revised down 60 days for the entire set of fixes, according to Ormandy.
It’s not clear exactly how many reports like Ormandy’s have been piling up at anti-virus companies. But Koret, the security researcher, suggests that most AV companies have serious problems in this area. “During a period of ~1 year I researched more or less 17 AV engines,” he wrote in an email. “I found vulnerabilities in 14 AV engines.”
As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware.
Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers.
He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
Kaspersky Lab openly cooperates with multiple international law enforcement agencies on cybercrime cases, but no inappropriate links to the FSB have ever been proven. Meanwhile, cozy relationships with intelligence agencies are not uncommon among Western technology companies. The CIA-backed venture capital firm In-Q-Tel has helped build over 200 tech start-ups, including cybersecurity firms FireEye and ReversingLabs and big data intelligence firms Palantir and Recorded Future. Previous reporting from the Snowden archive has shown that Microsoft, Google, Yahoo, Facebook, Apple, AOL and PalTalk all actively participated in the NSA’s PRISM surveillance program.
No stranger to targeted cyberattacks, Kaspersky Lab announced earlier this month that it had been the victim of a sophisticated intrusion. In an email, Kaspersky Lab told The Intercept, ”It is extremely worrying that government organizations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep us all safe. However, this doesn’t come as a surprise. We have worked hard to protect our end users from all types of adversaries. This includes both common cyber-criminals or nation state-sponsored cyber-espionage operations.”
When asked for comment, the NSA and GCHQ declined to respond on the record to the specifics of this story.
____
Documents published with this article:
____
Photo: Shutterstock
I don’t trust Kaspersky software, it is not so secure. I used in past in my laptop. It was not able to remove basic viruses. So I did update many times, but was not so worth it. And now a days hackers are becoming so much smarter than before and security systems provider need to work and think much advanced than them.
” analyzing the machine code — 1s and 0s” No… they do not reverse engineer software by looking at the 1’s and zeros. They look at the instructions and hexidecimal values.
FirstLook wants security for its readers… How about NOT FORCING US to enable JavaScript to read the comments? Seriously…
It is foolish nonsense like what you wrote, that makes it all possible.
Do you seriously believe that anyone, except a 12 year old kid, needs Java to get into your computer?
You commentator guys here need to do some serious waking up!
Such troll pedigree! Such technical prowess!
Monkey C Monkey Do-wap sez, do you know Java and JavaScript have absolutely nothing to do with one another?
Jose, what OS and browser are you using? It’s not true for all browsers/OSes.
and maybe the Brits are only trying to code/develop their own AV product – hence the effort :]]]
You mean not only the “Chinese” engage in economic espionage and IP theft?!
EGADS.
NSA has been caught watching porn while on security duty. They have allowed the Chinese, North Korean and Iranian hackers free access to our servers. Any delinquent security guard would have been sacked for such poor performance, but paradoxically in this case we are somehow to be blamed for this lapse.
They’ve said that’s who because that’s who they want it to be.
Great article — Thank you authors and the Intercept
Thank you readers for your comments — intelligent responses to good writing
Deplorable subject — Were we not here before ??
The whole world is watching us – and our pseudo democracy
#1 issue — HOW DO WE GET OUR JUSTICE SYSTEM BACK AGAIN
The “dept of justice” has been the root of failure to our country
But then, INSIDERS APPOINT JUDGES
How did the process allow ROBERTS to walk in as a junior supreme court judge and take the lead position??
I would support an adversarial Justice System. The US Attorney General shouldn’t serve at the pleasure of the Executive Branch, it should be an elected position.
Could you imagine the apposing party’s vigor in prosecutions?
Murray…. you are not thinking… and so you are asking the wrong question: “HOW DO WE GET OUR JUSTICE SYSTEM BACK AGAIN”
There is no longer a way to get it back, actually, it was never YOUR justice system, you just did not figure that out until now. So the question is, how do we live reasonably in countries that function like this? Is there a way at all, when EVERYTHING can be controlled and listened to?
The first thing you need to accept is, that it is childish wishful thinking..to believe this can be changed.
For “them” the most important thing is, that people like you do not stop believing such foolish things. Because it turns you into a useful fool, and THAT is what makes all of this possible. Just read the answers to your posts… all childish hog-wash-
THAT IS WHY THIS ALL WORKS SO EASY FOR THEM…
New troll needs better training.
How can any true loyal Americans, be they Democrat or Republican, Male or Female, White,Black,Hispanic or other needs to show their Loyalty to the Constitution rather than to a political party. Now is the time to vote for Independent Candidates, because both parties have shown their willingness to subvert the Constitution, our Civil Liberties, our National Sovereignty through the TPP (The Trans Pacific Partnership) and have been doing so for decades & the Governments own records have proved this to be true ! We are being sold out by the Democrats & Republicans ! It now has become a choice between Fascism or Liberty & Fascism is winning !
Both parties have been complicit in this criminal activity. Some will say they don’t want to waste their vote, but you are already wasting your vote on Democrats & Republicans because they are the ones who have already betrayed us ! This should be a joint effort on the part of all Americans, Democrats,Republicans & Independent voters ! Organize now before its to late ! Your liberty is at stake and that of your children & grandchildren !
