Moon of Alabama Brecht quote
October 11, 2017

Spy Spin Fuels Anti-Kaspersky Campaign

Since May 2017 certain U.S. circles openly campaign against security products provided by the Russian company Kaspersky Labs. Three recent stories claim involvement of the software in rather fantastic "Russian hackers" stories. It is renewed attack after a silent spy campaign in 2015 against Kaspersky had failed. The current stories seem inconsistent, lack logic and evidence.

If one believes all the now made claims then Israel hacked Kaspersky, which was hacking an NSA employee who had stolen NSA hacks, while being hacked by Russia which was hacked by the NSA, while the NSA was warned by Israel about Russian hacks. Makes sense?

The Russian company Kaspersky Lab makes and sells the probably best anti-virus protection software available. All anti-virus software packages need full access to the system they run on. It is the only way to assure that the packages themselves are not compromised by some super-virus. Anti-virus packages upload malware they find for further analysis. They also update themselves through a secure internet connection. This enables the product to detect new viruses soon after they have been discovered in the wild. Both of the characteristics, full system access and online-update, make these tools inherently dangerous. They can be abused either by their producer or by someone who infiltrates the producers systems.

Computer geeks call such products "snake-oil" as they promise a grade of security that can not be guaranteed, even while they themselves constitute a significant security risk. One either must trust such anti-virus packages or not use them at all.

Since May 2017 Congress made noise about banning Kaspersky products from the U.S. Defense Department and other government entities. In September the Department of Homeland Security order all federal agencies to remove Kaspersky software from their system. Kaspersky Lab makes some 60% of its total revenues in the United States. The DHS order and the resulting press reports will do very serious damage to its business. It will help to sell competing U.S. products.

Eugene Kaspersky, the owner of the company, has offered to provide the source code of the products for review by U.S. government specialists. He also offered to testify before Congress. Both to no avail.

There is fear mongering, without any evidence, that Kaspersky may cooperate with the Russian government. Similar accusations could be made about any anti-virus product. U.S. and British spies systematically target all anti-virus products and companies:

The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it.
An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights. They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos.

That the NSA and the British GCHQ did not list U.S. and British made anti-virus products on their "to do" list lets one assume that these packages can already be controlled by them.

In February 2015 Kaspersky announced that it found U.S. and UK government spying and sabotage software infecting computers in some 42 countries. It released a detailed report about the "Equation group", its name for NSA and GCHQ spy tools. In June 2015 Kaspersky Lab detected a breach in its own systems by an Israeli government malware. It published an extensive autopsy of the breach and the malware programs used in it. Meanwhile the NSA attacked Kaspersky products and customers:

The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.

Later that year the CIA and FBI even tried to recruit Kaspersky employees but were warned off.

That the U.S. government now attempts to damage Kaspersky is likely a sign that Kaspersky Lab and its products continue to be a hard-target which the NSA and GCHQ find difficult to breach.

To justify the public campaign against Kaspersky, which began in May, U.S. officials recently started to provide a series of cover stories. A diligent reading of these stories reveals inconsistencies and a lack of logic.

On October 5 the Wall Street Journal reported: Russian Hackers Stole NSA Data on U.S. Cyber Defense:

Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

A NSA employee copied code of top-secret NSA spy tools and put it on his private computer. (“It’s just that he was trying to complete the mission, and he needed the tools to do it.” said 'one person familiar with the case' to WaPo.)

The Kaspersky anti-virus software, which the NSA employee had installed, identified parts of these tools as malware and uploaded them for analysis to the Kapersky's central detection database. The Kaspersky software behaved exactly as it should. Any other anti-virus software behaves similar if it detects a possibly new virus.

The "multiple people with knowledge of the matter" talking to the WSJ seem to allege that this was a "Russian hacker" breach of NSA code. But nothing was hacked. If the story is correct, the Kaspersky tool was legally installed and worked as it should. The only person in the tale who did something illegal was the NSA employee. His case demonstrates that the NSA continues to have a massive insider security problem. There is no hint in the story to any evidence for its core claim of "Russian hackers".

Eugene Kaspersky himself strongly denies any cooperation with Russian government entities as well as any involvement with any NSA employee leak. The German government found no evidence that Kaspersky is spying for Russia. Its federal data security office (BSI) trashes the U.S. reports:

“The BSI has no indications at this time that the process occurred as described in the media.”

Further down the WSJ story says:

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter."

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

If the last sentence is true the employee must have had top access to multiple NSA programs.

A new story in the New York Times today builds on the WSJ tale above. It makes the claims therein even more suspicious. The headline - How Israel Caught Russian Hackers Scouring the World for U.S. Secrets:

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, ...

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer.

The Washington Post version of the story is remarkable different. Unlike the NYT it does not claim any Russian government involvement in Kaspersky systems:

In 2015, Israeli government hackers saw something suspicious in the computers of a Moscow-based cybersecurity firm: hacking tools that could only have come from the National Security Agency.

Israel notified the NSA, where alarmed officials immediately began a hunt for the breach, according to people familiar with the matter, who said an investigation by the agency revealed that the tools were in the possession of the Russian government.

Israeli spies had found the hacking material on the network of Kaspersky Lab ...

While the NYT asserts that the Russian government had access to the Kaspersky systems, the Washington Post does not assert that at all.

