Page 1 of 3
1
2
3
LastLast
  1. #1

    EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification

    Just a smear. No evidence. No nothing. Just paranoia. Conspiracy theories at EU governing level.

    European Commission "not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products."

    In a document published today, the European Commission has revealed that they don't have any actual evidence of Kaspersky software being used for spying on behalf of the Russian government, as the US government alluded in 2017.

    The document was the Commission's reply to a series of questions submitted by Gerolf Annemans, a European Parliament member on behalf of Belgium, in March this year.

    The questions were related to a motion the European Parliament voted in June 2018 that put forward a general strategy and guidelines for an EU-wide joint plan on cyber defense. The document advised EU states to exclude and ban programs and equipment that have been "confirmed as malicious," naming Kaspersky as the only example.

    2018 EU MOTION LABELED KASPERSKY AS "CONFIRMED AS MALICIOUS"
    The EU voted its motion at a time when the US had just banned the use of Kaspersky software on government systems on the premise that Kaspersky antivirus software had been used to steal sensitive documents from government computers.

    The US government never backed up its claims but did the opposite by pressuring companies in the private US sector to stop using the Russian company's software.

    A general red scare followed in the US, with Best Buy and Office Depot pulling Kaspersky products off their shelves and Twitter banning the company from advertising on its network.

    The anti-Kaspersky panic spread across the pond to Europe, where the UK warned state agencies and private companies against using Kaspersky software on systems storing sensitive information, and the Dutch government deciding to phase out the use of Kaspersky products on government networks altogether.

    Kaspersky denied all accusations of any wrongdoing and even opened a "Transparency Center" in Switzerland where European governments could come and inspect its source code, and where the company said it would store all data on European users, without sending it to its Russian servers.

    BELGIAN MP ASKED FOR EVIDENCE
    In his March 2019 letter to the European Commission, MP Annemans wanted to know on what grounds and what evidence the EU Parliament voted to recommend the banning of Kaspersky in June 2018, and why it classified the company as "confirmed as malicious," alluding that the EU might have gotten its facts from press articles instead of intelligence briefings.

    Annemans cited reports authored by the German, French, and Belgium government which found no evidence of any wrongdoing on Kaspersky's side.

    Almost a year after the EU recommended that national governments ban Kaspersky software, the Commission has now admitted its mistake.

    "The Commission is not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products," a representative for the European Commission told Annemans in a reply dated April 12.

    The EU letter, however, does not to repair Kaspersky's market share, which suffered considerably after the US government ban and the EU Parliament vote. However, it brings a sense of justice for the company.

    Maybe following the publication of this formal acknowledgment that Kaspersky did nothing wrong, the Russian antivirus vendor might re-think its decision to withdraw from its once fruitful Europol partnership that led to the arrest of countless cyber-criminals, and which also spawned the NoMoreRansom project.

    Speaking at the Kaspersky Security Analyst Summit this month, Eugene Kaspersky, the company's founder, said the US government ban made cybercriminals happy.
    "I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear." - EFF, A Declaration of the Independence of Cyberspace

  2. #2
    The Undying freefolk's Avatar
    Join Date
    Apr 2014
    Location
    Nevada
    Posts
    32,466
    The guy who started Kaspersky was KGB.

    Once KGB, always KGB. This is known.
    .


    Sing your death song like a hero coming home.

    -- Tecumseh

  3. #3
    Quote Originally Posted by Stands in the Fire View Post
    The guy who started Kaspersky was KGB.

    Once KGB, always KGB. This is known.
    "once CIA, always CIA. This is known". Or NSA. I don't care for either of the 3.

    We have a thing in modern society called evidence. It's important. We have rule of law, even though some bastards with money escape it quite often. A huge corporation's reputation should not be endangered by unfounded smears. Especially for a security corporation which relies on trust.