We get the Government we deserve, and nothing will change until we stop electing Democrats & Republicans after all they are the ones subverting the Constitution, & they must be held to account both politically & leagly !
No more lies, excuses, rationalizations,or justifications, the public needs to hold these officials to account to the fullest extent of the law under Title 18 sec. 241 & 242 (Google it), so any future traitors will know there will be consequences to such behavior.
As Mr. Snowden said the Politicians are afraid of you ! Now is the time exercise you power, you may not get another chance !
REMEMBER: POLITICIANS, BUREAUCRATS AND DIAPERS SHOULD BE CHANGED OFTEN AND FOR THE SAME REASON.
Some words of true Patriots are as follows, as opposed to the words of false flag patriotism of today.
He that is of the opinion money will do everything may well be suspected of doing everything for money.
Benjamin Franklin
He that is good for making excuses is seldom good for anything else.
Benjamin Franklin
Experience hath shown, that even under the best forms of government those
entrusted with power have, in time, and by slow operations, perverted it into tyranny.
Thomas Jefferson
Rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others. I do not add ‘within the limits of the law’ because law is often but the tyrant’s will, and always so when it violates the rights of the individual.
Thomas Jefferson
In framing a government which is to be administered by men over men you must first enable the government to control the governed; and in the next place oblige it to control itself.
James Madison
Liberty may be endangered by the abuse of liberty, but also by the abuse of power.
James Madison
The liberties of a people never were, nor ever will be, secure, when the transactions of their rulers may be concealed from them.
Patrick Henry
“We the People are the rightful masters of BOTH Congress and the courts, not to overthrow the Constitution but to overthrow the men who pervert the Constitution”
Abraham Lincoln
America will never be destroyed from the outside. If we falter and lose our freedoms, it will be because we destroyed ourselves.
Abraham Lincoln
We should not forget the warning of President Eisenhower .
https://www.youtube.com/watch?v=vLqWfWxqh_0
The NSA is controlled & operated by the DOD & the MIC (Military Industrial Complex) Private
Corporations.
“The very word “secrecy” is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths and secret proceedings. We decided long ago that the dangers of excessive and unwarranted concealment of pertinent facts far outweighed the dangers which are cited to justify it.”
President John F. Kennedy
Waldorf-Astoria Hotel
April 27, 1961
As is said in the law, falsus in uno, falsus in omnibus. (“False in one thing, false in all things” is an instruction given to jurors: if they find that a witness lied about an important matter, they are entitled to ignore everything else that witness said.)
As a reminder Hermann Goering said at the Nuremberg Trials .
“The people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country.”
“Fascism should more appropriately be called Corporatism because it is a merger of state and corporate power.”
Benito Mussolini
Time to start removing the corporate Congress from office & defunding the NSA & the Police Surveillance state, to pre 9-11 levels & force them to comply with the law & impose jail time for non compliance under USC Title 18 Sec. 241 & 242 (Google it) .
Disclaimer: Be advised it is possible, that this communication is being monitored by the National Security Agency or GCHQ. I neither condone or support any such policy, by any Government authority that does not comply, as stipulated by the 4th Amendment of the U.S.
Constitution.
The Day Kaspersky Reported Equation Group Root Level Malware on the Firmware of Every Drive On The Planet We Voted With Our Feet. Viva Kaspersky.
Interesting that Norton and McAfee aren’t listed. Then again, being US companies, they can simply be compelled to turn over source code via National Security Letter, and forbidden from disclosing it.
I hope the Russian government increases funding to Kaspersky and enables their application to resist state-level-actor cyberweapons, not just viruses. It’s sad that we might have to look to the Russians to protect us from our own governments.
It’s even sadder that you think Putin and Snowden are your friends looking out for your best interests.
One of the oldest rules of ‘war': At least to a limited extent, the enemy of your enemy is often more of your friend than your enemy is.
What does Kaspersky want with your personal life? They don’t tax you, and they don’t control you. They’re not in your country. They have little relative power over you. What’s more they’re currently being actively scorned by those who DO have power over you and DO seek, in every way, to control you and how you think. You may indeed (for whatever reason) come of interest to them, but ultimately interest without the fist to slam down to squash you is a lot less threatening.
Russia also doesn’t drone bomb other countries or in other ways go to such great and vast lengths to extend itself in the name of ‘Empire’ (despite what the US and NATO are trying to claim by posting 40,000 NATO ‘soldiers’ along the Russian borders or whatever the hell it is they’re now doing that they of course are claiming is for defense but is really going way further than Russia ever did with Cuba (and that only worked out because two leaders, essentially, were able to communicate).
Do they have a spying apparatus? Of course they do. But if you think most of the security and ‘security’ companies in the US aren’t run, operated, and employing a metric shit-ton of people who are generally far more ‘accountable’ to their corporate’s governance (and their government’s governance — security clearances and such being more and more de rigeur for a lot of work)… Well, I don’t know what to say.
If you want to know what a country spies on and/or is interested in spying on, look at its values and what it’s interested in, the lengths it goes to now, where it has power, and what it seeks to control.
