Quis custodiet ipsos custodes?
July 23, 2012 1:14 PM Subscribe
Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals. 'Between 2009 and 2010, according to Forbes, retail sales of Kaspersky antivirus software increased 177 percent, reaching almost 4.5 million a year—nearly as much as its rivals Symantec and McAfee combined. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. Microsoft, Cisco, and Juniper Networks all embed Kaspersky code in their products—effectively giving the company 300 million users.'
'Kaspersky staffers serve as an outsourced, unofficial geek squad to Russia’s security service. They’ve trained FSB agents in digital forensic techniques, and they’re sometimes asked to assist on important cases. That’s what happened in 2007, when agents showed up at Kaspersky HQ with computers, DVDs, and hard drives they had seized from suspected crooks. “We had no sleep for a month,” Golovanov says. Eventually two Russian virus writers were arrested, and Nikolai Patrushev, then head of the FSB, emailed the team his thanks.
Kaspersky’s public-sector work, however, goes well beyond Russia. In May, Gostev and Kaspersky were summoned to the Geneva headquarters of the International Telecommunication Union, the UN body charged with encouraging development of the Internet. The Russians were ushered into the office of ITU secretary-general Hamadoun Touré, where the Soviet-educated satellite engineer told them that a virus was erasing information on the computers of Iran’s oil and gas ministry. This was coming just two years after the discovery of the Stuxnet worm, which had damaged Iran’s centrifuges. Touré asked Kaspersky to look into it.'
'Kaspersky staffers serve as an outsourced, unofficial geek squad to Russia’s security service. They’ve trained FSB agents in digital forensic techniques, and they’re sometimes asked to assist on important cases. That’s what happened in 2007, when agents showed up at Kaspersky HQ with computers, DVDs, and hard drives they had seized from suspected crooks. “We had no sleep for a month,” Golovanov says. Eventually two Russian virus writers were arrested, and Nikolai Patrushev, then head of the FSB, emailed the team his thanks.
Kaspersky’s public-sector work, however, goes well beyond Russia. In May, Gostev and Kaspersky were summoned to the Geneva headquarters of the International Telecommunication Union, the UN body charged with encouraging development of the Internet. The Russians were ushered into the office of ITU secretary-general Hamadoun Touré, where the Soviet-educated satellite engineer told them that a virus was erasing information on the computers of Iran’s oil and gas ministry. This was coming just two years after the discovery of the Stuxnet worm, which had damaged Iran’s centrifuges. Touré asked Kaspersky to look into it.'
I am sure there is a good article in there somewhere, but it is very hard for me to find content buried deep within unnecessary keywords in almost every paragraph - KGB, Kremlin, Soviet, Putin.
posted by vidur at 1:35 PM on July 23, 2012
posted by vidur at 1:35 PM on July 23, 2012
The ITU is not the UN agency tasked with encouraging development of the internet. It is the UN agency tasked with encouraging development of the wired telephone network and the conversion of the internet into it.
posted by Djinh at 1:59 PM on July 23, 2012 [1 favorite]
posted by Djinh at 1:59 PM on July 23, 2012 [1 favorite]
So, basically, they're trying to smear Kaspersky because they dared to reveal Stuxnet.
posted by Malor at 2:16 PM on July 23, 2012 [6 favorites]
posted by Malor at 2:16 PM on July 23, 2012 [6 favorites]
AKA, they're trying to smear Kaspersky because they dared to reveal Stuxnet.
posted by Malor at 2:30 PM on July 23, 2012 [6 favorites]
posted by Malor at 2:30 PM on July 23, 2012 [6 favorites]
Damn that ClamAV selling our secrets to the mollusk hordes!
posted by eurypteris at 2:40 PM on July 23, 2012 [11 favorites]
posted by eurypteris at 2:40 PM on July 23, 2012 [11 favorites]
Is their problem that there are associations between security firms and a national government? Or are they just scared of those nasty Rooskies?
posted by Jimbob at 2:54 PM on July 23, 2012
posted by Jimbob at 2:54 PM on July 23, 2012
Is this a spoiler for the next year's big summer hit?
posted by infini at 2:57 PM on July 23, 2012 [1 favorite]
posted by infini at 2:57 PM on July 23, 2012 [1 favorite]
The only thing I ran into that justifies the alarmism in the article is the final bit about the DDOSing of opposition sites that his group said was not happening. Which is sketchy, but from my point of view, not as damning as they make it out to be. And his advocating for the de-anonymizing of the internet? Find me a government in the world who doesn't want at least some of that. (Or at least a government security agency.)
