This is very bad for Kaspersky. Put aside how much revenue the entire GSA market represents for a security company (it'll be a double-digit percentage for a typical company). The bigger problem is that in the wake of this, every systemically important financial firm will also eject Kaspersky. In addition to being another significant chunk of revenue, major financial firms set the buying direction for IT security for the whole industry.
If you're wondering what the backstory is here, well, join the club. Dave Aitel sums it up: US Senators John McCain and Marco Rubio claim the US IC has presented them some kind of smoking gun evidence that some kind of line was crossed. They're not planning to share more information. Anybody who tells you they know more about what's going on is probably just spreading gossip.
which references this July 11, 2017 Bloomberg BusinessWeek article, "Kaspersky Lab Has Been Working With Russian Intelligence - Emails show the security-software maker developed products for the FSB and accompanied agents on raids":
This doesn't say anything at all. It says Kaspersky helped Russian law enforcement to arrest Russian cyber criminals. That's not alarming and it happens in every country.
There's no need to have smoking gun. If confrontation between countries go too far, this is a potential attack vector. It can be used even without any cooperation from Kaspersky, is necessary. And, if used wisely, even without attribution (this requires cooperation though). This risk is enough to justify this move.
Because of everything that has been in the news since before the election. Tensions are higher between the US and Russia, both sides having ejected diplomats. It's very different than it was 4 years ago.
Because Russia is a domestic political issue in the US - it's been anointed as the McGuffin in the battle between the two main parties over the presidency.
I rather do think that political inclinations are religions in the US, however, but the wars are largely phony and forced - hence McGuffin. I'm sorry it upset you.
Okay. In that case I question what motivated your initial comment correcting your parent? I agree that it's not worth discussing further, so I'll sign off after this comment.
People who take the time to correct others (particularly when it's off-topic) are generally motivated by the desire to genuinely help the discussion or by mean-spirited nitpicking. If the former, they're also interested in learning about how discussions tend to behave on the forum in which they're participating, which is why I chimed it. If I assumed the latter, I would refrain from commenting at all.
Okay. In that case I question what motivated your initial comment correcting your parent?
Correcting a commonly abused saying, and thereby slightly reducing the volume of bullshit if only imperceptibly. I have to wonder why you seem so interested in commenting mostly on the comments of others.
Sometimes these things are peeves. I have a peeve about using "they" as a gender-neutral singular pronoun, but admit it doesn't have much effect on expressiveness.
In general, though, I feel that the more precisely we use language, the more expressive it can be. Begging the question is different from raising the question. If we allow that conflation, it then becomes more difficult or requires more words to express what "begging the question" really is.
>If we allow that conflation, it then becomes more difficult or requires more words to express what "begging the question" really is.
By analogy with Huffman coding, the meanings that are used less often should require more words to express than the more commonly-used meanings. And if you really want to express the meaning "assuming the premise", then you could just say "assuming the premise", instead of insisting on the "precision" of using a 16th-century mistranslation of petitio principii.
Damn! (Just when I thought I was out….) Honest question deserves an honest answer. Very similar motivation. I'm very interested in figuring out how to promote productive, constructive discussions in general and online in particular. The deep polarization that seems to have increased and been exacerbated by the internet is an issue that I think desperately needs to be solved. HN is a community that values constructive conversation and at the same time struggles with it. If I can help make that better, I want to do so. I think a lot of people actually share that same goal, at least implicitly, and aren't always aware of the dynamics of online forums in general or on HN in particular.
I have to agree with that, although I'm not so aware of the polarization or other dynamics here yet, I can certainly admire your aims and methods. Good luck spreading civility and discourse, although I'd encourage you to assume the best intentions in others as you go.
Thanks. I appreciate it. The polarization I refer to is more apparent in political threads here and in US society at large, not specific to HN. To be clear, my assumption at the start was as I described in my second comment: I did assume that you were sincerely trying to help. Your response was what made me question that that was the case, but I suspect your response was colored by the snark that I allowed to slip into my initial comment. I generally strive to keep that at bay because it's so rarely helpful in conversation, and it was a lack of discipline on my part that I didn't keep in in check here as well.
Would you mind sharing with me how you would have written my initial comment, (given what you know of my intention) that would have had the most positive effect on you? I'll take my answer off the air. Thanks again for your time and attention here. It's a rare opportunity and I do appreciate it.