If you’re criticising Russia, you may indeed wind up interesting the FSB or GRU or whatever. Funny thing with those agencies, though, they usually like to make it quite known they’re interested (moving things in your apartment when you’re out to let you know they’ve been there, etc). There’s a sort of purity in that level of transparency, even when it can be stifling, paranoid-making and even brutal occasionally.
China has a similar (albeit perhaps harsher) transparency when it comes to some things. If it’s economic, China is probably interested; if it’s about China, or one of China’s allies or perceived enemies, or is in some way directly useful to them (or antagonistic to them), they’re also probably interested.
But generally if you’re some schlub living on a farm in the Heartland of America (well, one that doesn’t also have missile silos, perhaps), delivering newspapers to stands in San Salvador, working a 9-5 in Chisinau for crap wages, working in a call-center in Mumbai, or whatever, they’re not likely to give a flying fig about your personal life, who you’re connected to, or what you’re looking at online unless it’s directly useful or antagonistic — and even if it is, they’re more likely to pursue it directly. You don’t really see the Chinese going around murdering people for information. There’s a purity in that as well, even if it’s crime — there’s a code.
If it’s anything about anybody, on the other hand, America and its allies are probably interested, and if your tech companies are cooperative, then there’s really no way to know if you’re one of the people they’re interested in, or, due to contact-chaining, even why. The biggest problem with the 5-eyes (and 9 and whatever else) alliances is that most of it funnels back to the same power centers, and most of those countries eagerly support ‘contractors’ who are all-too-willing to sell spyware and malware to hold the peoples of other countries down.
I haven’t even gone into the ways that companies are duped into hiring people with dual goals, or can be coerced to do things (like adding very minor bugs that are almost impossible to spot but with knowledge of which can be utilised by only people who know the specific flaw and how to exploit it). Since most people, and certainly most companies, don’t engage in line-by-line auditing, and test engineers are often not even involved in the dev process for the most part, if it works, it usually goes through — and most of those backdoors are edge cases that even a careful audit might miss; they’re *clever*. FOSS is actually even more open to this, but at least there is public auditing in place; eventually those bugs might come out (albeit months or years later, but still — better the devil you can know).
In all cases, I’d say it’s probably better off to go with an AV and/or security company that doesn’t enable those who have to essentially bow to the wishes of someone/something which can, without explanation, consider you their enemy.
At least Kaspersky outs state-sponsored malware, and the fascistic ‘products’ that come out from HackingTeam and their ilk (pero, pero, pero, non lo so!).
>Russia also doesn’t drone bomb other countries or in other ways go to such great and vast lengths to extend itself in the name of ‘Empire’
tell this to Ukrainians
I’d suggest YOU tell it to a Ukrainian, since it’s actually Ukrainians from Western EU-kraine ;) near the border of Poland who actually ‘took over’ Kyiv/Kiev with the backing of the West and NATO. And it’s THOSE Ukrainians who are BOMBING other Ukrainians who just want to be left to be … wait for it … Ukrainian. Why do you think you get to say what it means to be ‘Ukrainian’? What’s going on is basically a civil war with heavy western backing (not even a proxy war; the US can push as much as it wants in this direction but Russia has to be extraordinarily careful because the entire point is to provoke Russia to ‘justify’ things). Wake up.
Now we can be sure that there are no any KGB spies in Kaspersky products. NSA and GCHQ guaranteed.
Actually, you can, because the KGB doesn’t even exist anymore.
Le sigh.
It seems strange that our government has no problem finding resources and experts to engage in this sort of thing… but they don’t have the resources to protect OPM and other agencies from being hacked… someone help me with this…
According to Bruce Schneier:
This is no doubt true, but the main reason is that offense is more fun. Defense consists of making nothing happen, which is about as much fun as watching paint dry.
Also, successful professional attacks don’t make anything obvious happen. So it’s hard to know how well you’re doing on defense, even if you’re apparently “making nothing happen”. On the other hand, sometimes on offense you’ve just hit a honeypot ;)
WINDOWS 10 should be fun then for NSA GCHQ party time
It appears from what we’ve learned from the Snowden documents Microsoft was a “partner” with the NSA since at least 2007 (possibly much earlier)….so Windows 10 shouldn’t be much one way or the other – perhaps dialed back some even as this stuff coming out showing their working with the U.S. Stasi to spy on its customers is bad for sales (and they need to be careful).
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
That might very well be a big concern…
> In a statement emailed to The Intercept, Kaspersky Lab
> denied that its “User-Agent” strings could be used against
> its customers. “The information is depersonalized and
> cannot be attributed to a specific user or company,” […]
Kaspersky Lab is either ignorant or disingenuous here. When you’re protecting content with encryption, you have to worry about both content and identity, or in loose terms, both the letter and the envelope. Using an identifier derived from fixed information (even if it doesn’t reveal that information) still creates a pseudonym, a new name, that can be used to correlate content. There’s no security reason that they need to create such a pseudonym, nor that they need to send it over the internet unencrypted.
Agree on this point, albeit it is actually fairly easy to spoof useragents nowadays; most modern browsers support it, and even commandline tools like curl and wget permit such spoofing. There are whole libraries available to easily add useragent modification to perl, php and python (and other) script developers. Randomising this is easy. Most people should do it more.
That said, the statement was indeed rather laughable.