Interesting article, overblown fearmongering. Oh noes, the best antiviral software is made by rooskis. Maybe it wouldn't be if Symatec et. al didn't do unspeakable things to woodland critters.
On preview: the ITU thing does seem sinister. But I still don't think it's enough.
posted by Hactar at 3:01 PM on July 23, 2012
Interesting article, overblown fearmongering. Oh noes, the best antiviral software is made by rooskis. Maybe it wouldn't be if Symatec et. al didn't do unspeakable things to woodland critters.
On preview: the ITU thing does seem sinister. But I still don't think it's enough.
posted by Hactar at 3:01 PM on July 23, 2012
Interesting. Semantec/Norton are total garbage, practically adware themselves.
posted by delmoi at 4:00 PM on July 23, 2012 [1 favorite]
posted by delmoi at 4:00 PM on July 23, 2012 [1 favorite]
Er, Semantec Norton/McAfee I should say.
posted by delmoi at 4:01 PM on July 23, 2012 [1 favorite]
posted by delmoi at 4:01 PM on July 23, 2012 [1 favorite]
Yeah, I frankly couldn't care less what Symantec/Norton do in the woods with furry mammals; I dislike them for their sucky, awful products. On the other hand, AVG and ZoneAlarm just...work, and Kaspersky's rescue disk helped clean up a client's Windows system.
posted by Artful Codger at 4:19 PM on July 23, 2012
posted by Artful Codger at 4:19 PM on July 23, 2012
Damn that ClamAV selling our secrets to the mollusk hordes!
If you think that's bad, you'll never guess who Avast is partners with. Arrrrr matey
posted by JHarris at 4:53 PM on July 23, 2012 [1 favorite]
If you think that's bad, you'll never guess who Avast is partners with. Arrrrr matey
posted by JHarris at 4:53 PM on July 23, 2012 [1 favorite]
I follow Eugene Kapersky on twitter, and I read his blog/newsletters. He is a funny and interesting character, is pretty darn smart, and is really good at working within the system doing business in Russia. Now he is extending what he has learned to the rest of the world too, and dabbling in politics. I don't like some of his ideas at all, but the story of his company definitely deserved a bit of light, given how large and powerful it's gotten. And they really do good work fighting malware for the most part, and they have a lot of talented people who work there and do lots of good research.
I think the idea that he is being somehow "smeared" by Wired for supposedly revealing Stuxnet is kind of laughable. This is part of his business model - the more outrageous and larger than life he appears, the more he can trumpet his successes and the more money he makes. I bet he loves this article.
Also, the Danger Room guys are not particularly fear-mongering as a rule, despite their hyperbole sometimes. I think it's much more of an article along the "caveat emptor" side of things (like b1tr0t said) and a good advertising vehicle for Wired. For anyone who has been paying attention to the industry over the last few years, the info in the article is not even close to being new or a surprise in any way.
posted by gemmy at 6:19 PM on July 23, 2012
I think the idea that he is being somehow "smeared" by Wired for supposedly revealing Stuxnet is kind of laughable. This is part of his business model - the more outrageous and larger than life he appears, the more he can trumpet his successes and the more money he makes. I bet he loves this article.
Also, the Danger Room guys are not particularly fear-mongering as a rule, despite their hyperbole sometimes. I think it's much more of an article along the "caveat emptor" side of things (like b1tr0t said) and a good advertising vehicle for Wired. For anyone who has been paying attention to the industry over the last few years, the info in the article is not even close to being new or a surprise in any way.
posted by gemmy at 6:19 PM on July 23, 2012
Seems like Wired is saying "dude is a crazy smart virus researcher and he's got some rather interesting connections. Caveat emptor."
This is what I agreed with, which I thought was pretty clear.
posted by gemmy at 9:26 PM on July 23, 2012
This is what I agreed with, which I thought was pretty clear.
posted by gemmy at 9:26 PM on July 23, 2012
I don't like some of his ideas at all
His idea of an Internet passport should terrify everyone. Why anyone would trust their data to his company is beyond me.
posted by Blazecock Pileon at 9:38 PM on July 23, 2012 [3 favorites]
His idea of an Internet passport should terrify everyone. Why anyone would trust their data to his company is beyond me.
posted by Blazecock Pileon at 9:38 PM on July 23, 2012 [3 favorites]
Nuclear power control systems should be air-gapped from the public internet.