The NYT claims that the Israelis alerted the NSA of Russian government knowledge of its tools while WaPo says that it was the NSA itself that found this out. That Israel alerts the NSA when it has its hands on a valuable source that reveals NSA tools is not believable. There is no love lost between Israeli and U.S. spy agencies. They spy on each other whenever they can with even deadly consequences.

The NYT story is based on "current and former government officials", not on the usual "U.S. officials". It might well be that Israeli spies are spinning the NYT tale.

We already knew that the Israeli government had in 2015 breached some Kaspersky systems. Kaspersky Lab itself alarmed the public about it and provided an extensive forensic report.

There are several important questions that the above quote stories do not ask:

If the Israelis detected NSA malware in the hand of the Russian government "more than two years ago" (NYT) how come that the NSA hole was only found in 2016  (WSJ)? Did the Israelis use their claimed knowledge for a year without alarming their "allies" at the NSA? Why?

And why would the detection of alleged Russian government intrusion into Kaspersky products lead to a ban of these products only in fall 2017?

If the story were true the NSA should have reacted immediately. All Kaspersky products should have been banned from U.S. government systems as soon as the problem was known. The NSA allowed the Russian government, for more than a year, to sniff through all systems of the more than two dozen American government agencies (including the military) which use the Kaspersky products? That does not make sense.

These recently provided stories stink. There is no evidence provided for the assertions therein. They make the false claim that the NSA employees computer was "hacked". Their timelines make no sense. If not complete fantasies they are likely to be heavily spun to achieve a specific goal: to justify the banning of Kaspersky products from U.S. markets.

I regard these stories as part of "blame Russia" campaign which is used by the military-industrial complex to justify new defense spending. They may also be useful in removing a good security product, which the NSA failed to breach, from the "western" markets.

Posted by b on October 11, 2017 at 08:14 AM | Permalink


When my present anti-v expires; I'm going for Kaspersky anti-v et al.
From what I've read in my investigations; Kaspersky is very likely the best option out there.
At this jucture, I've quit every U.S. based search engine, browser, and e-mail.
I'm working on finding an operating system not MS...

Posted by: V. Arnold | Oct 11, 2017 8:42:22 AM | 1

I can confirm that Kaspersky's PC/Windows protection is the best available. That presumably is the reason the company gets smeared as "Russian."

Kaspersky seems to think the problem is NSA employees working from home :-)) using Kaspersky virus protection.

Posted by: somebody | Oct 11, 2017 8:47:40 AM | 2

linux is the anwser...dont use microsoft, mac or google ...they are all i n league with terrorists and fund them...Israel is the Terrorist ...Mossad must be destroyed world wide....The zionists and their War of Terror is exposed and the western powers and the isra hell are doomed to the rubbish bin of history...inshallah

Posted by: charlie | Oct 11, 2017 9:06:57 AM | 3

@ #3:

This is a satirical post, correct?

I mean, the Linux part.

Posted by: Whyawannaknow1 | Oct 11, 2017 9:23:39 AM | 4

I've run Linux for years; never had a virus. Google says don't be complacent, plenty of viruses for all systems, but I've never had one and my unit runs 24/7 w/o any anti-virus software beside the default.

Posted by: ruralito | Oct 11, 2017 10:11:40 AM | 5

It was not that many years ago that legitimate news media did not permit news to be based on anonymous sources, except in rare cases like "deep throat," where measures were taken to assure the public that the source was known and credible. Otherwise, sources who did not allow their names to be released were not considered to be credible.

Today, news is based on nothing but anonymous sources. Look at all of the citations in your piece here. There is not one fact personally observed by the reporter, and not one quotation comes from a named source. Everything is from "current and former government officials" or some such nonsense. Stenography, not reporting, and credibility is zero.

Posted by: Bill H | Oct 11, 2017 10:16:18 AM | 6

linux is the answer! NSA had zero days for linux for years. qubesOS is closer to an answer. But security is not tied to one OS or one product, it is something you achieve via configuration

Posted by: Nelson Smiith | Oct 11, 2017 10:17:21 AM | 7

Avast is 'more AVS than you need', lol. ESET seems good at identifying malware sites, but systems scans admit they 'can't open' a lot of root files on your computer, any keystroke loggers that jack in from friends' email just sit there recording, what're ya gonna do?

In 2012 as a civilian employee of MIC, all of Pentagon's military and civilian personnel were hacked of all data. They were told to get Equifax, lol. In 2013, all Pentagon contractors were hacked of all data. We were told to get Equifax. Not so funny now. Our DoD auto-deposit account was immediately pinged from Europe. Our banker caught it. This was a large hacking operation, as DoD has 100,000s of MIC contractors. So we had to close out everything. We chose not to re-register with a now-hacked

Pentagon Payroll and Procurement has no idea where $10s of BILLIONS are disappearing.

So in 2017 Pentagon mysteriously went $54B over budget in just 7 months. Congress had to provide an emergency stop-gap. Nobody paid any notice. Congress increased the 2018 budget to $760B for Pentagon-DHS-CIA/NSA. They don't know where the bleedout breach is! Pentagon has inadequate auditing and no stop-loss. A hole in the dike, growing ever larger, $10sBs simply disappearing, $8 TRILLION MIA.

Just think of that. Rumsfeld admits $2.3 TRILLION is missing, next day, three buildings free-fall into their own footprints and a flying beer can with a miraculous diving spiral blows through 5 layers of impenetrable concrete and destroys all the investigation records of the breach, as Israelis dance on rooftops. Next day, Cheneys invasion plan, already in planning since July, kicks off, and takes down Saddam to.

