Arequire

Level 22
Content Creator
Verified
Did the contractor transferring highly classified files from his place of employment to his home not set off any alarm bells? I'm not familiar with policy regarding classified material or the safeguards put in place to prevent that kind material from leaking but after Snowden I figured the NSA would crack down on this sort of thing.

As for Kaspersky, I've still seen no evidence of active spying. Yes, their software could be used to extract classified data for the Kremlin, just as McAfee or Norton could be used in the same way by the US government. Here's an idea: Stop using each others' software in sectors that involve the handling of sensitive data. Overly nationalistic newspapers blurting what amounts to hearsay every other week just makes the whole ordeal seem like nothing but propaganda.
 

mlnevese

Level 13
Verified
Did the contractor transferring highly classified files from his place of employment to his home not set off any alarm bells? I'm not familiar with policy regarding classified material or the safeguards put in place to prevent that kind material from leaking but after Snowden I figured the NSA would crack down on this sort of thing.

As for Kaspersky, I've still seen no evidence of active spying. Yes, their software could be used to extract classified data for the Kremlin, just as McAfee or Norton could be used in the same way by the US government. Here's an idea: Stop using each others' software in sectors that involve the handling of sensitive data. Overly nationalistic newspapers blurting what amounts to hearsay every other week just makes the whole ordeal seem like nothing but propaganda.
I have worked with secret material in the past, not government but corporate... no internal computer would allow any new devices installed, no usb drives would work, for instance. They also had tampering alarms so if anyone tried to open a computer to steal a drive, for instance, security would be alerted instantly. Emails sent to external addresses would go through moderation on the server and would be sent only after confirming there was no internal information on them. And all your actions were recorded... That's the reason I think it's funny when someone in a movie steal corporate secrets by just copying them into a drive after guessing the correct password in the first try, of course :)

I thought government classified information would have even more severe measures implemented...
 

DeepWeb

Level 21
Verified
So? This is what all the fake controversy is about? It's even easier to use exploits in McAfee. By banning Kaspersky they just made it even easier. Heck they won't have to do any exploits anymore because McAfee can't even detect regular malware.
 

tim one

Level 21
Trusted
Malware Hunter
Verified
So to sum it up:

1) You are an agent or an employee of the NSA, and you bring to your home secret documents and malware used by the NSA to penetrate the computer networks of other countries and for defending those in the US.

2) You put everything on a computer that is not secure.

3) The computer is connected to the Internet.

4) On the computer there is an antivirus (Kaspersky) which, as all the antivirus, does its dirty job, and then detects the presence of the malware by sending it to the vendor.

Then Russia spies use the access provided by the antivirus to get a copy of the NSA malware withdrawing it from your computer, and then stealing it to NSA.

But...but...sorry, how do you have to be an idiot to make a sequence of errors like that?

And above all, how incompetent are NSA leaders, who fail to prevent employees to take home a super-secret malware???
 

Local Host

Level 11
As a consumer, this makes me want to use Kaspersky even more. This is clearly a witch hunt. They are trying to tarnish Kaspersky's reputation with a false flag.
Kaspersky has been around for 20+ years, not some Chinese AV company.

I would not trust American AV companies though, at least they have white listed various agencies spyware and possibly another backdoor into your computer. As if OS backdoors, CPU backdoors, router etc weren't enough.

I would not trust Chinese products...Chinese companies will do anything for the yuan, even killing their babies via formula.
China is right at the top when it comes to countries I don't trust at all, followed by USA, it is the main reason I don't recommend Qihoo 360 to anyone!

While Chinese have been long exposed and accused of cyber spying, USA are the worst cause they keep trying to manipulate everyone into thinking they're the good guys.
 
Last edited:

Solarquest

Moderator
Staff member
Malware Hunter
Verified
It's like in a spy movie, and as in a spy movie you (might) get the truth at the end.

Now:
-the fact that a contractor can get these top secret files and bring them home is "amazing";
- the fact that this is still possible after it happened already (too) many other times in the past ist "incredible".

Why should someone bring such top secret programs home????:X3::unsure:

Now, someone, somehow did it.
Kaspersky did it's job and submitted the fingerprint of the suspicious new files to Kaspersky's server.

What happened now???
Till here the files are still kind of "possible".
The question is, what happened next?
How did the hackers know about it, about the detections?
On the other side, why were these detected if they shouldn't be? Were these scanned/uploaded for the first time by AV?
Anyway, let's imagine they got detected.
Again, how did the hackers know about it???
Or Kaspersky was (had been) hacked at that time or it had a bug that got exploited, or they gave the info away.
Last thought... imagine it's true...how would you expect your government to handle it?

