So... Israeli intelligence, in the process of hacking Kaspersky for (probably exactly the same purpose), discovered that Russian intelligence had beat them to it?
Where's the popcorn icon?
The brouhaha over Russian spies using Kaspersky antivirus to steal NSA exploits from a staffer's home PC took an explosive turn on Tuesday. Essentially, it is now claimed Israeli spies hacked into Kaspersky's backend systems only to find Russian snoops secretly and silently using the software as a global search engine. Kremlin …
Sounds about right.
I'm guessing the Russian's left them a file with contact details in should they need to let them know if the breach has been closed and a list of the useful NSA programs they found to save them time. Not known for covering their tracks these spies and always awfully helpful to each other.
It sounds awfully like the Pirates of Silicon Valley quote by Bill Gates,
"You and I are both like guys who had this rich neighbor - Xerox - who left the door open all the time. And you go sneakin' in to steal a TV set. Only when you get there, you realize that I got there first. I got the loot, Steve! And you're yellin'? That's not fair. I wanted to try to steal it first. You're too late.
Israel is legal, democratic and is resisting terrorism and has actively looked for and detected cyber-spying. But surrounded by Mid-East nations that actively sponsor terrorism, permit slavery and oppress women.
Some people will always see Israel's faults, even the most minor and ignore anyone else's (however severe).
Sadly, that can be said about a lot of places. maybe all of them if you extend the definition of warfare to the non-violent political stuff. What else is the SNP or Catalonia or Brexit, or Myanmar about, other than asserting tribal history? Ditto what happened ( and still does) in Northern Ireland. And so on.
Israel is legal within it's own definition.
However even the Israeli Supreme Court recognises that the occupied territories are under 'Belligerent Occupation"
http://elyon1.court.gov.il/Files_ENG/04/560/020/A28/04020560.A28.pdf
As to the democratic formation of the Israeli nation a large number of people are currently being disenfranchised if they won't pledge allegiance to a Jewish Democratic State, let me be clear here, I'm not saying or supporting people that want to harm Israel or Jews, I'm talking about people who want to VOICE that they disagree with the policy.
https://www.haaretz.com/israel-news/.premium-1.702383
The attacks on Israel by terrorists are repugnant and no right thinking individual would support them. However the definition of a terrorist is highly subjective and should people who are fighting for their own land fall into that category?
If they should then please tell me how would you define the Stern Gang?
https://en.wikipedia.org/wiki/Lehi_(group)
During the Intifada tens of thousands of children were shot dead or beaten
https://en.wikipedia.org/wiki/First_Intifada
If the British had done that in Northern Ireland, to that extreme, they would have quite rightly been pilloried on the world stage.
So please don't for a moment conflate people who support peaceful protest such as BDS against the occupation as being the same as lunatics who want to kill Jews ONLY because they're Jews.
Most of the civilised world happily support an Israel that was peaceful and would come to it's defence if attacked by an aggressive neighbour, however that doesn't mean for a moment that we have to watch quietly and without concern while Israel undertakes acts that are a shameless land grab in the false narrative of being in the interests of national security.
Being anti occupation is not the same as being anti semite.
"If attacked by an aggressive neighbour"?
The numerous attacks on Israel since 1948 are nothing short of attempted genocide - were these attacks trying to finish what the Nazis had done?
Is that ok with you?
The Palestinians have NOTHING 70 years down the road, yet Israel has a thriving high-tech economy.
So why the amazing difference?
Yet the palestinians find the resources to build rockets to fire into Israel.
The UK exasperated the issue when they agreed to give the region to Palestinians in return for them fighting for the Allies during WWII, needless to say we reneged.
I don't know of any agreements with the soon to become Israelis to fight with the Allies during WWII but they got the prize anyway.
Which Palestinians? Do you mean the Jewish Brigade? https://en.wikipedia.org/wiki/Jewish_Brigade
The Jewish Infantry Brigade Group,[1] more commonly known as the Jewish Brigade Group[2] or Jewish Brigade,[3] was a military formation of the British Army composed of Jews from the Yishuv in Mandatory Palestine commanded by British-Jewish officers that served in Europe during World War II. The brigade was formed in late 1944,[1][2] and its personnel fought the Germans in Italy. After the war, some of them assisted Holocaust survivors to emigrate illegally to Mandatory Palestine as part of Aliyah Bet.[4][5]
Surely you're not thinking of the Grand Mufti of Jerusalem. http://www.timesofisrael.com/full-official-record-what-the-mufti-said-to-hitler/
GRAND MUFTI:
The Grand Mufti began by thanking the Fuhrer for the great honor he had bestowed by receiving him. He wished to seize the opportunity to convey to the Fuhrer of the Greater German Reich, admired by the entire Arab world, his thanks of the sympathy which he had always shown for the Arab and especially the Palestinian cause, and to which he had given clear expression in his public speeches.
HITLER:
The Fuhrer replied that Germany’s fundamental attitude on these questions, as the Mufti himself had already stated, was clear. Germany stood for uncompromising war against the Jews. That naturally included active opposition to the Jewish national home in Palestine, which was nothing other than a center, in the form of a state, for the exercise of destructive influence by Jewish interests. Germany was also aware that the assertion that the Jews were carrying out the functions of economic pioneers in Palestine was a lie. The work there was done only by the Arabs, not by the Jews. Germany was resolved, step by step, to ask one European nation after the other to solve its Jewish problem, and at the proper time to direct a similar appeal to non-European nations as well.
Israel is legal, democratic and is resisting terrorism and has actively looked for and detected cyber-spying.