Hi,
In a study done late last year about Android apps that handle ssl/tls incorrectly,Kaspersky made the first list of 158 apps. A total of over 20 thousand were eventually found with this vulnerability. Fireeye and others,did the work.
Now,as to Kaspersky reporting on Russian malware,don’t make me laugh. They only ever reported on it after the perpetrators were found to be abusing more Russian business and people than any others. All the major malware was discovered and analysed by others first,then Kaspersky wrote about it AFTER THE FACT! I have researched this in-depth and can provide all the links to back this up! So don’t waste your time trying to prove otherwise. Its laughable all the useful idiots who are so quick to defend Kaspersky and Russia in general. When they invade your countries,don’t come crying to the US. I’m a little sick and tired of all the ungrateful people in Europe who seem to have forgotten all the sacrifices the USA made on their behalf. So,before you knock my county again,and defend Kaspersky and Russia,maybe you should think twice.
I am confused — you’re suggesting Kaspersky himself, with Russia by his side, are going to invade your country? What Kool-Aid have you been drinking, bro? Read some international newspapers. Or keep supporting a government that actually IS invading countries around the world (and using them to fight proxy wars because war = profit = staving off economic collapse in the US by promoting economic collapse elsewhere).
I’m not even anti-US. I wish more Americans had more access to less biased news — or even biased from other directions so they could know there isn’t only one way to look at situations. I don’t believe most Americans, who often spout a lot about WW2 and defeating Nazis realise that (a) Russia also defeated the Nazis, and (b) Ukraine’s overthrow was instigated by and done by a very American-funded neo-Nazi extremist group with extensive support and training done by the same — the same ones who are calling those who don’t want to be ruled by Nazis ‘terrorists’. One man’s terrorist, another man’s freedom fighter? Easy to pass judgment on other countries, isn’t it, when you’ve never lived there, or know the language, or even read the papers from that country (or even its neighbouring countries) — or even spent more than an hour or two in ‘that ethnic section’.
Stop making it an us and them thing. I’m neither and I’m offended.
Edit: my comment is meant to add to Eric Highs’ comment and not against.
While it is telling that the intelligence agencies are targeting security software, I struggle to feel outraged that they violated software terms of use. As a matter of fact, I am shocked they bothered to even get the warrant to do that.
Violating software terms of use is a common everyday fact of life for probably over 50% of the internet using population. The fact that NSA and GCHQ do this is not shocking. The other information in the article is very interesting and important, but the angle about terms of use violation seems a little overblown.
I am angry that the intelligence agencies are so deceptive and invasive — but it doesn’t really bother me that they click the checkbox without reading the super-long agreement, just like everybody else does. It seems every single one of these documents is evidence of gross criminal activity, but terms of use violation is the smallest offense they could possibly commit.
The other tidbits, regarding email interception, signature identification, use of stolen exploits, etc. are very outrageous, however.
Why does The Intercept’s IP address in the test start with 10.?
Sorry for the double post.
Why does The Intercept’s machine have an IP address beginning with a 10? (It’s a genuine question not a criticism).
The prefix “10.” is a number reserved for private networks, one that do not, by default, route to the entire network. It’s a common prefix seen when you want total control over an isolated piece of network.. See https://en.wikipedia.org/wiki/Private_network
Hence my question.
Any sane malware researcher cordons their malware research (or any other kind of network research) off onto sandboxed systems and private networks that can only be shared among the VMs and perhaps a regularly wiped host. Those networks generally get put on a ‘reserved ip network address range’. For many people their wifi routers will DHCP them a 192.168.0.x or 192.168.1.x (or 100.x, or what have you) range. These are reserved addresses that don’t route out of their internal network directly (in the case of a home network, your wifi router really is acting as something like a ‘proxy’ between the modem your actual internet is on and your machine; too hefty to go into much more here. your router then basically acts as an intermediary passing packets between the outside connection and your machine (this is why you can use your wifi router without the cable connected, you just won’t get internet — but any machine also using that router, typically, can communicate with other machines, just without internet connectivity; it can even host its own dns for the internal network).
The 10.x.x.x range is ALL reserved, and a lot of corporations use that range, as do a lot of companies doing malware research, often with (but just as often without) subnetting. One can still route out with some routing manipulation, but more often than not it’s used either for internal network communication between VMs and/or to trap the content of attempted outgoing traffic without it actually making it outside of the network (or VM), since there’s no external connectivity inherent in such a setup.
Answer your question?
Mostly it does, thanks muchly. But the reason I originally thought it was weird was because I thought they were bouncing stuff off of Kaspersky’s site to find out whether their traffic was encrypted, and that doesn’t fit up well with sandboxing something. The use for trapping outgoing content makes sense, thanks.
Sure thing, no problem. Glad I could be of help. :)
Wow, what an article. So, our government’s deliberately compromise U.S. citizen security software (via “partnership” ala Symentec / Norton or by direct attacks when partnership is not chosen or an option) – this is called being at war with the interests of your own citizenry.
I remember, not that long ago, the U.S. intelligence apparatus wanted to place the Clipper Chip in every computer, so they could back door anyones security whenever they wanted – and it was resoundingly defeated in the U.S. House and Senate (U.S. Citizens did not want that future) – democracy worked. So here we are just a few years later and it turns out the U.S. intelligence Stasi went and did it in secret anyways (compromising all U.S. citizen security software being only one example) – is this democracy folks? This is immoral.
