Wednesday, October 25, 2017

Some notes about the Kaspersky affair

I thought I'd write up some notes about Kaspersky, the Russian anti-virus vendor that many believe has ties to Russian intelligence.

There's two angles to this story. One is whether the accusations are true. The second is the poor way the press has handled the story, with mainstream outlets like the New York Times more intent on pushing government propaganda than informing us what's going on.


The press

Before we address Kaspersky, we need to talk about how the press covers this.

The mainstream media's stories have been pure government propaganda, like this one from the New York Times. It garbles the facts of what happened, and relies primarily on anonymous government sources that cannot be held accountable. It's so messed up that we can't easily challenge it because we aren't even sure exactly what it's claiming.

The Society of Professional Journalists have a name for this abuse of anonymous sources, the "Washington Game". Journalists can identify this as bad journalism, but the big newspapers like The New York Times continues to do it anyway, because how dare anybody criticize them?

For all that I hate the anti-American bias of The Intercept, at least they've had stories that de-garble what's going on, that explain things so that we can challenge them.


Our Government

Our government can't tell us everything, of course. But at the same time, they need to tell us something, to at least being clear what their accusations are. These vague insinuations through the media hurt their credibility, not help it. The obvious craptitude is making us in the cybersecurity community come to Kaspersky's defense, which is not the government's aim at all.

There are lots of issues involved here, but let's consider the major one insinuated by the NYTimes story, that Kaspersky was getting "data" files along with copies of suspected malware. This is troublesome if true.

But, as Kaspersky claims today, it's because they had detected malware within a zip file, and uploaded the entire zip -- including the data files within the zip.

This is reasonable. This is indeed how anti-virus generally works. It completely defeats the NYTimes insinuations.

This isn't to say Kaspersky is telling the truth, of course, but that's not the point. The point is that we are getting vague propaganda from the government further garbled by the press, making Kaspersky's clear defense the credible party in the affair.

It's certainly possible for Kaspersky to write signatures to look for strings like "TS//SI/OC/REL TO USA" that appear in secret US documents, then upload them to Russia. If that's what our government believes is happening, they need to come out and be explicit about it. They can easily setup honeypots, in the way described in today's story, to confirm it. However, it seems the government's description of honeypots is that Kaspersky only upload files that were clearly viruses, not data.

Kaspersky

I believe Kaspersky is guilty, that the company and Eugene himself, works directly with Russian intelligence.

That's because on a personal basis, people in government have given me specific, credible stories -- the sort of thing they should be making public. And these stories are wholly unrelated to stories that have been made public so far.

You shouldn't believe me, of course, because I won't go into details you can challenge. I'm not trying to convince you, I'm just disclosing my point of view.

But there are some public reasons to doubt Kaspersky. For example, when trying to sell to our government, they've claimed they can help us against terrorists. The translation of this is that they could help our intelligence services. Well, if they are willing to help our intelligence services against customers who are terrorists, then why wouldn't they likewise help Russian intelligence services against their adversaries?

Then there is how Russia works. It's a violent country. Most of the people mentioned in that "Steele Dossier" have died. In the hacker community, hackers are often coerced to help the government. Many have simply gone missing.

Being rich doesn't make Kaspersky immune from this -- it makes him more of a target. Russian intelligence knows he's getting all sorts of good intelligence, such as malware written by foreign intelligence services. It's unbelievable they wouldn't put the screws on him to get this sort of thing.

Russia is our adversary. It'd be foolish of our government to buy anti-virus from Russian companies. Likewise, the Russian government won't buy such products from American companies.

Conclusion

I have enormous disrespect for mainstream outlets like The New York Times and the way they've handled the story. It makes me want to come to Kaspersky's defense.

I have enormous respect for Kaspersky technology. They do good work.

But I hear stories. I don't think our government should be trusting Kaspersky at all. For that matter, our government shouldn't trust any cybersecurity products from Russia, China, Iran, etc.

4 comments:

Rui Pacheco said...

'Most of the people mentioned in that "Steele Dossier" have died.' - where did you get this from?

corrector said...

Both the NYT and WaPo are willing to publish almost anything that shows Russia in bad light, just because it shows Russia in bad light, in order to suggest something bad on Trump. They might as well not understand any of the important technical point of their own story, just like Slate with their "Trump Tower server is pinging Alfa Bank" nonsense - another fake story for which we still have no explanation about how they came up with the data!

Ivo Blaauw said...

"people in government have given me specific, credible stories -- the sort of thing they should be making public.... ...because I won't go into details you can challenge."

You appeal to anonymous sources in a way you previously condemned vigorously. Speak out or don't bring this up at all. As you mentioned repeatedly yourself.


"if they are willing to help our intelligence services against customers who are terrorists, then why wouldn't they likewise help Russian intelligence services against their adversaries?"

So adversaries equals Terrorists now? Since the US is spying on both it's enemies and adversaries, we can similarly assume it views them all as terrorists as well?
You have your patriot act that makes drones of all US companies and it's employers, domestic and abroad. Now the US complains about foreign companies that are complying to THEIR strangling laws. The US are right not to trust them. Just as they in turn are right not to trust the US.

mcfedr said...

So really, its just amazing that the government would use closed source software, especially when it comes from a foreign country, but really in general.