So its even more important for public to see the evidence. Otherwise it feels like private vendetta most likely because Kaspersky is Russian (you know, our current Administration doesn't like Russians much) who actually build his empire on fighting Russian Government-funded cyberspying (claims Wikipedia).
I'm sure if Kaspersky sells tons of software on US soil, and most likely pay taxes on US soil, then they will sue and have a solid case against the US Government on discriminatory basis; unless of course said smoking gun will be made public. Otherwise it feels guilty until proven innocent (if given chance). Welcome to Russia, err. I mean: America.
Edit: if this falls thru, we have a very dangerous precedence; until now, politicians were taking money and lobbying for/against certain rules to help certain businesses to gain competitive edge. Now we have 2 Senators who happen to have "smoking gun" from "anonymous sources" (I presume) that could pretty much shut the whole company down. Whether Russian or American, irrelevant.
It's possible they're trying to tank Kapersky but considering all the backdoors the NSA injected in American software (RSA[0], PRISM[1]), it seems very plausible the Russian government does exactly the same thing to Russian software.
PRISM isn't a software backdoor. It's a system for sending selectors (metadata query terms) to providers under FISA 702 Directives. PRISM : FISA warrants :: Stripe : credit card authorizations.
We always suggested to activists to consider the geopolitical loyalty of the company selling your software (especially security software) when picking a provider. Its a crappy rule of thumb but can occasionally be helpful.
Working in/on Russia - not Kaspersky
Working in/on Israel - not Checkpoint
Working in/on UK (e.g drone strikes) - not Sophos
Working in/on US - etc etc
Ultimately capability and costs of the software was the main thing but the more you heard about Kaspersky style stuff, the more its seems relevant. Hanging around the security space long enough, you meet people at Western security software companies who quietly will express some concern about what goes on inside their own places. It reminds me of Huawei hysteria.
More likely that not, the sources and methods behind the evidence are classified. See all the Russians that started dying under mysterious circumstances or got arrested, nominally for treason, after the US election.
You can have secrets or you can public policy in a democracy. This stuff isn't chump change, this is a primary debate we are currently having and the public can't see the evidence.
> smoking gun evidence that some kind of line was crossed
I'm amused every second of my life that seemingly all of the US' "opponents" keep using US software which also mainly remains closed-source, while everybody knows that lines are constantly being crossed. It's both funny and mind-blowing.
If I have to guess I would say that some intelligence agency is monitoring software updates from Kaspersky and they found something unusual, but probably their evidence is circumstantial so they can't go public with it. I don't know how's their update model, but for instance they could skip or delay updates for ongoing operations for specific targets (and this could actually be done even without the consent of Kaspersky). Of course they also can deploy rootkits, but then there is no way to deny wrongdoing...
I think a lot of what we think we know about this stuff comes from people who preface comments with "if I have to guess" being read by people who skip the first 5 words in those comments.
Maybe, but I think that all this speculation is understandable, specially for commercial reasons: what other software companies can do to not be banned.
It's totally understandable that people speculate. We're humans, and we're very uncomfortable with incomplete information. Our brains are wired to fill in gaps like this.
If we don't speculate at all, we're left with the following bullet points from news articles this year:
- Michael Flynn was paid by Kaspersky to speak at its seminar (probably nothing, but mildly interesting)
- US Intel community considers Kaspersky to be an arm of the Russian government
- Kaspersky employee arrested in sting by Russian government for treason
- US Intel officials believe Kaspersky employees in US engaged in espionage
- Kaspersky employees investigated/interviewed in US by FBI
- Coincidence of a Russian military intelligence unit's ID in a certification for Kaspersky software
- Kaspersky denies it will ever work with any government on cyberespionage
Take all of that, and ask yourself this. Would the US govt, which already had suspicion to remove them, and had been getting the ball rolling since at least May or before then, ask them to spy on behalf of the US in Russia, and if they balk, remove their funding and damage their reputation?
To me that's real reason: they wouldn't play ball.
I think it's a very interesting timeline you've laid out. The piece I don't follow is the conclusion.
> Take all of that, and ask yourself this. Would the US govt, which already had suspicion to remove them, and had been getting the ball rolling since at least May or before then, ask them to spy on behalf of the US in Russia, and if they balk, remove their funding and damage their reputation?