Anything that is important should not be connected to the Internet.
Not that just not being on the Internet stops bad effects. Just ask about the Russian Gas Pipeline explosion back in the 1980's that could be seen from space.
posted by rough ashlar at 10:55 PM on July 23, 2012
Anything that is important should not be connected to the Internet.
Not that just not being on the Internet stops bad effects. Just ask about the Russian Gas Pipeline explosion back in the 1980's that could be seen from space.
posted by rough ashlar at 10:55 PM on July 23, 2012
My problem with the 'it should be air-gapped' argument (which, *yes*, lots of things really should be air-gapped) is that it often seems to be another way of saying "we don't need to worry about security for this host, because it won't be on a public network ever, really".
And yeah, lets just lock down tight as hell the things that should always stay air-gapped, just in case some asshat decides to plug it into a network. Because that happens. Way to often.
As far as an 'internet passport' should be required to access some systems, replace that with "x509 client certificates should be required to access some systems" and you already describe a portion of the US military network, and other country's infrastructures. (note: just because you use client certs doesn't mean your PKI is a good one, but it's always good to try).
posted by el io at 11:51 PM on July 23, 2012 [1 favorite]
And yeah, lets just lock down tight as hell the things that should always stay air-gapped, just in case some asshat decides to plug it into a network. Because that happens. Way to often.
As far as an 'internet passport' should be required to access some systems, replace that with "x509 client certificates should be required to access some systems" and you already describe a portion of the US military network, and other country's infrastructures. (note: just because you use client certs doesn't mean your PKI is a good one, but it's always good to try).
posted by el io at 11:51 PM on July 23, 2012 [1 favorite]
> Another interpretation: It is perfectly safe to write an article about a foreign company and imply strongly
> that it is in bed with their home country's intelligence agencies. Intelligent readers can extrapolate to
> other companies on their own.
Unfortunately that means they've got Kaspersky and we've got McAfee. Gor blimey.
posted by jfuller at 7:50 AM on July 24, 2012
> that it is in bed with their home country's intelligence agencies. Intelligent readers can extrapolate to
> other companies on their own.
Unfortunately that means they've got Kaspersky and we've got McAfee. Gor blimey.
posted by jfuller at 7:50 AM on July 24, 2012
this is what i mistook gemmy's comment to concern:
"Another interpretation: It is perfectly safe to write an article about a foreign company and imply strongly that it is in bed with their home country's intelligence agencies. Intelligent readers can extrapolate to other companies on their own."
to which gemmy was apparently not referring at all. I did not connect the prior b1tr0t comment with either gemmy's remark or b1tr0t, although I read it.
posted by mwhybark at 2:33 PM on July 24, 2012 [1 favorite]
"Another interpretation: It is perfectly safe to write an article about a foreign company and imply strongly that it is in bed with their home country's intelligence agencies. Intelligent readers can extrapolate to other companies on their own."
to which gemmy was apparently not referring at all. I did not connect the prior b1tr0t comment with either gemmy's remark or b1tr0t, although I read it.
posted by mwhybark at 2:33 PM on July 24, 2012 [1 favorite]
In other malware news: Iran nuclear scientists reportedly assaulted with AC/DC
posted by homunculus at 6:11 PM on July 24, 2012
posted by homunculus at 6:11 PM on July 24, 2012
Eugene Kapersky responds to the Wired article. I still think he is secretly pleased. More attention=better.
posted by gemmy at 6:23 AM on July 25, 2012
posted by gemmy at 6:23 AM on July 25, 2012
Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload
posted by homunculus at 12:32 PM on August 10, 2012
posted by homunculus at 12:32 PM on August 10, 2012
Mystery malware wreaks havoc on energy sector computers: Like malware that attacked Iran, Shamoon permanently destroys hard disk data.
posted by homunculus at 5:30 PM on August 17, 2012
posted by homunculus at 5:30 PM on August 17, 2012
« Older An eloquent piece on the meaning of "paying... | False Positive: a stew of short sci-fi and the... Newer »
This thread has been archived and is closed to new comments
posted by thewalrus at 1:20 PM on July 23, 2012 [1 favorite]