Join 3,557 readers in helping fund MetaFilter (Hide)


Quis custodiet ipsos custodes?
July 23, 2012 1:14 PM   Subscribe

Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals. 'Between 2009 and 2010, according to Forbes, retail sales of Kaspersky antivirus software increased 177 percent, reaching almost 4.5 million a year—nearly as much as its rivals Symantec and McAfee combined. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. Microsoft, Cisco, and Juniper Networks all embed Kaspersky code in their products—effectively giving the company 300 million users.'

'Kaspersky staffers serve as an outsourced, unofficial geek squad to Russia’s security service. They’ve trained FSB agents in digital forensic techniques, and they’re sometimes asked to assist on important cases. That’s what happened in 2007, when agents showed up at Kaspersky HQ with computers, DVDs, and hard drives they had seized from suspected crooks. “We had no sleep for a month,” Golovanov says. Eventually two Russian virus writers were arrested, and Nikolai Patrushev, then head of the FSB, emailed the team his thanks.

Kaspersky’s public-sector work, however, goes well beyond Russia. In May, Gostev and Kaspersky were summoned to the Geneva headquarters of the International Telecommunication Union, the UN body charged with encouraging development of the Internet. The Russians were ushered into the office of ITU secretary-general Hamadoun Touré, where the Soviet-educated satellite engineer told them that a virus was erasing information on the computers of Iran’s oil and gas ministry. This was coming just two years after the discovery of the Stuxnet worm, which had damaged Iran’s centrifuges. Touré asked Kaspersky to look into it.'
posted by VikingSword (34 comments total) 13 users marked this as a favorite

 
Next somebody is going to write a hyperbole filled article claiming at ClamAV "helps its Kremlin pals" because it also detects malware.
posted by thewalrus at 1:20 PM on July 23, 2012 [1 favorite]


I am sure there is a good article in there somewhere, but it is very hard for me to find content buried deep within unnecessary keywords in almost every paragraph - KGB, Kremlin, Soviet, Putin.
posted by vidur at 1:35 PM on July 23, 2012


Put In, Put Out.
posted by chavenet at 1:37 PM on July 23, 2012


The ITU is not the UN agency tasked with encouraging development of the internet. It is the UN agency tasked with encouraging development of the wired telephone network and the conversion of the internet into it.
posted by Djinh at 1:59 PM on July 23, 2012 [1 favorite]


So, basically, they're trying to smear Kaspersky because they dared to reveal Stuxnet.
posted by Malor at 2:16 PM on July 23, 2012 [6 favorites]


So, basically, they're trying to smear Kaspersky because they dared to reveal Stuxnet.
Possibly. My read is a bit less alarmist. Seems like Wired is saying "dude is a crazy smart virus researcher and he's got some rather interesting connections. Caveat emptor."
posted by b1tr0t at 2:29 PM on July 23, 2012


AKA, they're trying to smear Kaspersky because they dared to reveal Stuxnet.
posted by Malor at 2:30 PM on July 23, 2012 [6 favorites]


Damn that ClamAV selling our secrets to the mollusk hordes!
posted by eurypteris at 2:40 PM on July 23, 2012 [11 favorites]


I'd buy the smear argument if it weren't for the lack of hyperbole beyond the title, and Bamford's recent expose on the new NSA listening center.
posted by b1tr0t at 2:41 PM on July 23, 2012 [6 favorites]


Is their problem that there are associations between security firms and a national government? Or are they just scared of those nasty Rooskies?
posted by Jimbob at 2:54 PM on July 23, 2012


Is this a spoiler for the next year's big summer hit?
posted by infini at 2:57 PM on July 23, 2012 [1 favorite]


ITU are pitching for the bad guys
posted by jeffburdges at 2:59 PM on July 23, 2012


AKA, they're trying to smear Kaspersky because they dared to reveal Stuxnet.
Another interpretation: It is perfectly safe to write an article about a foreign company and imply strongly that it is in bed with their home country's intelligence agencies. Intelligent readers can extrapolate to other companies on their own.
posted by b1tr0t at 3:00 PM on July 23, 2012 [4 favorites]


The only thing I ran into that justifies the alarmism in the article is the final bit about the DDOSing of opposition sites that his group said was not happening. Which is sketchy, but from my point of view, not as damning as they make it out to be. And his advocating for the de-anonymizing of the internet? Find me a government in the world who doesn't want at least some of that. (Or at least a government security agency.)

Interesting article, overblown fearmongering. Oh noes, the best antiviral software is made by rooskis. Maybe it wouldn't be if Symatec et. al didn't do unspeakable things to woodland critters.

On preview: the ITU thing does seem sinister. But I still don't think it's enough.
posted by Hactar at 3:01 PM on July 23, 2012


Interesting. Semantec/Norton are total garbage, practically adware themselves.
posted by delmoi at 4:00 PM on July 23, 2012 [1 favorite]


Er, Semantec Norton/McAfee I should say.
posted by delmoi at 4:01 PM on July 23, 2012 [1 favorite]


Yeah, I frankly couldn't care less what Symantec/Norton do in the woods with furry mammals; I dislike them for their sucky, awful products. On the other hand, AVG and ZoneAlarm just...work, and Kaspersky's rescue disk helped clean up a client's Windows system.
posted by Artful Codger at 4:19 PM on July 23, 2012


Damn that ClamAV selling our secrets to the mollusk hordes!