Nobody seems to notice. Nobody seems to care. F'g sheep.

Pentagon bleedout will hit $1 TRILLION before 2020. The hacking breach and disappearing funds gap is widening. SS and MC are 'buyers of last resort' for US Treaduries to fund the bleedout. There is no stop-loss. Pentagon is the sought-after virus! Pentagon is the disease. We are lost.

Posted by: Chipnik | Oct 11, 2017 10:17:27 AM | 8

The Russian company Kaspersky Lab makes and sells the probably best anti-virus protection software available. All anti-virus software packages need full access to the system they run one.


Posted by: Laura Roslin | Oct 11, 2017 10:24:36 AM | 9

Computers are dirt cheap these days. My first Mac cost me $3000 and the first clone PC I built cost me $1500. Today, I can buy a super-duper-anti-pooper PC device for $500. Hell folks, that is cheaper than an Iphone...

Use one computer for your critical work that has no internet connection, or use an old PC that has no network card. The OS may be uncool by today's standards, but the dang business software has hardly changed - just gotten more bloated with features.

Have one computer for exposure to wild viruses and all that crap, and another you can rely on. Move files one-way using cheap, new memory sticks.

My old PC runs the last version of Windows NT - and never crashes or locks up. It uses MS Office from that period, and the files are still readable by newer products.

My outward looking computer is either a Mac or a Linux box. I only transfer sensitive files one-way - from isolated to unisolated. Periodically, I toss the hard drive and pop in a new one. My 'sensitive' stuff is miniscule, as I don't work in the military or spook world. It's patent stuff.

And run Kaspersky - it works and the other's don't. Unless you are working on sensitive government crap, do you really even care if Russians can fish a few of your files? Do most people have PLC devices hung off their computers that stuxnet things can access?

If you have Alexa and other IoT crap - get rid of it because they are gadgets that have more downside than upside. Do you TRULY need a talking fridge? A washer you can turn on with your phone? A talking link to Google?

I don't care if the alphabet guys get my files - because they aren't of use to them. Most of the guys working at the alphabet agencies are spending their time on porno anyway or looking for blackmail files and images - which is why they can't seem to ever do anything useful except maybe foul a keyboard irretrievably.

It's hilarious to me that so much effort is put into all this when the old school ways of passing notes and talking are such simple workarounds, IF you are truly wanting privacy and fear for your precious files.

Posted by: Oilman2 | Oct 11, 2017 10:29:02 AM | 10

Kaspersky uncovered the Stuxnet virus.

Posted by: Robert Browning | Oct 11, 2017 10:43:32 AM | 11


Posted by: dahoit | Oct 11, 2017 11:58:19 AM | 12

Yep this is payback for revealing who was behind Stuxnet, among other things. Every day, a little more USSA.

Posted by: sejomoje | Oct 11, 2017 11:59:05 AM | 13

Isn't it to little to late for a payback, since it's been 5+ years since Kaspersky Labs discovered and revealed who is behind Stuxnet and Flame? Nah, this one smells more of a good ole-fashioned fascist market protectionism where you simply ban "those vile Russians" from a large portion of the market. Of course, all in context of the Empire's ongoing Blame Russia! campaign.

Posted by: LXV | Oct 11, 2017 12:27:49 PM | 14

>>>> Chipnik | Oct 11, 2017 10:17:27 AM | 8

We were told to get Equifax.

What good would a credit report be at stopping viruses?

Posted by: Ghostship | Oct 11, 2017 1:03:18 PM | 15

The enemy of my enemy is my friend,
the friend that is my enemy is Israel

- Librul


jundallah mossad cia

(I recommend the article at Foreign Policy and
they let you in once without a subscription if you access the article via Google)

Mossad personnel, deployed on the ground in Iran,
openly pretended to be the CIA. They funded and directed
Sunni terrorists to kill Shia Iranian citizens so that Iran
would blame the CIA and retaliate in kind against American citizens.

Posted by: Librul | Oct 11, 2017 1:32:18 PM | 16

LXV, there are always dual purposes - that's how sht gets done in DC - they have a policy goal, and whoever executes it always throws in their own factional angle. That's why I said "among other things". Of course the "official" mission is to hurt Russian interests.

Posted by: sejomoje | Oct 11, 2017 1:33:28 PM | 17

Linux baby, all the way. Too many distros to bother making viruses for each one. 12 years later and not one single virus, never an AV, and fully open source. You wanna leave the corporations behind? Get with the program. Open BSD too. Yup...

Posted by: dan | Oct 11, 2017 2:07:59 PM | 18

Linux doesn't have many viruses - instead it has all manner of extremely dangerous 0-day bugs that can be exploited, plus a multitude of open source library vulnerabilities and channel attacks.
I was at a presentation by Paul Vixie - one of the 2 people who first proclaimed open source as the best way to product good and secure products 10 years ago. He's Internet Hall of Fame, ICANN Security Board, etc.
He no longer believes that for this reason: 10 years ago, there were 50 million lines of open source code, and you could rely that it was reviewed regularly and reasonably widely.
Today there are 50 billion lines of open source code, and the majority is never reviewed by anybody.
If you really want to go secure: don't use email. Don't use the internet. Just use your computer with no outside connection. Of course, you can't read Moon of Alabama, either - a fantastic way to nail all you paranoid types would be to watering hole attack this site.
As for the story: it is believable that one or more spy agencies hacked into Kaspersky's systems.
What again is not being said is whether Kaspersky was actively participating or abetting this activity.
While banning Kaspersky from US government and military isn't completely nonsensical, the reality is that *all* AV and other type of security products - any ones which auto update include FireEye, Palo Alto, Symantec, Microsoft and so forth all have the same vulnerability: The ability to access all data on a computer is an inherent ability to spy.