Always gets me how these utter retards attack Israel for taking out a terrorist site that was being used to launch bombs into schools and the like.
Even worse is how many think Israel defending herself from terrorists (and getting some revenge when families are ripped apart by a terrorist rocket) is such a bad evil thing and yet go all out for the "America is teh bestest!" and "America: World Police" and all that other pro-yank-military/war crap about how "America has the right to wipe out the entire nation that her enemies live in".
Israel is a sovereign nation. She is attacked by those who not only want to destroy the nation, but also want to kill all who're descended from Jacob - and that includes a significant portion of us "Westerners". Even suspicion of being descended from Jacob is enough that these people want to butcher YOUR children, even if you don't claim any Israeli heritage at all. Some will do the same to anyone who doesn't adhere to their particular corrupted version of Islam (sadly same can be said for some Christians and some Atheists). Israel defends against such things. Sometimes they go to some nasty extremes and kill innocents, but any of us in the US, UK, NZ, Australia and a ton of other countries cannot claim innocence from our own governments.
Whether or not the people of Israel should be where they are now, they've been there for longer than most of us reading this have been alive, and I doubt any of those who were involved in creating the modern state of Israel, even as a junior janitor in one of the buildings it was done in, are still alive today. She's there, she's been there a while, move on.
(Yes, I'm pro-Israel as a nation, but not always pro-Israeli government antics however)
"Always gets me how these utter retards attack Israel for taking out a terrorist site that was being used to launch bombs into schools and the like."
It's more because of the incidents when the Israelis do things like use WP deliberately on civilians, shell families on beaches, use Palestinian civilians as human shields for the IDF and the countless incidents of deliberately shooting unarmed civilians - especially children, to name just a few very well documented incidents of the thousands that are contentious...
"She is attacked by those who not only want to destroy the nation"
But also by the indigenous population that were illegally expelled by a terrorist campaign against their villages and then forced on a "death march" and those that survived were not allowed to return, were not compensated for their seized lands and property and have been victims of a subsequent genocide campaign.
"It's more because of the incidents when the Israelis do things like use WP deliberately on civilians, shell families on beaches, use Palestinian civilians as human shields for the IDF and the countless incidents of deliberately shooting unarmed civilians - especially children, to name just a few very well documented incidents of the thousands that are contentious..."
Are you sure you've got your facts straight? Are you the same person who thought the (not Jewish) "Palestinians" were on the allied side in WWII? I haven't seen any links/evidence of what you're claiming.
Try this
http://nypost.com/2015/05/02/un-report-outlines-how-hamas-used-kids-as-human-shields/
https://www.theatlantic.com/international/archive/2014/09/hamas-quietly-admits-it-fired-rockets-from-civilian-areas/380149/
"But also by the indigenous population that were illegally expelled by a terrorist campaign against their villages and then forced on a "death march" and those that survived were not allowed to return, were not compensated for their seized lands and property and have been victims of a subsequent genocide campaign."
Again, you are confused.
The Exodus of 1947-48
The Palestinians left their homes in 1947-48 for a variety of reasons. Thousands of wealthy Arabs left in anticipation of a war, thousands more responded to Arab leaders' calls to get out of the way of the advancing armies, a handful were expelled, but most simply fled to avoid being caught in the cross fire of a battle. Had the Arabs accepted the 1947 UN resolution, not a single Palestinian would have become a refugee and an independent Arab state would now exist beside Israel.
The beginning of the Arab exodus can be traced to the weeks immediately following the announcement of the UN partition resolution. The first to leave were roughly 30,000 wealthy Arabs who anticipated the upcoming war and fled to neighboring Arab countries to await its end. Less affluent Arabs from the mixed cities of Palestine moved to all-Arab towns to stay with relatives or friends.
All of those who left fully anticipated being able to return to their homes after an early Arab victory, as Palestinian nationalist Aref el-Aref explained in his history of the 1948 war:
The Arabs thought they would win in less than the twinkling of an eye and that it would take no more than a day or two from the time the Arab armies crossed the border until all the colonies were conquered and the enemy would throw down his arms and cast himself on their mercy.
By the end of January1948, the exodus was so alarming the Palestine Arab Higher Committee asked neighboring Arab countries to refuse visas to these refugees and to seal the borders against them.
Meanwhile, Jewish leaders urged the Arabs to remain in Palestine and become citizens of Israel. The Assembly of Palestine Jewry issued this appeal on October 2, 1947:
We will do everything in our power to maintain peace, and establish a cooperation gainful to both [Jews and Arabs]. It is now, here and now, from Jerusalem itself, that a call must go out to the Arab nations to join forces with Jewry and the destined Jewish State and work shoulder to shoulder for our common good, for the peace and progress of sovereign equals.
On November 30, the day after the UN partition vote, the Jewish Agency announced: “The main theme behind the spontaneous celebrations we are witnessing today is our community's desire to seek peace and its determination to achieve fruitful cooperation with the Arabs....“
Israel's Proclamation of Independence, issued May 14, 1948, also invited the Palestinians to remain in their homes and become equal citizens in the new state:
In the midst of wanton aggression, we yet call upon the Arab inhabitants of the State of Israel to preserve the ways of peace and play their part in the development of the State, on the basis of full and equal citizenship and due representation in all its bodies and institutions....We extend our hand in peace and neighborliness to all the neighboring states and their peoples, and invite them to cooperate with the independent Jewish nation for the common good of all.
"Are you sure you've got your facts straight?
Quite certain, yep.
"Are you the same person who thought the (not Jewish) "Palestinians" were on the allied side in WWII?"