The green tinged screen shot in this article does not actually show “a detailed report of the host’s hardware configuration and installed software” being sent unencrypted. The HTTP requests are repetitive and do not contain anything of interest and the HTTP responses are zero length.
Of the 3 articles The Intercept has published today describing GCHQ/NSA activities, the activity described in this one offends me the most. Managing internet accessible devices can be a real pain in the ass. The general public is incredibly cavalier and routinely exposes themselves and others to all manner “intrusions.” No AV/malware product is a 100%. And, if you tangle with something truly ugly it can be very expensive to purge your system. It’s bad enough to realize that any number of commercial outlets are tracking you all over the web, only the smallest comfort that there are marginally-effective things one can do to interfere with that tracking, and these commercial entities can’t (yet) authorize jailing you for your travels. But, to have government intelligence agencies deliberately, purposefully, intentionally weakening the few things average people can do to protect their systems simply enrages me. The gall, the hubris, the utter disregard for the people who pay their salaries and fund their agencies is [literally] mind-blowing. There is little else the NSA could do to explode/vaporize what little support I’d offer to their “mission” than this. This actually interferes with my ability to be “safe and secure” online. This does not “help” me; it harms. This is directly, individually, personally at odds with their warrant to be. This is all I need to promote and support their defunding and dissolution.
Yes TallyHoGazehound I totally agree. It appears they (and all other intelligence agencies) have deliberately chosen to actively make all software / hardware / firmware as easily exploitable as possible – so they can spy on anyone at any moment. Of course this makes it so the other “bad” guys can do the same as back-doors work for anyone. (it’s that deliberate choice made in secret, after the U.S. population / democracy said no to the Clipper Chip and this future, that particularly galls me)
And as you so eloquently point out – this is in direct violation of their charter.
It also suggests that the spooks are sabotaging the very companies (e.g., Kaspersky) that are revealing malware and hack threats to individuals and businesses, or maybe have co-opted companies like Symantec and Macafee to help spy and/or overlook official malware. It’s as if, during the Cold War, the government not only requiring businesses to defend themselves by having to construct their own Nike batteries, but was rigging them to malfunction as well.
This particularly bothers me: “Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.” Why are those hounds not barking?
I believe Symantec was flagged in prior Snowden documents as working with the NSA (as in not identifying things the NSA didn’t want identified etc.) – it made an impression on me as that was my antivirus. Not sure about the other two, but given their headquarters locations it would appear they’re working with the “home teams” as well.
This was what I could find at the moment (back in late 2013 before PR plans were in place):
http://www.darkreading.com/vulnerabilities-and-threats/do-antivirus-companies-whitelist-nsa-malware/a/d-id/1112911
Next question to ask is, how many Americans use Symantec or Macafee?
Excellent comment TallyHo. I really wish these agencies’ missions were limited to catching child predators, financial swindles, malicious hackers and the like. Instead they seem more concerned with manipulating opinion and behavior and gaining total access to every individual, govt and business computer in the world for all manner of nefarious purposes. Stasi on steroids and crack already. Sheesh. Some serious mission creep going on in western Intel agencies. Probably not limited to western, in fact almost certainly not, but these revelations about what MY govt and its allies are doing is troubling on many levels.
You raise an important point and I think that Snowden may have presponded it some time ago he stated that NSA is all about social control. At the risk of sounding hyperbolic, it appears that what we have here is a kind of not so quiet totalitarianism.
I hope I won’t take a rash for this, but actually, it doesn’t bother me unless it contains information about malicious use. There are two things you can do with knowledge about what the spy agencies do (actually there are three,but just turning it over to the public and letting them decide seems to be off the table). You can find evidence of criminal behavior, or malicious wrongdoing, overstepping bounds, failing to get warrants, missions that are not in the interest of the public. And then you can just expose their methods without knowing whether those methods have been used to do anything wrong.
The first thing, exposing wrongdoing, performs a useful watchdog function, and is necessary to keep spies “on the farm”.
The second thing, exposing methods without any knowledge of whether they were used wrongly, runs very close to just an attack on the spies.
So what is the purpose here? Is it to expose wrongdoing? Inform the public? Or is it a war on the spy agencies?
Personally, I’d be very surprised if an agency which does some of its craft, right or wrong, by planting malware, didn’t reverse engineer security software to find out which malware they should use on which target. The wrongdoing consists entirely of siccing the malware on the wrong people or siccing bad malware on everybody. The reverse engineering of software, devices, embedded devices and all the rest is just part of the tradecraft. Even Edward Snowden believes there is a legitimate place for spies, but that they shouldn’t be allowed out of bounds of that place. So it ought to be about what the tradecraft is used for, not about the tradecraft itself, unless we’re here to understand that tradecraft, discuss what’s known and use that knowledge to further some watchdog function. Knowing what tradecraft exists is a legitimate enterprise in a context. Inferring that just because it’s spying therefore it’s wrong is not.