All is very "weird"... let's wait for the end of the "movie"...and let's hope to get the truth too.
 

tim one

Level 21
Trusted
Malware Hunter
Verified
It's like in a spy movie, and as in a spy movie you (might) get the truth at the end.

Now:
-the fact that a contractor can get these top secret files and bring them home is "amazing";
- the fact that this is still possible after it happened already (too) many other times in the past ist "incredible".

Why should someone bring such top secret programs home????:X3::unsure:

Now, someone, somehow did it.
Kaspersky did it's job and submitted the fingerprint of the suspicious new files to Kaspersky's server.

What happened now???
Till here the files are still kind of "possible".
The question is, what happened next?
How did the hackers know about it, about the detections?
On the other side, why were these detected if they shouldn't be? Were these scanned/uploaded for the first time by AV?
Anyway, let's imagine they got detected.
Again, how did the hackers know about it???
Or Kaspersky was (had been) hacked at that time or it had a bug that got exploited, or they gave the info away.
Last thought... imagine it's true...how would you expect your government to handle it?

All is very "weird"... let's wait for the end of the "movie"...and let's hope to get the truth too.
Yes, a spy-story with huge geopolitical implications.

About Kaspersky antivirus, yes we should continue to use it because the risk of being attacked by common cybercriminals is immensely superior (with a few exceptions) to be targeted by Russian cyber spies.....:cool:
If you become a target for any government, the brand of your antivirus is the latest of your problems.
 

DeepWeb

Level 21
Verified
@tim one Granted they probably want their employees to have as much freedom to continue working on their tools. Sometimes you do have that spark for an idea at home or while you're commuting back home or taking a sip somewhere in a cafe and you want to write it down before the idea escapes you. It's still a workplace that competes with Facebook, Google, banking security etc for the best of the best and when the working conditions suck, who is going to bother working for them? So I would say there is a lot of pressure by the employees to not have too much oversight, too. The last thing they want is someone to use their own tools against them. :D
 

tim one

Level 21
Trusted
Malware Hunter
Verified
@tim one Granted they probably want their employees to have as much freedom to continue working on their tools. Sometimes you do have that spark for an idea at home or while you're commuting back home or taking a sip somewhere in a cafe and you want to write it down before the idea escapes you. It's still a workplace that competes with Facebook, Google, banking security etc for the best of the best and when the working conditions suck, who is going to bother working for them? So I would say there is a lot of pressure by the employees to not have too much oversight, too. The last thing they want is someone to use their own tools against them. :D
Honestly it is difficult to understand what really happened, and how incompetent people can work in "sensitive" environments, but in this case there might be information that has not been made public.
But from personal experience I can say that in many companies sometimes critical tasks are entrusted to people who have no understanding of what they are doing.:rolleyes:
 
D

Deleted member 65228

“Even though we have an internal security team and run bug bounty programs, we can’t give a 100 per cent guarantee that there are no security issues in our products,” Kaspersky said. “Name another security software vendor that can! Software is made by people and people make mistakes – no getting round that.
no matter how great security technologies and measures are, the security of millions can be easily compromised by the oldest threat actor there is – a $5 USB stick and a misguided employee.”
Agreed.
 

DeepWeb

Level 21
Verified
Honestly it is difficult to understand what really happened, and how incompetent people can work in "sensitive" environments, but in this case there might be information that has not been made public.
But from personal experience I can say that in many companies sometimes critical tasks are entrusted to people who have no understanding of what they are doing.:rolleyes:
Welcome to the US government. :LOL:
 

Andy Ful

Level 36
Content Creator
Trusted
Verified
The problem is that any antivirus can be exploited by a professional team. And, the exploits have not to be related to the core antivirus services or drivers, but are often related to subsidiary DLLs (like decompressing libraries, etc.). For years, anyone having much money could buy in the Darknet, some exploits for most of the known antiviruses. I agree that anti-Kaspersky campaign has a political background.
 

shmu26

Level 72
Content Creator
Trusted
Verified
I assume that most of our forum members do not keep state secrets on their computers, do not engage in illegal trafficking, and are not planning a major terrorist attack any time soon.
So what are you guys all worried about?
I just don't get it.
 

Andy Ful

Level 36
Content Creator
Trusted
Verified
It is simple. Russia wants to ban Windows from Government PCs, so why US Government cannot throw out Kaspersky AV? I do not suspect the Kaspersky staff to spy for their Government. But, what is the problem to put a spy in Kaspersky, and release some Kaspersky products with a backdoor or some bugs (known to someone interested)? And we know that both Governments have so much to hide. :)
As @cruelsister and some other members said, the above can be a problem for the Government, but not for the home users and small business. Kaspersky is still one of the most secure AVs.