Posted by: c1ue | Oct 11, 2017 3:12:28 PM | 19

And just FYI: Apache - you know, the source of the Struts vulnerability that lead to the Equifax breach, among others? It is Linux.

Posted by: c1ue | Oct 11, 2017 3:13:26 PM | 20

Meanwhile its a well reported established fact that american virus/antimalware corps have allowed the FBI and other agencies to compromize their software with silent signatures - as with Magic Lantern for example (and imagine how far its gone since then)

With such subservience by the corporations anything is possible with whats been buried in these closed source systems.

I'm pretty sure the US establishment never accuses anyone of something if they aren't already themselves doing the same in the extreme.

Posted by: Thominus | Oct 11, 2017 3:24:35 PM | 21

@19 & 20

What you say may be correct in the most part. However, is it better to run an OS where there is a possibility of someone reviewing the code to improve it or run an OS where the vulnerabilities are intentionally left in the OS at the behest of the three-lettered agencies ? Only one choice gives the possibility of security even if it is remote.

The greater problem is the lack of maturity in so much of the software on Linux.

Posted by: Steve | Oct 11, 2017 3:27:13 PM | 22

@Steve #11
I guess you didn't read far enough into Vixie's comment: No one is reviewing the code - there is just too much.
Apache is an enormously widely used Linux platform with presumably an optimal reviewer population - it has millions of installs worldwide and is used from huge corporations to individuals, yet the Struts bug was also enormous (allows someone to remotely run code on any Apache server via a command line in a browser).
From my view as a security professional: I'd rather have a platform where there are thousands to tens of thousands of people actively trying to improve its security as opposed to one where there might be a few hundred.
The reality is that iOS, for example, is far more secure than Android.
iOS is not open source, Android is.
But the relative security has nothing to do with open sourcedness - it has to do with the architects of iOS continuously adding capabilities to make it more secure. iOS was the first widespread OS to use signed firmware updates - which is why jailbreaking an iPhone is so much harder than it used to be.
Despite that, there are still vulns which the 3 letter agencies likely know about and use.
That doesn't change the overall fact that iOS is more secure than Android and will be for the foreseeable future, because Android simply doesn't do all the things iOS can (and does) do.
If your concern is 3 letter agencies, then you need to create your own OS.
If your concern is overall security except for the 3 letter agencies, open source is *not* the way.
And lest you think I'm an Apple fanboi - I am not. I don't use iOS/iPhone/OSX or any of the Apple products for reasons outside of security. It doesn't mean I do not recognize the reality, however.

Posted by: c1ue | Oct 11, 2017 3:37:19 PM | 23

I downloaded Kaspersky's free app about a month ago; two minutes later my laptop was toast. 150 dollars later it was restored. Is it possible some US govt entity now provides a virus with each K download?

Posted by: frances | Oct 11, 2017 3:41:31 PM | 24

@frances #24
Just out of curiousity - where did you download Kaspersky from? Kaspersky itself or a 3rd party download site?
As for government entity: it is far more likely you had some kind of malware already installed which scrammed when it saw Kaspersky show on scene. Malware may or may not be government issue :)

Posted by: c1ue | Oct 11, 2017 3:47:52 PM | 25

blind pro-israel stupidity in the NYT? well i never!

that angle also makes me wonder how much of this is "we can't outsmart our competition so we'll make them out to be 'spies' or some such BS". kaspersky gets the boot and suddenly another company gets a big contract to take their place. see also: the hype about an israeli company "breaking" the san bernadino iphone's encryption. now they sell a handy proprietary "security solution" to governments and companies worldwide - even though the actual "breaking" was probably done with a tactic well known in the infosec community.

kaspersky himself is a very smart and skilled guy; i have one of his books on malware coding and it's incredibly useful. russians and eastern europeans in general are up there with the chinese when it comes to skills and the silicon valley snowflakes can't keep up. like the israelis, they hate competition and hate anyone smarter than themselves. ANY antivirus is a pivot point for attackers so claiming that kaspersky is uniquely dangerous shows either ignorance or duplicity. maybe both.

Posted by: the pair | Oct 11, 2017 4:10:58 PM | 26

“No one is reviewing the code - there is just too much.” — c1ue/#23

Sorry but it's pure lie and you clearly don't know what you're talking about!

I use Linux exclusively for more than 15 years and my job is to review open source code (part of the linux kernel, systemd, GRUB and much more) all the fucking day and there is thousands and thousands like me!

Posted by: LAG | Oct 11, 2017 4:16:48 PM | 27

Well sure if the NSA or some super-hacker specifically targets your machine, you will get owned (unless you invest in some kind of cyber Fort Knox, and are very lucky as well). These people who rant that Linus is "unsafe" are 100% full of it. In the end NOTHING is "safe". But Linux has astonishing advantages! Pay no heed to those naysayers!