Besides, maybe if these security companies realize they aren’t sitting on top of the world, they’ll get down to really fixing their software to work on computers owned by other people. I’ve been through multiple security systems just in the past year, including Kaspersky, trying to find one — just one — which is built on the philosophy that what I do on my computer is the computer’s main purpose. Just a small acknowledgement from the software creators that I’m not just some idiot distraction from my computer’s true mission — Running security software, in the foreground, at top priority, using all the cores, and all the available memory, and churning through my disk 24/7. The only “safety” most security software really offers for my privacy, it seems sometimes, is the security of knowing that I couldn’t get either the mouse or the keyboard to garner my machine’s attention for long enough to actually create something that needed to be kept private.
One of many uses is reverse-engineering update capabilities to push a spurious ‘update’ or ‘ruleset’ and bypass signature checks, to not have their State-built malware detected (both presumably run in the same operating system level; most AV works fundamentally quite similarly to how most low-level rootkits work; ‘owning’ the kernel space gives latitude to how things get detected or not, for instance). Most also have reporting functions which can be useful, as can basically hooking into the AV itself. Nowhere near exhaustive, just some things since you seemed curious. You may not seem to see a problem with what you believe they’re doing, but it’s not merely auditing — among other things, they also basically enjoy using the system’s immune system to attack itself.
Just saying. I’ve done at least all of that stuff on machines before, but I never actually hurt anyone or compromised their system, though. It does matter how they were using the knowledge they gained by reverse engineering/decompiling, doesn’t it? Why do people here think it doesn’t?
Yes, it does matter, and that’s one thing I keep getting frustrated about. I’ve hinted at some of why that information may not even be in the trove of documents that GG received, and a lot of it has to do with how the American defense industry offloads its dirtier stuff to companies with their own disclosure (or lack thereof) and access policies. Which isn’t to say I don’t believe, for instance, that there isn’t more technical information in there (including about TAO) — but that just because it’s not in the docs doesn’t mean it’s not going on — it means a lot of it is very very compartmentalised, and there is no real ‘rabbit-hole’ at all — just a whole lot of warrens each methodical, money- and power-hungry, and quite quite well-paid. A few of those companies’ names are public, but barely, but a lot aren’t, and most of them don’t even know what the other hand at their own companies are doing. I don’t just mean big ones like SAIC. A lot of the really stealth companies only have a handful to a couple dozen employees.
I know about that. When the TIA program was “ended” by order of Congress, it dissolved into a necklace of about 50-60 startup corporations, and then re-coalesced in Singapore under the name of RAHS. It was traceable by doing rudimentary (by hand) link analysis of the boards of directors of the companies, they didn’t work very hard to hide it. I was also quite aware in January 2002 that the day after September 11, 2001, a whole lot of VoD and NVoD companies that were struggling here in the Valley suddenly repurposed as intelligence/security companies to feed at the expected government trough.
I do believe that the Snowden documents show some wrongdoing. In some cases, the only revelations they really make to the tech community are to provide the names of the programs that people already knew were there. But just catching the NSA at spying is a little weird sometimes. It is, after all, their jobscript. They are doing wrong when they spy on people they shouldn’t or invade privacy illegally to get their information, but not really when all you show about them is that they have a lot of people devoted to spying.
Some of the other “expert” statements often sound weird to me. Like the constant refrain from the encryption gurus about how how encryption methods are weakened by not having transparency and open source. That’s only true here on the outside. Inside the intelligence community, they have a huge community of highly trained people far more capable of doing in-house open source than the people on the outside are capable of public open source. I am coming from mathematics, and all of us in my field have been aware for decades that the largest employer of mathematicians by far is the intelligence community, with 1/4 of all the world’s mathematicians employed by U.S. intelligence alone. They used a different system in the former USSR, there all mathematicians employed at universities were required to give up some of their time for government use. But suffice it to say, there is no shortage of eyeballs for R&D inside the intelligence community, as the “experts” on the outside always seem to claim. They bury whole industries inside a wall. The Japanese seemed to be running away with the SLM/Optical Computing market in the 1990/early 2000s but it was really because all the American manufacturers were working for the spooks.
The more you know about computers and security, the more you are hacked and spied on.
This will result in a massive cultural and intellectual purge.
We have not only killed the tech industry, but we are killing intellectual curiosity about computers and technology.
Actually I’d say it’s more, the more people use computers, etc. I’m thinking it’s primarily a function of seeing it as an extension but having little core understanding of the underlying concepts or actual technology — ie, because it is such an abstraction, yet something so taken for granted, people assume they know more than they actually do (because they don’t know how much work was put into making it ‘useable’). I’d say, it’s pure curiosity that’s killed. ‘Curiosity’ for profit and power (even interpersonal power and internet famez) is on the upswing.
Is tech our tool? Or are we tools because of tech?
The way that was put in the 1960s was, “We built these things to service mankind,not the other way around.”
The more life becomes automated and outsourced, the less ‘meaning’ life has for people; a lot of people find meaning in family, community and their career. Communities are consistently getting smaller, and careers that actually ‘make things’ that people can touch or which have meaning have yielded to money as bits-and-bytes and a largely IT-based economy.
If people can’t get jobs how do they eat, house, clothe and take care of themselves or their families?