Nope.
"I haven't seen any links/evidence of what you're claiming."
Well the particular ones I mentioned were deliberately chosen as not in any doubt whatsoever, but here you go if you cant be bothered to use Google:
https://www.theguardian.com/world/2006/oct/23/israel
https://www.theguardian.com/world/2006/jun/10/israel
https://www.theguardian.com/world/2010/oct/03/israel-soldiers-human-shield-palestinian
https://www.theguardian.com/world/2004/nov/24/israel
And as to the terrorist attacks on Palestinian villages / death march those are a matter of well documented history. To suggest that the majority of Palestinian left voluntarily is laughable, but see for instance:
https://en.wikipedia.org/wiki/1948_Palestinian_exodus_from_Lydda_and_Ramle
Perhaps you should read the articles you post links to...
https://www.theguardian.com/world/2010/oct/03/israel-soldiers-human-shield-palestinian
"Two Israeli soldiers were today convicted of using a nine-year-old Palestinian boy as a human shield during the three-week Gaza war in 2008-9 and could face a prison sentence of up to three years.
The soldiers, who ordered the boy to open bags suspected of containing explosives, were charged with inappropriate behaviour and overstepping authority in a closed military trial.
Israeli military protocols forbid the use of human shields."
So, two soldiers were convicted BY AN ISRAELI military court for breaking Israeli law. Can you imagine the same thing happening to a Hamas operative who did the same?
https://www.theguardian.com/world/2006/jun/10/israel
"The Israeli army said it "regretted" the deaths and called a halt to the shelling. It offered help to get the survivors to Israeli hospitals. The shells that hit Beit Lahia beach were the latest of more than 6,000 fired into the Gaza Strip by Israel over the past two months. One possibility is that they had fallen short when being fired at areas on the outskirts of Beit Lahia used by armed Palestinian groups to launch rockets into Israel."
etc. etc.
"Israeli military protocols forbid the use of human shields."
It was routine for many many years and likely still is. The IDF only took action in this one case because of utterly overwhelming evidence that prevented the usual denials from being effective in shutting down the outrage. There are plenty of other recorded cases of the IDF using Palestinians as shields.
"Can you imagine the same thing happening to a Hamas operative who did the same?"
What Hamas might do is irrelevant. We are talking about what Israel do to Palestinians. Most Palestinians are not members of Hamas.
""The Israeli army said it "regretted" the deaths and called a halt to the shelling. It offered help to get the survivors to Israeli hospitals. "
But denied that this was anything to do with Israel for many weeks at first until the shell fragments proved it was. By then it was rather late to offer help. Ditto the WP incidents were also outright denied for months despite overwhelming evidence.
"The shells that hit Beit Lahia beach were the latest of more than 6,000 fired into the Gaza Strip by Israel over the past two months."
Quite - so ongoing indiscriminate shelling of civilian areas - at 3000 a month!. That's likely a war crime under international law. And it wasn't just one shell that landed near the beach - so it wasn't just a stray munition / misfire .This was deliberate targeting of areas where there were likely to be civilians.
"One possibility is that they had fallen short when being fired at areas on the outskirts of Beit Lahia used by armed Palestinian groups to launch rockets into Israel.""
But no rockets had been fired into Israel that day.
As above there is no shortage of good reasons why at least 2 Amnesty International Annual reports define Israel as effectively a terrorist state...
"It was routine for many many years and likely still is."
ohreally? Likely? Proof?
"What Hamas might do is irrelevant."
Of course it is. Because they are freedom fighters? So firing rockets from civilian areas is OK then.
https://www.theatlantic.com/international/archive/2014/09/hamas-quietly-admits-it-fired-rockets-from-civilian-areas/380149/
What would any other country do in this situation? Ignore the problem?
Even UNWRA complained!
https://www.unrwa.org/newsroom/press-releases/unrwa-condemns-placement-rockets-second-time-one-its-schools
"Most Palestinians are not members of Hamas."
The point being?
Perhaps you should read the reports you site...
""The State of the World’s Human Rights,” as the annual report is known, documents human rights violations in 159 countries. A press release attached to the report highlights 22 countries as “examples of the rise and impact of poisonous rhetoric, national crackdowns on activism and freedom of expression." The list includes – although the report notes that it was “by no means limited to” – China, Egypt, France, India, Iran, Syria, Russia, Saudi Arabia, Sudan, Turkey, the United Kingdom and the United States. Israel does not appear on this list.
The report documents how 36 countries, including Israel, broke international law by returning refugees to countries where their safety was at risk. It documents how people in 22 countries (not including Israel) were killed for peacefully standing up for human rights and how war crimes were committed in at least 23 countries (including Israel).
The report does not spare the Palestinian governing bodies either. “Neither the Palestinian government nor the Hamas de facto administration in Gaza took steps to ensure accountability for crimes committed by Palestinians armed groups in previous conflicts, including indiscriminate rocket and mortar attacks on Israel and summary killings of alleged ‘collaborators,’” it states. According to the report, Palestinians killed 16 Israelis, most civilians, and one foreign national in stabbings, car-rammings, shootings and other attacks last year."
S'funny how of all the countries reported on, only Israel gets its legitimacy questioned.
"Because they are freedom fighters?
Can't you read -, he already told you why above - it's because the comments were about Palestinians, the vast majority of which are not Hamas members. It's like saying all Jews are Zionists and support Israel, whereas in reality many of them agree its a terrible apartheid terrorist state and don't agree with its policies and actions...