I could write a book about how colossally dreadful Microsoft Windows is.

The BSD systems were clunky as hell so far.

So that leaves Linux. Big Problem: 98% of the Linuxes out there have been coerced into adopting "systemd" (yikes!). This is an allegedly open source (so it might be "audited" for trap doors and such) giant blob of 500,000+ lines of code (!) that has sneakily been infiltrated into 98% of the Linux distributions (distros) by the Red Hat Corporation and their NSA buddies. Obviously no one is ever going to "audit" it! This Windows-like monster infests all of the Ubuntu and Linux Mint brand distros. The real question becomes "how many teams are you going to trust?"

Presumably the easiest distro to install and use "designed for home computer users" is Devuan based, systemd-free "Refracta Linux":
(I suggest ONLY the "refracta8.3_xfce_amd64-20170305_0250.iso" version for modern machines.)

You can "unlock" the upper panel, and move it to the bottom with the mouse.

You have to launch Konqueror five seconds before Firefox or it will crash :(

My very best alternative is the systemd-free "Void Linux":
(I suggest ONLY the "void-live-x86_64-20171007-xfce.iso" version for most modern machines.)

I think Void Linux is just as nice as Refracta Linux, and they have different available programs (but they can work together) but it requires a bit more Linux chops to install. I needed to get the "live DVD file" GParted, which is a free partition editor DVD that you can burn yourself for free:

Look up "Troubleshooters.Com®" -- Quick and Reliable Void Linux Installation:

I had to create a "MS-DOS"-style primary ext4 partition (could be between 80 to 200 GiB) with "boot" flag set, and a 20 GiB "Linux swap partition" with GParted before the install (may have to fiddle with the "BIOS" first). Then insert the Void DVD, open the "command window" and type "void-install". At some point the options look hopeless, but continue, and when it starts to repeat go back and back and continue on to completion. It's a BEAUTIFUL system! Have TWO passwords ready to use before starting (any Linux install) -- they might be of the form: "hermitcabbagetorus

I would get a book(s) about Linux. Maybe "Linux Cookbook" from Alibris. This will all prove to be VERY MUCH WORTH THE THE TROUBLE as time goes on!

Posted by: blues | Oct 11, 2017 4:39:24 PM | 28

In the network security world there is this concept of a honeypot where you entice/allow the world to attack/invade your honeypot so you can study the tools they use and insure the trail back to them is useful.

If I were a security vendor I would set up a honeypot that looked like my business as simply one of many best practices. It is a great way to learn what others are doing while honing your skills at staying secure and invisible to potential perps.

If I had to wade into the "which OS is more secure" discussion I would just note that, IMO, in the long run open source is going to win the war world wide for most stuff but there will always be room for proprietary OS's and application software.

Posted by: psychohistorian | Oct 11, 2017 4:39:53 PM | 29

#24: I use the free version of Kaspersky with no issues at all. It's much better than AVG free.

Honestly, when the security state attacks Kaspersky it only reinforces my belief that their product is probably worthwhile. It's any security software the NSA would recommend that I would steer clear of.

Posted by: WorldBLee | Oct 11, 2017 4:45:10 PM | 30

I think I recall that the correct Void install incantation is "void-installer"

Posted by: blues | Oct 11, 2017 4:55:33 PM | 31

A couple of Kaspersky staff members (Stoyanov and Dokuchaev), including the head of computers crimes investigation (Stoyanov), were arrested by the Russian FSB on charges of treason in January this year. An FSB officer (Sergei Mikhailov) was also arrested. The treason charges suggest they were acting on behalf of a foreign power (the US?).

Maybe the US actions are an attempt to preempt the consequences of the trial of the Kaspersky and FSB operatives?

Posted by: Anonymous | Oct 11, 2017 6:19:50 PM | 32

Comment 19 ....Paul Vixie - one of the 2 people who first proclaimed open source as the best way to product good and secure products 10 years ago. He's Internet Hall of Fame, ICANN Security Board, etc. If he's in ICANN....he cant be trusted...simple.

Posted by: Da Mith | Oct 11, 2017 8:19:56 PM | 33

I have used Kaspersky for years, recommended by my computer tek who has advanced degree MIT. I buy/renew from Amazon, much cheaper than any other source. No discs, just a key via email that downloads the new version/extension.

Posted by: mauisurfer | Oct 11, 2017 9:26:16 PM | 34

@24 frances

You are full of shit, buddy.

Posted by: Temporarily Sane | Oct 11, 2017 9:28:08 PM | 35

Oh my, oh my, oh my! Whom should I trust? The US or Israel, both of whom have lied to me repeatedly over the last 69 years? I recently downloaded Kaspersky and am running it parallel with Norton.

BTW, weren't the NSA tools in question part of Vault 7?

Posted by: William Rood | Oct 11, 2017 10:00:27 PM | 36

Several trillion dollars after Israel was paid to protect the American homeland from foreign interest, we learn that Russia has already done the job?

The difference between Linux and store bought operating system software is that the developers of Linux work to be sure the Linux system keeps secure, its content, while store bought developers get paid to secretly distribute content on store bought software to everyone.