I’m not a luddite, but I don’t understand what people believe they are supposed to do with their time or their lives if they have no meaning and can’t get work. If we do wind up living in a world of ‘guaranteed living wage’ for doing ‘whatever’ by some benevolence (/s) of corporations, then how does that make us substantially any different than property?
60s automats just wound up turning into 1980s/90s/20xx’s frozen foods and microwaves. Some tech is okay. But tech shouldn’t be guiding us, we should be guiding it. Won’t happen, but it’s still a nice dream. Toffler would be repeatedly turning over in his grave.
Very interesting comment (and this discussion is very good).
I might add that our “commuities’ are becoming increasingly homogeneous, we tend to form social media groups of like-minded folks (which is only natural, I suppose), even search results can differ for different people putting in the same search terms. We really don’t dialogue with others who think differently, and too often when that happens, defenses go up, and the discussion is likely to turn uncivil.
Human beings have always searched for meaning in life and individuals for meaning in his or her life. I still think that many still find meaning in family, some in faith, some even in work, some in creating art, etc.. One thing I’ve noticed and I feel is one of our underlying problems is that we’re treated as mere consumers — worth nothing more than being a subject for sales pitches and valued for what we can buy; or only valued for our data which can be mined and/or sold. I would really love to see more coverage of that, SOMEWHERE!!!
What will happen if people can’t get jobs and support families? Will there be some guaranteed wage??? That’s a thought; but seeing the resistance in so many quarters for living wages, that would be a surprising development. Who knows, though?
You’re right; WE should be driving technology; do we have the will to do so?
@feline:
Thanks for the reply. :)
I can think of little more dangerous than a thinking populace without work and with community. I also can’t think of a good reason (from a corporate standpoint) to pay people to do basically nothing, especially if most of the production is done half a world away. There’s no financial benefit to it. One reason I half-jest that the pharmaceutical and big-food companies really do work well together… While I’m mostly speculating in a very cynical manner when I say this (no conspiracy theories), by basically massively degrading the health of the majority of people worldwide the lifespan greatly reduces; remove access to money, which removes access to healthy food, drugs and medical care, and you have how many type-2 diabetics and people with other chronic health problems who will ultimately… what? It could, if one wished it to, lead to a form of (even inadvertent) socio-eugenics. Which is to say, it’ll knock off those who can’t afford to survive, lacking any public access (or supply) to survive off of the land (or indeed even live on it without paying someone to do so). Pretty dystopic stuff, and stuff I hope never comes to pass. Or maybe we’ll wind up with some form of lottery. Or maybe we’ll never get that far. I’ve long speculated (with no ill-intention or desire, mind you) that the quickest way to cut birth rate is to basically give people money to not reproduce; it’d work quite parasitically on the people who’d need money the most (like kidneys in Pakistan), most of whom would probably not be able to live off of it for very long anyway… these sorts of scenarios, I don’t even think, are too far out if we don’t self-correct. I want to see more self-correction, badly. So far all I’ve seen when people rescind regulation is massive excessive abuse — a big-ass socioeconomic tragedy of the commons with a few people owning the majority of the cows so people sharing a cow or only having one or two cows can’t keep their cows alive.
But I’m rambling.
We have not only killed the tech industry, but we are killing intellectual curiosity about computers and technology
Always hate the use of “we” as many have been warning of this for the past decade or so, or longer.
But definitely agree with you.
Once again, thank you Mr. Snowden.
I second that. I used Kaspersky and now I’m using Avast. Both have been and likely still are being hacked by the NSA/GCHQ. It’s even more outrageous that, in their now well-known and already outrageous authoritarian power trip, they’ve also been interfering with anti-virus programs that millions and millions of people rely on to avoid being affected by viruses and malware or even identity thieves.
Once again, a big thank you to Edward Snowden and The Intercept for letting the public know about this madness. I will avoid using Norton. McAfee and Sophos at all costs, as it seems quite possible that they have some sort of arrangement with the NSA, etc. And I will most certainly be bringing this up repeatedly in the 2016 elections in my area; here in southern Illinois, the Green Party is relatively strong, and we do not like authoritarian nonsense such as this. The Democrats and Republicans who support this must be made aware that there will be a political cost for this.
That should be a comma after Norton, not a period. Darn punctuation typos…
Symentec was flagged in other Snowden documents as working in partnership (like Microsoft, AT&T & Verizon) with the NSA and is probably why its not on the list of “targets”.
And it doesn’t worry you that Kaspersky is Russian?
Peter,
As I wrote to Mr. Meyers:
One of the oldest rules of ‘war': At least to a limited extent, the enemy of your enemy is often more of your friend than your enemy is.
What does Kaspersky want with your personal life? They don’t tax you, and they don’t control you. They’re not in your country. They have little relative power over you. What’s more they’re currently being actively scorned by those who DO have power over you and DO seek, in every way, to control you and how you think. You may indeed (for whatever reason) come of interest to them, but ultimately interest without the fist to slam down to squash you is a lot less threatening.
Russia also doesn’t drone bomb other countries or in other ways go to such great and vast lengths to extend itself in the name of ‘Empire’ (despite what the US and NATO are trying to claim by posting 40,000 NATO ‘soldiers’ along the Russian borders or whatever the hell it is they’re now doing that they of course are claiming is for defense but is really going way further than Russia ever did with Cuba (and that only worked out because two leaders, essentially, were able to communicate).