The rest of the garbage above is just similar attempts to throw dirt at others to justify the appalling activities of Israel and doesn't add any value to the lame arguments you already recycled.
nb - I wont be replying to any further posts as I think the subject has been covered well enough for an intelligent third party to reach their own conclusions. However I do think you are defending the indefensible. A lot of what goes on on BOTH sides in Palestine / Israel is unnecessary. However one side is supposed to be a first word democratic state so imo has far less of an excuse.
"However one side is supposed to be a first word democratic state so imo has far less of an excuse."
And that seems like a good point to end the discussion... classic case of one side being held to a far higher - and unattainable - standard whilst the other side is allowed to practice the most vile activities with impunity. So many examples from the treatment of the LGBT community through to the very words written in their respective constitutions. How any white middle class Graun reading, left leaning patrician can sit by whilst their unelected "friends" continue to make the lives of their own people as well as those around them so miserable is a continual source of fascination and sadness.
"classic case of one side being held to a far higher - and unattainable - standard"
Not being a bastion of institutionalised apartheid and not having an effective policy of genocide including deliberately targeting women, children and families as was documented by the OP is not generally considered an unobtainable standard in first world countries.
Clever piece of propagandist writing that. Assert that the behaviour of one group is the same as another. And just leave it standing as if it was in some way true. No need for rational argument there. Actually, not clever. Well trodden ground that has been tried over and over again. But it's mud that just doesn't stick.
Tribal warfare
Sadly, that can be said about a lot of places. maybe all of them if you extend the definition of warfare to the non-violent political stuff. What else is the SNP or Catalonia or Brexit, or Myanmar about, other than asserting tribal history?
Clever piece of propagandist writing that. Assert that the behaviour of one group is the same as another. And just leave it standing as if it was in some way true. No need for rational argument there.
Yeah, Israel and Palestine are exactly like Spain and Catalonia. Why, just 10 years ago I remember Madrid bombing Plaça de Catalunya with white phosphorous.
Strange form of genocide, considering there are more Arab Israelis now than there were when Israel came into existence.
https://en.wikipedia.org/wiki/Arab_citizens_of_Israel
Don't tell Ken!
I don't remember many Jews being enlisted into the SS. Maybe you know better?
http://www.bbc.co.uk/news/world-middle-east-37895021
True. And the burgeoning Palestinian (Israeli) population has been a cause for concern of various Israeli politicians who have made noises about dealing with the 'problem'. - https://www.haaretz.com/israel-news/.premium-1.550169
At the same time there are rather more Israelis (Jewish) than were there when Israel came into existence.
Not that I have any great skin in the games but that is a somewhat silly statement/argument. Israel is, however, the only democratic state (with all of its faults - but hey, people in Glasshouses- I live in Europe) need to be careful with what and where they chuck!
I think this age old argument can be summed up with arseholes.
They are both arseholes and there are arseholes on both sides, equally on both sides there are people that aren't arseholes.
One set of arseholes has more weapons and uses them against the other arseholes.
The other arseholes also attack the arseholes however more of their arseholes get killed.
Innocent non-arseholes are killed on both sides.
Everyone is waiting for some dick to help sort them out but it never happens because they prefer one set of arseholes more than the other due to a lot of lobbying in the dicks government and the leader of the dicks clearly doesn't like one set of arseholes.
Until there are less arseholes than arseholes on both sides and we have a dick that really wants to help nothing will change.
I hope that clears it up.
So the Americans harvested those AV records for a good number of years? Is this another case of the Americans being surprised that their exclusive exploits are not so exclusive and are used by other secret services and / or criminals?
Or perhaps the real issue the Americans have with Kaspersky being that Kaspersky will find and stop NSA created viruses instead of white listing them like American security companies could be ordered to?
The more i hear about the whole anti-virus business, the less inclined I am to trust any of the companies involved. It's not that I think that Eugene Kaspersky or his counterparts at his competitors aren't personally untrustworthy. It's that any program of that nature inherently has free access to anything and everything in your computer, and they're a magnet for the NSAs of the world to exploit and take advantage of.
The problem is that our operating systems are such big targets, necessitating scanners of some sort. The open source scanners basically suck, Long ago, McAfee offered a "scanner" that would basically checksum the binaries, and let you know if something changed. But that doesn't work for viruses that hide in dynamic data.
Yeah, I use Kaspersky, because it's been the least problematic scanner. I've used and dumped McAfee and Symantec. Would any of Kaspersky's real problems not be seen at other vendors? I doubt it. If nation states want in, they have ways of getting in.
Citation please ?
Because the wiki page makes no mention of country of origin.
Anyone who expects AV software to protect them from nation state exploits is a fool, regardless of where it comes from.
The NSA working with AV vendors to get them to whitelist their exploits seems counterproductive because it would only the chance of detection by bringing a lot more people in on the secret. Anyway, they have absolutely no need to conserve exploits since it isn't as if Windows has a shortage of holes!
"it is now claimed Israeli spies hacked into Kaspersky's backend systems only to find Russian snoops secretly and silently using the software as a global search engine"
It wouldn't surprise me if US intelligence didn't already own and run the various US owned AV companies. Kaspersky is possibly the only one not yet so compromised. Do these Israeli spies seriously expect us to believe that the Russian snoops would be so careless as to leave such evidence, after all they're not working for the NSA. Do you seriously expect us to believe that a NSA contractor would be running Kaspersky software on his spying computer. Please don't repeat this neocon waffle on a technology forum.