Posted by: fudmier | Oct 11, 2017 11:43:52 PM | 37

OK, I went and looked up the history of the Stuxnet reveal, and while Kaspersky was involved, they were not the initial lead researchers who exposed it (though they played a major supporting role). See below. What the story really reveals is the reckless nature of the Stuxnet operation, which could easily have been used to drive nuclear reactors around the world into meltdown via hacking operations, if it fell into the wrong hands - and as the various Shadowbroker, Vault7 leaks etc. reveal, that's more than likely. It really looks like children playing with matches more than anything else. Regardless, here you go:

Initial discoverer was not Kaspersky, was a small outfit in Belarus:
July 10, 2010 (Brian Krebs)
. . .2010/07/experts-warn-of-new-windows-shortcut-flaw/

VirusBlokAda, an anti-virus company based in Belarus, said that on June 17 its specialists found two new malware samples that were capable of infecting a fully-patched Windows 7 system if a user were to view the contents of an infected USB drive with a common file manager such as Windows Explorer.

Aug 06, 2010 (Symantec)

Stuxnet infects Windows systems in its search for industrial control systems, often generically (but incorrectly) known as SCADA systems. Industrial control systems consist of Programmable Logic Controllers (PLCs), which can be thought of as mini-computers that can be programmed from a Windows system. These PLCs contain special code that controls the automation of industrial processes—for instance, to control machinery in a plant or a factory

Sept 14, 2010 (Kaspersky)

The fact that Stuxnet uses four previously unidentified vulnerabilities makes the worm a real standout among malware. It’s the first time we’ve come across a threat that contains so many “surprises”. Add to this the use of Realtek and JMicron certificates, and remember that Stuxnet’s ultimate aim is to access Simatic WinCC SCADA systems.

Sept 22? 2010 (Brian Krebs)

The Kaspersky analyst said that whoever is responsible for writing the Stuxnet worm appears to be quite familiar with the way that SCADA systems are configured. Stuxnet, which targeted specific SCADA systems manufactured by Siemens, also disguised two critical files by signing them with the legitimate digital signatures belonging to industrial giants Realtek Semiconductor Corp. and JMicron.

July 2011, summary of the Stuxnet investigation (generally focused on Symantec, not Kaspersky)

There was one point, however, that O Murchu said they might have censored their information had they reached it. “If it had got to the point where we had found 100 percent attribution who was behind it, I think we would have had some really serious conversations about [publishing] that,” he said. . .

Suspicions of course were growing that Israel and the U.S. were behind Stuxnet and had used the malware as a devious alternative to bombing Iran’s nuclear plant.

It should have been no surprise to the researchers, then, when their work drew the attention of government agencies in and outside the United States, that began asking for briefings on their findings. Symantec put together a PowerPoint presentation for the Department of Homeland Security, Defense Department, Department of Energy and FBI to answer their questions. “I joke that they already had all the answers,” Chien said. Asked if anyone from the NSA or CIA attended the PowerPoint sessions, he smiled. “If we ever did brief the NSA, we wouldn’t know, right?”. . .

Although the researchers didn’t really believe their lives were at risk for exposing Stuxnet, they laughed nervously as they recalled the paranoia and dark humor that crept into their conversations at the time. O Murchu began noticing weird clicking noises on his phone, and one Friday told Chien and Falliere, “If I turn up dead and I committed suicide on Monday, I just want to tell you guys, I’m not suicidal.”

At the end of the day, what you had was something like this: Department of Energy working with Pentagon and CIA and Israeli intelligence and a shitload of private contractors, mocking up Iranian centrifuges probably with NSA Tailored Access Operations at some site in New Mexico, where they tested Stuxnet before releasing it into the wild - where it escaped from their control and ended up exposing their whole operation as global corporate security firms rushed to analyze the terrorist malware that could blow up nuclear power plants.

Clap. . . Clap. . . Clap.

P.S. they're still at it:

The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.

See Oilman2 #10 above for some decent security recommendations. Or just assume your pwned, and then, no worries, it's "hide in plain sight" time. Only you're not supposed to tell them you're hiding in plain sight! Damn. . . Time to go reread Le Carre's "A Perfect Spy", I guess.

Posted by: nonsense factory | Oct 12, 2017 12:51:55 AM | 38

@38 nonsense factory.. i agree - @10 oilman2's post is worth the read and perspective on all this.. thanks oilman..

Posted by: james | Oct 12, 2017 1:39:12 AM | 39

I am no High Geek when it comes to modern computers. I used to work on analog computers that were controlled by differential equations instead of "languages" -- just don't ask - I sorta hate that kind of math and have a hobby that's based on second order mathematical logic -- Just don't ask. And I do have a collection of unconventional knowledge.

The Kaspersky systems belong to a class of relatively "intrusive" "antiviruses" that are known to be more effective than their less intrusive cousins, and some people avoid these powerful but intrusive systems, although I wouldn't mind using them if I had Windows. The Avast "antivirus" system would be a good powerful substitute for the more paranoid. All of these "antiviruses are becoming less worthwhile every day because modern computers are deliberately designed to be compromised. They have "BIOS" (or "UEFI') chips which are tiny computers that are the "first stage" that "launches" the "real computer". About 17 years ago these BIOS chips were just far too simple to harbor malware, but now they are much more substantial, so they can be hacked and the "real computer" will have no way of detecting this.

Additionally all modern CPUs at the center of the hardware system contain little "Mini Me" computers that the "real computer" cannot detect, but which can can secretly control everything and directly communicate on the Internet with "somebody". Yes -- this is all true and documented!