To me that's real reason: they wouldn't play ball.
I'm no expert at this, but I can't think of any circumstance where US intelligence would both simultaneously believe they are a branch of the Russian govt and ask them to spy in Russia on their behalf. Almost with 100% certainty if the US is spying in Russia it is against their geo-political foe Russia's interest. You wouldn't pass your secretly gathered intelligence through a branch of the Russian govt before returning it stateside. The secret intelligence is almost certainly about the Russian govt - no way you'd pass it through them to get it back to you. At minimum they'd know what you know, at maximum they'd manipulate it to deceive you. Again this is all speculation on my part here, but I don't see it supporting that conclusion.
Clearly something changed to cause the sudden urgency to eliminate Kaspersky from govt computers. Additionally the urgency to me speaks more to eliminating a threat (of espionage or else) rather than retaliation. 30-90 days in govt time is pretty much as immediate as it gets.
I think something else changed or was discovered. An option is US intelligence found out evidence of escalation of alleged actions by Kaspersky either in the recent past or plans for the near future. Again I've got no evidence of this - but is what seems like it better fits the points we've seen so far.
> Clearly something changed to cause the sudden urgency to eliminate Kaspersky from govt computers
This isn't sudden, this has been in the works for at least half the year. Congress and the FBI have been investigating Kaspersky since at least May, probably before then. In June, the House and Senate approved legislation to ban Kaspersky's software from use by the military. Legislation introduced by, you guessed it: John McCain.
It might not be about spying at all - they might just be wagging the dog. It's weird enough that the military and intelligence services are working in tandem (how often do you see that happen?) to cast doubt on and kick out Kaspersky. With Trump under scrutiny about potential collusion with the Russians, could it be that someone needs to look tough against a Russian entity and provide in return some favor, like 100 billion extra bucks in the DOD budget?
The newly passed FY18 military budget is 696 billion, up from 582 billion in 2017 - an almost 20% increase. What really amazes me is 60% of Democrats voted for this, which is an incredible concession considering how gigantic the cuts to their programs will be.
> I can't think of any circumstance where US intelligence would both simultaneously believe they are a branch of the Russian govt and ask them to spy in Russia on their behalf.
Yes, but you don't then punish the entire company for not complying.
Turning a spy would be a covert action. Saying "your company better spy for us, or else we'll pull our contracts" is absolutely not. The previous poster was arguing the latter was what is going on.
If your company hires someone who openly flaunts a lifestyle which is "morally repugnant" to some ranking member of a committee which oversees a government budget, and the company realizes this, they have a decision to make. If the company keeps the employee, the contract could be pulled, and they lose millions. If they simply lose the employee, the company stays in business.
This is never an official policy, but it is a de-facto one, in the intelligence community anyway. Companies sometimes self-police to prevent these situations. But they will absolutely act to protect their interests, in one way or another.
The US can damage Kaspersky's reputation, while Russia can arrest Kaspersky executives for treason and/or slip them a polonium cocktail. Which do you think has greater leverage?
> Would the US govt [...] ask [Kaspersky] to spy on behalf of the US in Russia
Why would they? Wouldn't they just ask Microsoft instead? I don't see what particular value or access Kaspersky would bring to the table here. They have no particular "spy" channels into the Russian government, they just make software.
Former Russian spies work for Kaspersky (Kaspersky has admitted this), they are based in Moscow, and their founder was trained by the KGB and worked for Russian military intelligence.
"At the age of 16, Kaspersky entered a five-year program with The Technical Faculty of the KGB Higher School, which prepared intelligence officers for the Russian military and KGB. After graduating college, Kaspersky served the Soviet military intelligence service as a software engineer." https://en.wikipedia.org/wiki/Eugene_Kaspersky
These are all public news reports which I'm sure Reuters' Russian desk is aware of. And it's all just entertainment to me, so I have no interest in verifying. But I don't see how it qualifies as big.
The NSA was tapping calls from the personal cellphone of the Chancellor of Germany. The CIA created a Twitter clone that Congress funded just so they could destabilize the Cuban government. There's many more examples of our infiltrating foreign entities with men in sunglasses who all claim to work for the state department.