Claiming "Kaspersky is possibly the only one not yet so compromised" when the two major countries with it codified into their laws that all software sold within their borders be turned over the the security services are Russia & China, is simply ludicrous. What would be shocking would be if Russian & Chinese AV makers were not compromised by their respective governments.
when the two major countries with it codified into their laws that all software sold within their borders
This applies only to foreign software. Indigenous suppliers do not need to do that if memory serves me right. Neither in Russia, nor in China.
But Kaspersky would need an FSB licence/permit as they use encryption.
As all the cloud dumped data almost certainly has to move through Russian ISPs to get to Kaspersky you have a direct intercept route (a sniffer on any switch on the route should do it).
"As all the cloud dumped data almost certainly has to move through Russian ISPs to get to Kaspersky you have a direct intercept route (a sniffer on any switch on the route should do it)."
Presumably the data is encrypted enroute, so it is easier to access the servers once the data has been unecrypted than copying it at source. Unless of course the FSB had access to kaspersky's private keys.
The fact they went via this route ironically indicates that it was probably done without Kaspersky knowledge
> "Claiming "Kaspersky is possibly the only one not yet so compromised" when the two major countries with it codified into their laws that all software sold within their borders be turned over the the security services are Russia & China, is simply ludicrous."
Context. "Kaspersky is possibly the only one not yet so compromised [by the US agencies, by virtue of being neither American nor British]" was clearly the intended reading.
"Kaspersky is possibly the only one not yet so compromised by the US agencies, by virtue of being neither American nor British"
While pretty much anything is possible at this point, where does that leave a nominally non-US player like BitDefender...?
There is a queue at each and every AV vendor.
Even if they are not operating in a cosy relationship with their country 3 letters, they have the level of access and the capacity for ex-filtration which is usually not allowed even to the OS itself.
If Evgeny has indeed been pwned, that means that every other vendor has been pwned too (most likely several times).
Muppets, all of em’. In further news, more secret nork squirrel spies spy on spys, again.
https://www.theguardian.com/world/2017/oct/10/north-korea-hacked-us-war-plans-south-korea-reports
So, inevitably we should move to an open internet/society where ‘top-secrets’ aren’t hoovered up into a big heap, later for someone unauthorized to nick them all?, or should we just implement the May2018 GDPR, worldwide and even for dot mil?
Seriously, though. Is it better to run a Russian, a USA-ian, a Chinese, ... a Nork-ian, and why not an Israeli anti-virus, live and simultaneously ... or is there a role for running no Anti-Virus, doing everything in a VM (a virtual machine), and checking what you might want to save from that Virtual session in a stately (meaning calm and collected, not governmental) manner?
Kaspersky and now Symantec are refusing to open their source to governments because they know it will make it easier for governments to find weaknesses and potentially use the AV software for their own mass surveillance. It's quite possible that Kaspersky has been hacked by the Russian government, but the same issue applies to most other popular AV software. Kaspersky has a history of exposing NSA/GCHQ/Israeli spying software, so it's no wonder they're not liked by those organisations.
Kaspersky made it clear in 2015 that they knew it was the Israelis behind the attack when they publicised details of that break in.
From their 2015 press release: https://www.kaspersky.com/about/press-releases/2015_duqu-is-back-kaspersky-lab-reveals-cyberattack-on-its-corporate-network-that-also-hit-high-profile-victims-in-western-countries-the-middle-east-and-asia:
- some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal.
- the Duqu 2.0 group launched a similar attack in relation to the [1]70th anniversary event of the liberation of Auschwitz-Birkenau
- Kaspersky Lab believes this is a nation-state sponsored campaign
This suggests that it was not Kaspersky at all, but someone hacking their back end. Bad points for Kaspersky re. security (and for hauling filenames back to base), but that does validate their original position that they did not do this willingly - which confirms my original opinion.
This going public will put the kibosh on the backdoor (Kaspersky can fix it) but I'd note that it's not good news if you get used twice in a row by third parties - their stance that they won't whitelist any government spyware doesn't count for much if their security allows such governments to install it themselves.
The leak may also pretty much end any further Israeli intelligence getting to the US, as this is the second time that something leaks.
The remaining questions:
- how many other AV vendors have been backdoored (because with the privileges this sort of software runs at it is ideal to insert other fun stuff)?
- why on Earth do we continue to use world's most insecure platform for anything serious? AV has only ever been a badly tattered sticking plaster on some seriously fundamental problems that have persisted throughout the decades.
Well, when you think about it, an AV scanner is potentially a perfect way of accessing a system at a very deep level.
I actually blame a Microsoft for allowing a situation to have developed wheee Windows has been so full of security holes that PC users are basically feeling they’ve no choice but to use 3rd party antivirus software. In many cases some of these packages even significantly impact performance, yet people put up with it.
If you’re installing software that’s essentially a “black box” that you’ve no ability to audit but that has deep access to all sorts of areas of your system, it has the potential to access a hell of a lot of stuff.
"I actually blame a Microsoft for allowing a situation to have developed wheee Windows has been so full of security holes that PC users are basically feeling they’ve no choice but to use 3rd party antivirus software. "
Eh, not so much tbh. Let's break this down honestly:
1. All software has bugs. This is just true.
2. You can never eliminate all bugs.
3. The more complex the software, the more bugs.
4. OSes are fiendishly complex.
5. Therefore, OSes are always going to be riddled with vulnerabilities.
6. The main defense that most 'secure' OSes have is therefore simply not being popular enough for anyone to look for and exploit all the bugs.