Russia and China are busy developing their own CPUs and motherboards, and several startups are quite busy doing the same:

EE Times -- Momentum builds for open-source processors -- 2/1/2001

LONDON — Momentum is slowly building for freely available open-source processors, the semiconductor equivalent of open-source software movements like Linux.

A handful of commercial efforts are experimenting with open-source CPU cores. Contract-manufacturing giant Flextronics, for example, is laying plans to tap into open-source hardware for its ASICs. And both Metaflow Technologies Inc. (La Jolla, Calif.) and IROC Technologies SA (Grenoble, France) are building products using the Leon-1, a Sparc-like open-source processor developed at the European Space Agency's Technology Center.

So open source hardware projects are well on the way, and some are even available now.

Posted by: blues | Oct 12, 2017 2:53:57 AM | 40

Another good solution would be to run Windows, if you absolutely must have it, in Virtual Box inside a Linux box. That way nothing can touch your hardware. Plus it boots up in a few seconds, and any malware would only affect you virtual Windows installation. Also, having an entire OS on a bootable flashdrive, eg. Puppy Linux, has saved my data a few times. Good for accessing the internet without exposing your box to malware.
But, yes, Blues is right. Until the hardware becomes open source, we are all at the mercy of the NSA and Chinese equivalent. So for now the only answer is an unregistered throw-away internet device that surfs through proxy.

Posted by: dan | Oct 12, 2017 5:11:32 AM | 41

I know nothing about security so please don't all pile on at once. I also enjoyed Oilman #10's advice, but are one-way throw away USB drives really gonna cut it if the USB stick somes out of the box already compromised?

Just askin'

- Regards, Shyaku.

Posted by: Shyaku | Oct 12, 2017 5:51:07 AM | 42

@14 & 32
It’s not only economic tampering against the Russian company, or blaming the Russian State for spying.
I guess it is an essential part of the US-Empire's preparation of a cyber-war against its own and other people, that all companies that offer a protection against cyber-attacks, should either cooperate, be infiltrated or be destroyed. It's actually the same as how they treat countries.
The arrests of the Kasperski staff member in December 2016, with no further information, might be a sign of a failed effort by the CIA to infiltrate.

Posted by: Iano | Oct 12, 2017 8:05:44 AM | 43

@all Thanks for great, very informative, inspiring, professional discussion.

Let me remind you how the things looked back almost two decades ago:

We are lucky those bastards have not been successful in squashing the Linux initiative.

And it's good to see at least some Europeans do not fall for that crap:

Posted by: PeacefulProsperity | Oct 12, 2017 9:55:18 AM | 44

If you believe security agencies are using retail anti-virus software to protect their machines I have a bridge to sell you. There is no way possible they are this dumb. This was most likely the american blob trying to coerce Kaspersky to do something for them. Perhaps Kaspersky is actually a stand up guy and refuses to do favors for security agencies. They told him if he didn't play ball due to the current anti-russian environment in the USA they would ruin him.

If you care about security you should be running browser and unknown software in a virtual machine or sandbox at the very least. Adding a few extensions like no-script or ghostery and a ad blocker and something to deal with cookies like privacy badger and you are good to go. Anti-virus is a resource hogging waste of time.

Posted by: joe defiant | Oct 12, 2017 11:02:15 AM | 45

Changing to Kaspersky based on the US sponsored Russia fake news; chapter 1201999, item 43.

Posted by: JSonofa | Oct 12, 2017 11:36:30 AM | 46

I am an American living in France. April 2015 my attempt to renew my Kaspersky anti-virus service was refused by my American based credit card, so I used a French card. Thereafter I was harassed every month by the American bank card when I paid my monthly bill by telephone, apparently being a "suspect" person dealing with a Russian company. So if this is an example, the American banks are cooperating with the US govt to damage a Russian business.

Posted by: zen | Oct 12, 2017 12:34:53 PM | 47

@LAG #27
Perhaps you can document just how many lines you and your "thousands and thousands" of peers review.

Because you'd have to review in the order of 1 million lines of code, each.

That's what 50 billion lines of open source code means.

And it wasn't what I said - it was said by Paul Vixie who is one of the grandfathers of the Open Source movement.

Posted by: c1ue | Oct 12, 2017 2:53:41 PM | 48

@Da Mith #33
Vixie is not on the domain/TLD part of ICANN, he's on the security group.

Or in other words, your ignorance of ICANN's overall functions beyond just domain management, is astonishing.

Perhaps you also refuse to use Vixie cron? That's who this guy is. He literally built a lot of the functionality you're using as you read this post.

Posted by: c1ue | Oct 12, 2017 2:56:30 PM | 49

@47 zen.. it would appear that ''the American banks are the US govt''...