Asking a non-US company to spy for the US government, and then retaliating against them when they balk, seems minor on the average scale of geopolitical intrigue.
>> In addition to being another significant chunk of revenue, major financial firms set the buying direction for IT security for the whole industry.
I have never found this to be case, infact it seems to me that financial firms tend to be behind the times when it comes to IT Security. Especially banking. How many ATM's are still running XP Embedded as an example
None of the following is confirmed, but I keep seeing articles online hinting around this, or implying this. Essentially it sounds like is known in classified circles that Kaspersky works closely with and supports Russian Intelligence (FSB).
It seems while the US knew about this it had a spy within Kaspersky and was their source for finding out what they were up to. The accused spy was arrested by the FSB recently so likely the US no longer is willing to take on the risk of allowing Kaspersky to run on us govt machines. Marco Rubio appeared to hint at some classified info about known govt risks of dealing with Kaspersky. Additionally the second link mentions Kaspersky is moving into protecting critical infrastructure, which seems notable giving the sudden frequency of mentions of the weakness of US infrastructure to network attack.
The problem with classified security stuff is you never find out the full story. Only bits and pieces around the edges of it. It's almost never in their best interest to reveal the depths of what they know because it exposes their methods and awareness.
>> Essentially it sounds like is known in classified circles that Kaspersky works closely with and supports Russian Intelligence (FSB).
I have never understood why this is a shocking revelation.
FSB is russia version of CIA/NSA. Every single US technology company works with the CIA/NSA as they are required to by law, every company in any other nation is going to work with their government as required by law
If you are in the UK you will be working with GCHQ/MI5, if you are in the US it will be NSA/CIA, if you are in Russia it will be FSB, etc
You're making a very big leap from 'Russia arrested someone and charged him with treason' to 'That person was actually a US spy' and even 'The arrest of this person who was actually a US spy is the driver behind a particular US policy'. We just don't have any reasonable insight into why Russia arrests people and what, if anything, they're guilty of.
> We just don't have any reasonable insight into why Russia arrests people
In the actual article link it quotes Russian govt. officials saying they arrested them for treason, and for giving secrets to a US Intelligence Agency that wasn't the CIA.
I do appreciate skepticism in response to claims, but please do read through the article first before contesting.
If I were a rude person unburdened by the site guidelines, I'd suggest you read the comment you're replying to before grumping about who's read the article.
As I'm not, though - my point was the current Russian regime is not constrained by niceties like the rule of law and accusing enemies, real or perceived, of being nefarious agents of a foreign power is their favourite thing. So 'this guy was an American spy' is already a fairly shaky foundation, 'the arrest of this particular guy caused this change in US policy' is a reach bordering on baseless speculation. We just don't have any good way of knowing how much or any of this is true.
I'm not gonna completely judge a site based on it's links. But that site is pretty putrid on the links it displays. It doesn't exactly lend credence to it.
Seeing as this site calls HIV a myth, the holocaust a hoax, 9/11 a nuclear test, and the Jewish religion a Satanic cult... I don't think it is _super_ trust worthy.
What I'd like to know (and lack the ability to figure out for myself) is whether other antivirus products implement the same kind of workaround as Windows Defender, i.e., calling FltGetFileNameInformationUnsafe etc.
Is there some sort clandestine effort by Russian intel agencies to force US government to install McAfee Antivirus and subsequently cripple the productivity of said government agencies?
End of (federal fiscal) year is an OK time for this as there may actually (fingers crossed) be money available to shift away from these products that can be applied toward licenses.
What a happy, happy windfall for all the Symantec / McAfee sales reps with Federal accounts. If you're at a bar with one, they're buying :)
The US declaring that it think that an government should think hard about what foreign products to let into it's core infrastructure is going to have consequences the intended ones.
That is probably great news if your an European, or especially Asian software vendor trying to compete with any US based company for local government contracts, as the US have now legitimized any concern about foreign governments(including the US) forcing back doors into commercial products.
It might not be all that good if your an Californian start up trying to make money on the European and Asian market as what was a hard sell, now got harder.
Though it's not a new trend as were heading towards a situation where IT procurement is getting incredibly political and where the legal department is increasingly vetoing solutions that otherwise would have gotten selected due to jurisdiction issue in relationship to stored data.