This is probably most obvious in the difference between pre-XP Microsoft (where security was taken roughly as seriously as Clippy's AI) and post-Vista Microsoft (where security is actually a pretty big thing). The resulting difference in vulnerabilities in the wild is more or less negligible. Despite MS throwing a great deal of effort into security the OS, up to and including writing and updating free tools, all this has really achieved for them is to accelerate the efforts of the attackers to find weaknesses. If Apple or Linux had 90% of the desktop market, then they'd be a shitshow too - as you can see from Linux-based Android, which is a malware hellscape, compared to virus-free Windows Phone. No-one used WP, so no-one ever bothered to try and hack it.
In fact, we're seeing exactly that everywhere - Linux, long lauded for it's security, is the OS of choice for IoT... and is suddenly a horrifying securing apocalypse waiting to happen. Basically, it turns out that it doesn't really matter whether the programmers try to take security seriously or not; whenever a device class ends up with a dominant monoculture (as seemingly all tech tends to), that monoculture is going to be overwhelmed with with shit and a third-party security ecosystem will emerge (just as it has on Android).
"Linux, long lauded for it's security, is the OS of choice for IoT... and is suddenly a horrifying securing apocalypse waiting to happen."
Let's try and construct a physical world analogue of this.
You have a strongroom with reinforced concrete walls, triple locked steel doors - and the keys hanging on a hook beside the door.
The basic IoT problem is one of deployment - allowing the user to start the device functioning on the net without setting a strong password.
Does anyone seriously think any o/s isn't vulnerable these days? I have a/v installed on my Mac, we have a/v on Linux at work. I don't think it's the fault of Microsoft, but that to get just about anything done in the business and even private world these days in a relatively speedy manner, you need to be online, and that brings the risks. Win 3.1 probably had hundreds of vulnerabilities in it, but at the time the majority of computers were not connected to the internet, or f they were, we weren't all keeping out financial information on it.
"Does anyone seriously think any o/s isn't vulnerable these days? I have a/v installed on my Mac, we have a/v on Linux at work"
Installing *more* software with *more* vulnerabilities does not necessarily make your system any less vulnerable. When that extra software systematically reports back to base and downloads payloads off the interwebs you have provided a *new* remote entry point that gives direct access to a process running with elevated privs. *If* the resulting system is *more* secure for that extra entry point it would be a very much against the run of play in the real world.
Keeping a physical separation between the interweb traffic, filtering everything coming in (and out) with a secure by default firewall (eg: pf), patching frequently and watching the logs is the best option I've found yet.
YMMV.
I think OS/es are vulnerable, so I try to cut down services and keep a physically removable network cable between my boxes and any off-site traffic.
"How many within NSA and other agencies such as GCHQ are using the toolkits for their personal errands?"
Or, is shorter form, quis custodiet ipsos custodes?
It seems Kaspersky's offence is to try to make their AV effective against the NSA. Because nobody seems to be suggesting that Kaspersky has been returning interesting files for the FSB to look at, just returning interesting AV signatures and pattern matching them. Which seems to be part of their day job.
After Snowden it seemed inevitable to me that the NSA et al would want to put spyware on all their workers' systems so they can see and track what they are doing.
What they perhaps were not expecting is that a worker would install Kaspersky which would spot that spyware, not only warn the user of it, but ship it back to cloudbase where it could be analysed, and which also made it accessible to all those who had access to Kaspersky's cloudbase.
Did Kaspersky give the FSB access to their cloudbase or did the FSB hack in just as the Israelis did? Hard to say but it is plausible that Kaspersky did not know either had access.
I am surprised the NSA did not also have access to Kaspersky's cloudbase as it would seem obvious to me they would want to know when their spyware had been detected. Maybe that's what Israel had been tasked with doing?
There is probably a lot more to this than anyone will ever know.
were responsible for writing some(most?) of the NSA zero day exploits?
Personally, in the war room fake news driven paradigm in which we live, I have to wonder if Eric Blair isn't laughing his head off in his grave.
"O'Brien would be proud"
IE There neither a russian or Israeli hack. there has been no real information - yet.
Good old Symantic et al can stand as proud US services, with the NSA giving a straight extranational competitor a good kick in the nut-sack. After the Boeing/Bombardier spat, and the general anti-russian sentiment, I would not be surprised.
It makes one forget about stuff that matters, like gunrunners money laundering in Las Vegas
I haven't seen any one linking this news story to the CCleaner hack. Sounds very related to me. An anti-virus company being hacked by a shady group, products being tampered with at source, and then targeted attacks carried out from there.
I would certainly be interesting to hear from some of the other anti-virus companies out there.
Meanwhile, all of the paranoid USAians can go to Best Buy and exchange their copies of Kaspersky for McAfee. Yeah, you know you can trust McAfee. Good old USA AV won't have the NSA all over it...
---> "While I wouldn't be happy with an NSA insert, the thought of an Israeli one is far far scarier"
"Why?"
Because Israel seems to be shifting more and more to the fundamentalist right within it's government.
Some of the more recent 'edicts' to have come out include...
Reform Jews wanting to visit Israel will no longer be allowed if they also support BDS.
https://www.timesofisrael.com/over-200-us-rabbis-want-israel-to-lift-bds-travel-ban/
An agreement in principal, 5 years in the making, to give access the Western Wall to all Jews gets nixed at the last minute by an Ultra Orthodox minority,
http://www.jpost.com/Israel-News/Jewish-Agency-laments-Israeli-govt-decision-to-halt-Western-Wall-plan-497869
While the NSA is a pretty secretive organisation at least it's operational structure is a couple of steps removed from direct Executive control. I'm not sure that the same could be said of the Israeli version of the NSA and I frankly wouldn't be massively surprised if I heard that they were actively searching for anyone who supported BDS.