Posted by: james | Oct 12, 2017 4:35:07 PM | 50

FWIW I haven't used any AV app on my main system for years - there is no point as I don't believe there is any product that doesn't kowtow to some agency somewhere. Back in the day when back door trojans had just become sorta cognoscenti,knowledge following their outing at las vegas' nsa sponsored annual defcon farce where the fools meet their masters, it became known that the amerikan federal agencies favoured one particular 'brand' of back door trojan. Most of the euro based AV packages had been detecting it for a considerable time, but it wasn't until the defcon the following year that either McAfee or Symantec could complete this astoundingly simple task. Doubtless some old bastard in emulation of the ancient englander comedy the goon show wandered the hallways of these amerikan corporations crying 'can't get the definitions, can't get the definitions".
Anyway since then I used Kaspersky for a while and then changed to a german app called Avira, but they all suffer from the same problem particularly prior to the intrdoduction of inexpensive multi core CPU's and affordable large memory chips, that is the 'cure' was worse than the disease.
AV apps hold up processing & consume a huge amount of resources often for false positives.
My solution has been to construct an OS which includes wireshark plus another less accurate app that simply measures bandwidth flow in and out of each machine. If I detect an inordinate traffic in either direction that cannot be attributed to what I am doing, I swap out the SSD for another containing a 'clean' sysprepped image.
The alternative - pissing around with overly complex and awfully dictatorial AV apps just isn't worth the trouble. Especially when one considers how quickly windows systems clag up from huge registries anyhow.
As for linux - too labour intensive especially when using non-widespread use hardware plus as others have pointed out the inherent flaws that allow so called zero day exploits are too common and will never be completely fixed because open-source software tends to rely on whatever the developers themselves are interested in doing and documentation is frequently lacking.
I use windows because despite MS best efforts it is still relatively easy to obtain free of charge and after many years of blackmail, bribery and bullying by MS it has a pretty complete run time library.

Posted by: Debsisdead | Oct 12, 2017 5:54:28 PM | 51

>>>That's what 50 billion lines of open source code means.

Is that 50 billion lines in the average computing environment, or 50 billion lines in the core system?

Big difference, there. In comparison to Windows, the core Linux environment remains a much tighter, smaller system with a far more rational core design.

Posted by: Pacifica Advocate | Oct 12, 2017 10:53:26 PM | 52

@c1ue #48

Who and how much are reviewing the billions lines of closed source code of Windows, Apple crapware and every others closed source apps that can run on them?

Posted by: LAG | Oct 13, 2017 5:15:24 AM | 53

@Pacifica Advocate #52
Vixie didn't say. Most likely it is 50 billion lines of overall open source code.
What I can say is: the code isn't just what is being written - it also refers to what is being modified/added. Supply chain attacks via libraries is becoming very common, also the extent to which existing code has not been well reviewed is becoming very clear - as the Apache Struts bug is only one example of. I can personally recall at least a half dozen such serious Linux bugs just this year.

Posted by: c1ue | Oct 13, 2017 10:09:49 AM | 54

@LAG #53

Windows has approximately 50 million lines of code and roughly 2000 developers. That's 25K lines of code per developer.
Microsoft has also instituted a number of policies specifically aimed at improving security. These include:
The banning of specific coding structures well documented to be unsecure. The use of software tools to back up developer capability. Multiple code reviews for security. Weekly patching of known bugs. Paid bounty programs for reported and verified bugs.

The consequence of this effort under Nadella is that Windows of today is vastly improved over the Windows of even 4 years ago. Not to say that it is perfect - the largest single areas of weakness with Windows is still the combination of interoperability between various windows software (mostly via AJAX) and its backwards compatibility/x86 architecture.

The reality is that people who say Linux is more security are really advocating security through obscurity: specifically that Linux is so much smaller an install base vs. Windows (3% vs. Windows 92%) that attackers will tend to focus on the biggest "markets" to reap the most bang for the buck.

Unfortunately that is a false dichotomy. Attackers focus on the most bang for the buck - and relative insecurity more than compensates for smaller market share. The reality is that Linux is still regularly coughing up maximum severity+ubiquity bugs. That's not a prescription for secure in my book.

Windows - even the NSA exploit used by Wannacry worked primarily on one version, and there was a patch already available for it (i.e. the bug was known).

I work with a large number of professional security researchers - Windows is far harder to crack than it used to be. 4 years ago, you could spend 2 or 3 months to develop a sellable Windows exploit; it takes more than a year now. iOS was always harder; it has become exponentially worse recently.

Linux? Not so much.

To be clear: there are lots of good things to say about open source in general and Linux in particular. The problem is that security isn't one of them - Microsoft and Apple are focused hard on security at least partly because they believe security is one way to differentiate themselves against future and existing competitors.

Until the open source/Linux community can find some way to match the effort being spent on security by these large groups of developers, I don't see the relative security situation changing.

Posted by: c1ue | Oct 13, 2017 10:27:00 AM | 55

Windows once ran the London Stock Exchange until it crashed and burned. Today there is not a single stock exchange running Microsoft operating systems. It is not going to change anytime soon.

Every single one of them is now running Linux and has been for ten years or more. They get everything imaginable thrown in their direction...

It would prove to be Microsoft's biggest embarassment after their promotional video,

Your mileage might vary.

Posted by: Geneva Observer | Oct 16, 2017 7:32:30 PM | 56

I trust MS, Apple, Google and every other large corp as far as I can throw them.

Personally, I love the idea of qubes. If you haven't checked out its promise as yet and you're concerned about security and privacy, you owe it to yourself to check out the new qubes OS.

Posted by: JSonofa | Oct 16, 2017 8:11:56 PM | 57

@Geneva Observer #56

I fully agree Linux is more stable than Windows.

However, stability does not equal security. I note the main issues with Windows above; the main issues with Linux continue to be the supply chain (libraries checked in and changes made) plus the reality that relatively little security review is performed on Linux, unless you use the NSA certified version.

Of course, if you're using the NSA certified version of Linux...

Posted by: c1ue | Oct 17, 2017 3:20:27 PM | 58

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment


Site Meter