If you think that's bad, you'll never guess who Avast is partners with. Arrrrr matey
posted by JHarris at 4:53 PM on July 23, 2012 [2 favorites]


I follow Eugene Kapersky on twitter, and I read his blog/newsletters. He is a funny and interesting character, is pretty darn smart, and is really good at working within the system doing business in Russia. Now he is extending what he has learned to the rest of the world too, and dabbling in politics. I don't like some of his ideas at all, but the story of his company definitely deserved a bit of light, given how large and powerful it's gotten. And they really do good work fighting malware for the most part, and they have a lot of talented people who work there and do lots of good research.

I think the idea that he is being somehow "smeared" by Wired for supposedly revealing Stuxnet is kind of laughable. This is part of his business model - the more outrageous and larger than life he appears, the more he can trumpet his successes and the more money he makes. I bet he loves this article.

Also, the Danger Room guys are not particularly fear-mongering as a rule, despite their hyperbole sometimes. I think it's much more of an article along the "caveat emptor" side of things (like b1tr0t said) and a good advertising vehicle for Wired. For anyone who has been paying attention to the industry over the last few years, the info in the article is not even close to being new or a surprise in any way.
posted by gemmy at 6:19 PM on July 23, 2012


I do not think b1tr0t said what you think was said.
posted by mwhybark at 6:50 PM on July 23, 2012


What do you think I said that doesn't agree with gemmy?
posted by b1tr0t at 8:50 PM on July 23, 2012


Seems like Wired is saying "dude is a crazy smart virus researcher and he's got some rather interesting connections. Caveat emptor."

This is what I agreed with, which I thought was pretty clear.
posted by gemmy at 9:26 PM on July 23, 2012


I don't like some of his ideas at all

His idea of an Internet passport should terrify everyone. Why anyone would trust their data to his company is beyond me.
posted by Blazecock Pileon at 9:38 PM on July 23, 2012 [3 favorites]


His idea of an Internet passport should terrify everyone. Why anyone would trust their data to his company is beyond me.
I was too busy laughing to be terrified:
He argues that the Internet should be partitioned and certain regions of it made accessible only to users who present an “Internet passport.” That way, anonymous hackers wouldn’t be able to get at sensitive sites—like, say, nuclear plants.
Nuclear power control systems should be air-gapped from the public internet. Allowing people with an "internet passport" to gain access is one of those ideas that is so bad it is not even wrong.

But this is an idea that Wired appears to take seriously. If I was writing the article, I wouldn't have been so kind. Stuff like this is why I have a hard time buying that Wired is trying to do a smear campaign. Unless it is the most polite smear campaign in the history of everything.
posted by b1tr0t at 10:20 PM on July 23, 2012


Nuclear power control systems should be air-gapped from the public internet.

Anything that is important should not be connected to the Internet.

Not that just not being on the Internet stops bad effects. Just ask about the Russian Gas Pipeline explosion back in the 1980's that could be seen from space.
posted by rough ashlar at 10:55 PM on July 23, 2012


My problem with the 'it should be air-gapped' argument (which, *yes*, lots of things really should be air-gapped) is that it often seems to be another way of saying "we don't need to worry about security for this host, because it won't be on a public network ever, really".

And yeah, lets just lock down tight as hell the things that should always stay air-gapped, just in case some asshat decides to plug it into a network. Because that happens. Way to often.

As far as an 'internet passport' should be required to access some systems, replace that with "x509 client certificates should be required to access some systems" and you already describe a portion of the US military network, and other country's infrastructures. (note: just because you use client certs doesn't mean your PKI is a good one, but it's always good to try).
posted by el io at 11:51 PM on July 23, 2012 [1 favorite]


> Another interpretation: It is perfectly safe to write an article about a foreign company and imply strongly
> that it is in bed with their home country's intelligence agencies. Intelligent readers can extrapolate to
> other companies on their own.

Unfortunately that means they've got Kaspersky and we've got McAfee. Gor blimey.
posted by jfuller at 7:50 AM on July 24, 2012


this is what i mistook gemmy's comment to concern:

"Another interpretation: It is perfectly safe to write an article about a foreign company and imply strongly that it is in bed with their home country's intelligence agencies. Intelligent readers can extrapolate to other companies on their own."

to which gemmy was apparently not referring at all. I did not connect the prior b1tr0t comment with either gemmy's remark or b1tr0t, although I read it.
posted by mwhybark at 2:33 PM on July 24, 2012 [1 favorite]


In other malware news: Iran nuclear scientists reportedly assaulted with AC/DC
posted by homunculus at 6:11 PM on July 24, 2012


Eugene Kapersky responds to the Wired article. I still think he is secretly pleased. More attention=better.
posted by gemmy at 6:23 AM on July 25, 2012


The thing about Raiders is that Indy is working for the US government, when he isn't unintentionally helping the Nazis out. Across the movies, Indy isn't always sure who he is working for, and is never quite sure who is behind the scenes pulling his strings.

So: either a poor choice of analogy, or a crafty non-denial.
posted by b1tr0t at 4:35 PM on July 25, 2012


Wired responds to Kapersky's response.
posted by gemmy at 6:42 AM on July 26, 2012 [1 favorite]


Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload
posted by homunculus at 12:32 PM on August 10, 2012


Mystery malware wreaks havoc on energy sector computers: Like malware that attacked Iran, Shamoon permanently destroys hard disk data.
posted by homunculus at 5:30 PM on August 17, 2012


« Older Elizabeth Warren has been one of few public figure...  |  False Positive is a a short st... Newer »


This thread has been archived and is closed to new comments