- Jun 24, 2016
- 2,399
"Israeli intelligence allegedly hacked into Kaspersky Lab's network and found Russian intelligence was already monitoring the company's communications with endpoints, as well as running searches for interesting-looking files on customers' PCs."
Meaning if you had Kaspersky product installed on your system, Russian intelligence could sneak on your personal files? Or only suspicious files that were uploaded to the cloud server of the security firm?
Meaning if you had Kaspersky product installed on your system, Russian intelligence could sneak on your personal files? Or only suspicious files that were uploaded to the cloud server of the security firm?
If Kaspersky are breached, an attacker could potentially adapt configuration settings to allow more files to be deemed "suspicious" depending on how their cloud network works, resulting in more documents being uploaded. If the attacker was able to maintain persistence for enough time, they could leverage the success of such a task to collect more files from someone's system off their cloud network.
Generally speaking though, I'd imagine it would only be files uploaded to the cloud network, since Kaspersky isn't going to have a backdoor implemented which allows an employee to list all files on someones system at any given time and upload the manually selected (well who knows, I would hope not!). However, if an attacker has already breached the network... They might be able to tweak things to cause more files to be deemed "suspicious" (and then uploaded) - then these uploaded files would be vulnerable to theft in a network breach incident.
It really depends on:
- How secure the Kaspersky infrastructure is.
- How the configuration for the cloud network is applied and what the limitations are.
- If files are permanently stored on the cloud network or if they are deleted within a certain time frame.
- How files are protected on the cloud network. For example, access control.
Functionality such as a cloud network requires a secure and clear design road-map so in the case of a breach, the impact (of damage) is reduced as much as possible. If files are quickly removed off the cloud network, undergo encryption (secure encryption - decryption done locally on the Kaspersky systems instead of on the network itself) and enforced access control... Then it would be harder to do damage in the case of a breach; that doesn't mean it will stop damage from being done.
For example... If a service provider stores personal information on a database which is encrypted and then the service network/s are breached, an attacker can steal all of this data. The problem for them would be the encryption. If the encryption is not securely performed, an attacker could start reverse engineering parts of the service to discover if they can reverse the encryption without having to acquire the keys somehow (or similar). Large corporations like Sony have been effectively hacked and this resulted in several millions of peoples personal data being exposed to hackers, including banking information.
Now compare the damage of a breach to a service which doesn't even know how many customers they have using their service, let alone potential theft for stored data of their personal information. The less data stored, the less damage can be done. Even if data is stored, if it gets removed within a nice time-frame once it is no longer necessary, if a breach occurs 2 months later, the old data from old clients or people who used the service back then would be safe.
The same methodology can be applied with Kaspersky and many other vendors, including general companies. If lots of data is stored (e.g. user documents) and a breach occurs, if an attacker is able to surpass the mitigations in place to reduce damage in a scenario like that and get away with something usable/profitable to them, then damage will be done. If a vendor keeps little data and has really simple but effective ethics, you might be safer in the case of a breach (e.g. not much data stored, data wipes frequently when something is no longer required, strong and secure encryption for anything that does happen to be stored, access control so only people with set permission can access the data).
Things would be much better if uploaded documents (which were deemed "suspicious" to result in the upload) were deleted after being inspected, securely. If a practice like this was enforced, then files uploaded to be inspected a year ago won't be vulnerable to theft during a breach months or even a year/longer later. It would also save the company money by being more efficient with their storage.
You have to decide if you trust Kaspersky with your data or not.
Last edited by a moderator:
- Sep 26, 2014
- 2,973
This thing with security companies is getting interesting.
<Look i am showing you with my finger who did it>
Making fun is good but not responding to the survey doesn't surprise me.
<Look i am showing you with my finger who did it>
Making fun is good but not responding to the survey doesn't surprise me.
"Trend Micro declined to field the questions."
Of course they did.. Trend Micro is now largely a CIA front company after their merger with Booz Allen Hamilton.
Of course they did.. Trend Micro is now largely a CIA front company after their merger with Booz Allen Hamilton.
Similar threads