"You have a point there. It's not as if BDS supporters want to eliminate Israel from the map is it?
That would never happen here.
https://en.wikipedia.org/wiki/List_of_people_banned_from_entering_the_United_Kingdom"
Seriously? a list of people who can't enter the UK is your argument?
There's a whole pile of whack jobs on that list, from the extreme right to the extreme left, from rabid Imams through islamophobic Jews to intolerant Christians through rabble rousing Nazis and child molesters .
Pretty much every religion and political viewpoint has it's extremist adherents who tolerate no dissent from their 'pure' world view. However BDS has many people who view it as the only route open to them to protest against Israels occupation policies.
If it's not a land grab then pull out and give the Palestinians their own state, or is Israel not able to do that because it's beholden to the Ultra Orthodox and Settlers groups who prop up the government?
Don't forget, Rabin was assassinated by a right wing Israeli who opposed the peace process and was encouraged to kill Rabin by Avishai Raviv who was an agent of Shin Bet at the time.
What's their aim? What is the only outcome that would satisfy the BDS group? Nothing less than the complete destruction of Israel, and all who live there. You might be happy with that result, but for some mysterious reason the people who live there would rather keep their lives and pluralistic democratic state than be turned into another miserable decrepit Middle East country. As such, the country has a right to defend itself from those who would at the very least try to harm its integrity and sovereignty.
'Their' (one of those fantastic all in the same pot generalisations) aim is to get Israel to withdraw from the occupied land and many people support them in that.
Anything over and above that, including the attacking or attempted destruction of Israel would be anathema to people who support BDS today, can't you see that one isn't the other?
Please don't lump supporting of BDS as attacking Israel, it's not, it's disagreeing peacefully with Israels illegal occupation of Palestinian lands.
"Anything over and above that, including the attacking or attempted destruction of Israel would be anathema to people who support BDS today"
That's a bit like saying that the Soviet communists didn't support the less extreme socialists in the west. Not true.
BDS can inflict damage on Israel, so of course it will be supported by the most extreme proponents, as well as more moderate ones. Better be careful not to end up a tool of the latter.
====>"Anything over and above that, including the attacking or attempted destruction of Israel would be anathema to people who support BDS today"
That's a bit like saying that the Soviet communists didn't support the less extreme socialists in the west. Not true.
BDS can inflict damage on Israel, so of course it will be supported by the most extreme proponents, as well as more moderate ones. Better be careful not to end up a tool of the latter.
-----------------------------------------------------
It's nothing like it, again you're trying to conflate the views of everyone who supports BDS as being the same. If you want to stop damage to Israel via BDS get Israel to withdraw from the occupied lands.
If you are really incapable of making the distinction between peaceful support of BDS and the destruction of Israel then this conversation serves no further purpose.
"'Their' (one of those fantastic all in the same pot generalisations) aim is to get Israel to withdraw from the occupied land and many people support them in that."
Indeed, and they define the "occupied" land, to use their words, "from the river to the sea" i.e. everything between Judea/Samaria and the Med. Doesn't leave much.
Perhaps you should read up on what Omar Bargouti, the founder, of the movement thinks:
“[Israel] was Palestine, and there is no reason why it should not be renamed Palestine.”
“[Palestinians have a right to] resistance by any means, including armed resistance. [Jews] aren’t indigenous just because you say you are….[Jews] are not a people…the UN’s principle of the right to self-determination applies only to colonized people who want to acquire their rights. ”
“I am completely and categorically against binationalism because it assumes that there are two nations with equal moral claims to the land.”
Anyone who supports BDS and doesn't think the total destruction of the country is its goal is just being a useful idiot for the leaders of that organisation.
"Reform Jews wanting to visit Israel will no longer be allowed if they also support BDS."
Hah. Many people qualify to live in Israel under the right to return laws but would not be recognised as Jewish by the majority of Israeli Jews if they did. That's what happens when you have a theocracy imposed on a secular state.
Although there are some excellent Israeli electronic products, I would trust Israeli AV software about as much as I would trust Iranian or Saudi AV software, and for much the same reason. Countries which have to obey the whims of religious fundamentalists have deep seated problems.
Symantec was the first to jump, with its CEO Greg Clark telling Reuters this week it will no longer let governments inspect its source code. Clark said: “Saying, ‘Okay, we’re going to let people crack it open and grind all the way through it and see how it all works’” poses an unacceptable risk to customers.
Can't see that sitting sitting well with 45 Orange and Co. With the latest pronouncement by the Deputy AG that "...there has never been a right to absolute privacy", US TLAs are not going to be happy with the loss of any attack vector.
Expect a Twitter rant from The Orange One in the not too distant.
Oooh Popcorn! ------------->
... has anyone seen the tiniest scrap of concrete evidence yet?
As far as I can see, this is just another of the MSM presstitutes' stories along the lines of, "My great contact in the alphabet soup [or sometimes Congress, or the White House, or State] gave me this great inside scoop, which I am now going to share with the whole world so that my career can be enhanced [sorry, to enlighten everyone about the truth]".
But is there any reason at all to believe that a single word of it is true? For some insight into how these things work, read this: http://www.unz.com/article/the-elites-have-no-credibility-left/
Exactly - there's a presumption of behaviours by all the various snoops which underpin a range of feasible, even likely, scenarios, but while ignoring the more extravagant conspiracy stories is probably sensible, the reality is still that we really know sweet FA for a fact.