Do they have a spying apparatus? Of course they do. But if you think most of the security and ‘security’ companies in the US aren’t run, operated, and employing a metric shit-ton of people who are generally far more ‘accountable’ to their corporate’s governance (and their government’s governance — security clearances and such being more and more de rigeur for a lot of work)… Well, I don’t know what to say.
If you want to know what a country spies on and/or is interested in spying on, look at its values and what it’s interested in, the lengths it goes to now, where it has power, and what it seeks to control.
If you’re criticising Russia, you may indeed wind up interesting the FSB or GRU or whatever. Funny thing with those agencies, though, they usually like to make it quite known they’re interested (moving things in your apartment when you’re out to let you know they’ve been there, etc). There’s a sort of purity in that level of transparency, even when it can be stifling, paranoid-making and even brutal occasionally.
China has a similar (albeit perhaps harsher) transparency when it comes to some things. If it’s economic, China is probably interested; if it’s about China, or one of China’s allies or perceived enemies, or is in some way directly useful to them (or antagonistic to them), they’re also probably interested.
But generally if you’re some schlub living on a farm in the Heartland of America (well, one that doesn’t also have missile silos, perhaps), delivering newspapers to stands in San Salvador, working a 9-5 in Chisinau for crap wages, working in a call-center in Mumbai, or whatever, they’re not likely to give a flying fig about your personal life, who you’re connected to, or what you’re looking at online unless it’s directly useful or antagonistic — and even if it is, they’re more likely to pursue it directly. You don’t really see the Chinese going around murdering people for information. There’s a purity in that as well, even if it’s crime — there’s a code.
If it’s anything about anybody, on the other hand, America and its allies are probably interested, and if your tech companies are cooperative, then there’s really no way to know if you’re one of the people they’re interested in, or, due to contact-chaining, even why. The biggest problem with the 5-eyes (and 9 and whatever else) alliances is that most of it funnels back to the same power centers, and most of those countries eagerly support ‘contractors’ who are all-too-willing to sell spyware and malware to hold the peoples of other countries down.
I haven’t even gone into the ways that companies are duped into hiring people with dual goals, or can be coerced to do things (like adding very minor bugs that are almost impossible to spot but with knowledge of which can be utilised by only people who know the specific flaw and how to exploit it). Since most people, and certainly most companies, don’t engage in line-by-line auditing, and test engineers are often not even involved in the dev process for the most part, if it works, it usually goes through — and most of those backdoors are edge cases that even a careful audit might miss; they’re *clever*. FOSS is actually even more open to this, but at least there is public auditing in place; eventually those bugs might come out (albeit months or years later, but still — better the devil you can know).
In all cases, I’d say it’s probably better off to go with an AV and/or security company that doesn’t enable those who have to essentially bow to the wishes of someone/something which can, without explanation, consider you their enemy.
At least Kaspersky outs state-sponsored malware, and the fascistic ‘products’ that come out from HackingTeam and their ilk (pero, pero, pero, non lo so!).
BTW, this is just the sort of statement that can be seen as xenophobic in general. It’s how we got such stuff as ‘doesn’t it worry you that such-and-such is Arabic?’ or, once upon a time, ‘black’ or (probably even still now) ‘a wetback’.
To be perfectly frank I see nothing wrong with Kaspersky having once been a part of the KGB/FSB. Does it bother you who runs CrowdStrike? Or any of those companies?
Don’t you think that if NSA find a justification of any relations between KGB/FSB in Kaspersky network they would mention it in their report?
@Alff2000: Do you believe the NSA discloses their relations? Do you believe that when they do disclose things, they’re true? Do you believe they don’t sometimes also disclose things that aren’t? Or make allegations/attributions that serve their needs?
Kaspersky has been quite open about and willing to discuss his past; it’s not a secret; he says so publicly. He also doesn’t serve in any primary development, testing, or whatever else on his software products (he may look at it, he may even probe at it (he is technical), and he probably does look at it at least a bit more than most American tech CEOs do, but isn’t that a good thing? Most American CEOs just go from company to company and don’t know what they’re talking about; their business is ‘being CEO’ not ‘being CEO of xx Company’, and many can’t even code (or read code).
Since you’re really really interested in Eugene Kaspersky having once worked with KGB/FSB, I’m curious why you’re not applying the same scrutiny to Bruce Schneier, who did quite a bit with the NSA back in his younger days.
So is Group-IB and they’ve done a LOT of work to investigate and research threats — including ones posed by Russians. Kaspersky’s not the only Russian company that is involved in ‘security’. I’d actually say a lot of their work and reports are more technical and well-researched than most of the American companies (or the Israeli ones). They also seem to be more successful at actually aiding prosecutions and taking down botnets instead of drilling at it but never getting anywhere. Not advocating for or against them (nor do I have any affiliation) but I think it’s disingenuous to suggest that any company is ‘bad’ just because it’s ‘Russian’. Commenting again because I just reread that and realised I also could offer an example that might fit your worldview of ‘good’ but didn’t provide it in my first reply.
Ditto to the max!