It's different. EU is in NATO with US (most of EU). Buying from an ally vs a non ally (or enemy depending, Ukraine for instance) is a very big difference.
The US hasn't really legitimized anything new. If you are a major power with barely competent government, you have been concerned about technological sovereignty for decades now.
Love it or leave it, literally. Unless you like a Siberian prison.
FSB walks in, point to a dozen laws you've broken and then ask, how are going to do this. And you've almost certainly broken the laws (it's nearly impossible to operate otherwise in such countries), and even if you didn't a judge will say you did.
Tech sovereignty is going to be one of the most important international issues of the next few decades. The US has mostly lucked out so far, being the home of the overwhelming majority of major tech firms. But China has very purposefully taken steps to secure and guarantee their technological sovereignty, and there is movement in Europe to do the same.
China is blatantly ripping off the West in tech and non tech. Their rising middle class and population make it simple to copy and internally consume. Russia can do something similar because purposely segregate themselves.
They're based in Russia which obviously says a lot without needing to go into more specifics. They still do good work though, they're one of the most respected disclosure-publishers in the world.
I do wonder "why now?" though RE: banning them...Could be either posturing or some sort of recent intelligence (also I mean "recent" in the bureaucratic sense, so like...idk < 1 year?)
Would also makes sense to ban Microsoft at least in the EU for anything government or military related and only used a custom tailored Linux. EULinuxs instead of Red Linux :-)
I am unsure what exactly makes a country an "ally" of America (aside of diplomatic relations), but the US IC do have history of industrial espionage against the EU and other trading partners: https://theintercept.com/2014/09/05/us-governments-plans-use...
Also, interesting you posted a Glenn Greenwald article - he has been accused by some people in the U.S. of dismissing things Russia has done recently in these fronts.
I am deeply suspicious of the criticism heaped on Kaspersky, and I suspect it might be part of a smoke and mirrors attempt to distract us from actual threats. The US IC community is deeply ingrained in the antivirus and computer security industries. NSA employees go to work for these companies, and vice versa. Foreign governments have just as much to fear from Norton and McAfee, as we do from Kaspersky.
"The BOD calls on departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive"
That number of days could be critical. If they have intel telling them that Kaspersky can be used as a vector to exploit their systems by Russia, then this could be used outright to further exploit their systems and possibly (?) plant more ways to attack, even after Kaspersky has been removed.
I am assuming that DHS will already have in place another security company to handle other potential scenarios and ensure the security of their system while the transition process is happening.
It could just be an excuse to award a contract to a variety of local security firms to perform a "Post-Kaspersky Security Audit" at great expense in the interest of National Security, but that's just baseless cynical speculation.
It's a weird move, and I would like to imagine that there is some solid reasoning behind the endeavor besides posturing and playing up to hot-button issues. But it really does just seem like the sort of issue that either ends up in bureaucratic limbo (e.g., Kaspersky remains installed for months while agencies look to find a replacement that meets their criteria) or that leaves the computers unprotected while the search continues.
Is Nginx next? I suppose that it's open source nature mitigates the risks of an important software infrastructure piece being developed in a country that might not always be friendly to us.
Nginx isn't a security company and doesn't make client-side software, so probably not. (Of course, theoretically nginx could be backdoored to give valuable information to intelligence agencies, but it's harder due to the fact it's open source, and even if it was closed source the escalation in response to banning nginx could start a new Cold War. Imagine the US and Russia mutually banning use of any of the other side's software and actually trying to implement it.)
It's entirely possible. I know of a certain open-source application that was banned from an entire component of DHS, specifically because the developer is Russian.
Coming up next: Russian government bans US software on government machines. Microsoft delivers large bags of money to McCain (unless he kicks the bucket by then) and Rubio. Senators recant.
>> The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.
In 2017 in tech we're progressing towards a fragmented future where governments don't trust each other and big tech companies hold strong intelligence power in people's lives.
the natural progression is state sponsored software and hardware at every level. China has been working on this for some time the US is foolish to ignore this.
If you're wondering what the backstory is here, well, join the club. Dave Aitel sums it up: US Senators John McCain and Marco Rubio claim the US IC has presented them some kind of smoking gun evidence that some kind of line was crossed. They're not planning to share more information. Anybody who tells you they know more about what's going on is probably just spreading gossip.