If Russian ops were indeed observed to be trawling through Kaspersky's servers they may have asked themselves what exactly makes the US so hostile towards Kaspersky lately, ie. what exactly the US might know and how, leading to them basically confirming some way that they've been made. If that realization lead to sufficiently obvious actions to clue in the Israelis as well that the gig is up, there would have been basically nothing left "protect" from any of the relevant players, which is why we might be reading this - even if the information is worthless as a secret by now, it could still be useful as "evidence" (not that anyone can verify it) against Kaspersky's wares, exactly as it's being used right now.
What I'd like to know is how it is possible for the Israeli's to spot the Russians trawling the information in real-time, yet Kaspersky security employees couldn't.
I can only think of two resolutions to this conundrum:
1. Kaspersky wasn't hacked by Israeli cy-ops and this is all FUD
2. Kaspersky are lying about knowing they have been compromised
The intelligence community is a business like any other, just the currency is different.
By leaking this information a number of desirable objectives might be achieved, where discrediting of a major AV solution produced in a non NATO member country is a first.
Another message might be: "Israel hacks Russian IT companies", which might spook away potential Arab customers from buying Russian IT products.
Install at least three different AV products from the US, Russia and Israel? The US AV software will stop the Russian and Israeli malware, the Russian AV software will stop the US and Israeli malware while the Israeli AV software will catch the Russian and US malware.
The downside is that you'll need a 100Gb connection to get a 10Mb throughput.
ok, I haven't bothered doing this on Safari yet. I remember that the most popular ad blocker was worse than the ads, so I mainly use No Script. I do have Firefox for OSX, but prefer Safari for reading things that need quick and smooth resizing. Any recommendations for Safari ad/script blocking?
reason why I have an adblocker is because of a particular ad right here on El Reg.
I'm the same - dancing ads on El Reg are probably more noticeable for me because a) I'm more interested in the content (and thus here for longer) and b) I need more braincells engaged to understand the content on El Reg, and those annoying ads made it so I couldn't focus.
If it wasn't for the all-singing all-dancing all-WILLYOUJUSTFUCKINGSTOPMOVINGALREADY! ads on El Reg, I probably would never have discovered the joys of adblockers.
--> Dual purpose icon; my annoyedness at annoying ads and my dreams of introducing the people behind them to my favourite blowtorch...
Like most other intelligence organisations the Israelis are not "on the same side" as anyone else, so when they pass information to friendly countries it is to advance their own agenda. IIRC Israel have a pretty good record of acquiring information that the US wasn't expecting to share with them.
Watch this video from Bill Browder at Cambridge, its 15 minutes but suck it up and watch it all the way through: https://www.youtube.com/watch?v=32AqentzbOQ
Corruption and organized crime are a virtual branch of government in Russia. A friend of mine was in Sochi covering the Olympics. The Russian officials gave the media a tour of each venue. He asked how much each venue costs. There was abject fear in the eyes of the venue mangers. They can't answer that question because the graft is so enormous it is almost impossible to cover up, and being honest risks great personal danger.
In the last 5 years, 4 or 5 former Kaspersky employees have said the company has cooperated with the Russian government. The fact that Israeli intelligence watched as the FSB had unfettered access to search civilian data only supports those claims by former employees.
What the fuck. Israel breaks the law and catches Kaspersky doing it's job. Yes, security companies harvest viruses in order learn how to fucking find them, break them and then delete them. I did it myself. When I discovered a virus on my network, as part of digging it out, I stored a copy of portable media, which I clearly labelled as dangerous and not to be used and I used it to test AV products, if they did not find it, I avoided that product.
Somehow twisting collecting viruses to analyse and break them not equates to using them to hack everyone else, how gullible would you have to be to believe that.
It's like a bank robber being caught and then saying, thank me and reward me, I discovered the bank manager was committing bank fraud because he memorised the combination of the safe.
They admit breaking laws, anything there is after is bullshit, you broke the law, ummm, so why the fuck should I believe anything you have to say, your broke security software on purpose, why.
The Russian government is now in a position to dump arrest warrants on anyone from the company who ever dares to go to Russia.
I expect a security company to gain full details of a virus, what it does, how it does it, what happens in the wild with it, who is actually using it. So Kaspersky discovered the US government was viruses and reported it to their government as required by law, accesory after the fact and then the Russian government investigated it and where it come from and where it was sending stuff and the Israeli whilst conducting criminal activity, call that a crime.
Lame excuse, anyone who buys it is truly foolish.
It's ridiculous enough when people ignorantly and emotionally inject speculation into any story... but it's just downright moronic to inject inflammatory politics into a story.
The real thing to look at here is the New York Times. In the past year, they've been proven wrong so much, it's amazing anyone reads this rag... even if it's been left on a subway seat.
Then the story itself is written in such a way, they throw out things to get the imagination and emotion stirring.. yet in small print, they remark "speculation".
Then you see so many perpetuate the madness and crap here. The media has definitely mastered taking advantage of people's ignorance and emotion.
In 2015 Israel finds evidence that Russia is using Kaspersky AV to spy on everyone.
In 2017, US Government warns its government employees to stop using Kaspersky AV.
So either (a) Israel (an "ally") did not tell USG until 2017, or (b) USG intentionally allowed all its government employees to be spied on for two years by the FSB.
There is something very wrong with the official story
Well, given two months has past, we can conclude that as no evidence has been put into the public domain to back up this story, the reason for the 'delay' was to camouflage the FUD. By putting the discovery back in 2015 makes it easier to make excuses about lack of evidence and dissuade people from asking too many questions...
The US are simply using the Israeli story (and there is no evidence to indicate that it is anything other than a fake news story) to support their FUD about Kaspersky.