    By the way, I don't remember complaints about Kaspersky 10 years ago, just praise - and we all knew Eugene K. was a former KGB officer or something. Suddenly some NSA contractor is too dumb to not pirate shit on a PC with US "official" malware (/yawn, where's the outrage for that?), Kaspersky sends the files and scans the PC, like a good security product, and because of the Russia paranoia, we got this blacklisting of a GOOD corporation, with better products than others, that routinely ends up in the top place in anti-malware tests.
    "I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear." - EFF, A Declaration of the Independence of Cyberspace

  4. #4
    The Patient Agrossive's Avatar
    Join Date
    Feb 2017
    Location
    New England
    Posts
    250
    I feel like it should be a common sense thing to use an American companies products and services for security needs. That's just adding an additional variable of possible threat by using a foreign company for security, ally or not.

  5. #5
    Quote Originally Posted by Agrossive View Post
    I feel like it should be a common sense thing to use an American companies products and services for security needs. That's just adding an additional variable of possible threat by using a foreign company for security, ally or not.
    So you're for banning anything related to IT security that's not US made?
    "I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear." - EFF, A Declaration of the Independence of Cyberspace

  6. #6
    Mechagnome wunksta's Avatar
    Join Date
    Mar 2012
    Location
    Austin, TX
    Posts
    706
    Exploration is in our nature. We began as wanderers, and we are wanderers still. We have lingered long enough on the shores of the cosmic ocean. We are ready at last to set sail for the stars.

  7. #7
    Quote Originally Posted by wunksta View Post
    Excluding the "former NSA" dude scaremongering, yeah, I know that article, and it's OK. It should be edited with the 2019 finding, or better said, lack thereof.

    I think it's quite safe to say that NSA and the US were royally pissed off that their cyberespionage malware suite got uploaded to Russia, and all of it because their contractor was too dumb to use a VM. Needless to say, trying to crack Office and running keygens on the same PC that contains Top Secret documents is criminally stupid.

    Also worth mentioning that Kaspersky outed many cyber espionage and sabotage operations, including from Russia, US and Israel and that pissed all of these players off.

    I'm fine with internal memos for government related work that mention Kaspersky as not recommended or even forbidden, but they should not try to smear them publicly without evidence, especially when reputation is pretty much paramount for ITsec corporations.

    And the last thing, it's common knowledge that antiviruses and Internet Security suites are using the cloud, and that means that unknown samples get checked against a database and then uploaded to the server. That is critical for the whole process, and part of offering 0-day protection against emerging malware through later updates.

    If you work at NSA and don't know that, you're probably too dumb to do anything other than janitorial tasks... at best.
    "I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear." - EFF, A Declaration of the Independence of Cyberspace

  8. #8
    I don't think we need to smear Kaspersky ... just ban government contractors from using non-local security. I don't think the military uses Chinese parts, or at least it shouldn't regardless whether the "parts" can spy on the equipment.

  9. #9
    Quote Originally Posted by Stands in the Fire View Post
    The guy who started Kaspersky was KGB.

    Once KGB, always KGB. This is known.
    You are Wrong and you know it. Plenty of ex KGB who have warned the west on ideological subversion that communism brings.

    (I decided to make a thread regarding Yuri instead)
    Last edited by Donatello Trumpi; 2019-04-18 at 01:36 AM.

  10. #10
    The Patient Agrossive's Avatar
    Join Date
    Feb 2017
    Location
    New England
    Posts
    250
    Quote Originally Posted by CryotriX View Post
    So you're for banning anything related to IT security that's not US made?
    For government systems yes.

    If there's an equal equivalent American option why not use that and avoid the possible threat of a foreign influence?

  11. #11
    Dreadlord
    Join Date
    May 2008
    Location
    Edmonton, AB
    Posts
    826
    Kaspersky told CIA to take a hike when they approached him for a backdoor access, rest is just consequences. Plus all that ongoing red scare played major role, with US naming Russia and China their #1 enemies in all areas, so here is another side. It's practically win/win, putting political pressure and driving foreign enemy company out of businesses.
    And who actually would check if those claims were true few months after the fact? Almost everybody forgot about it, all is left is subconscious message: kaspersky spying for Russians! They stealing your info!
    This is how media worked for generations, what else is new.

  12. #12
    Quote Originally Posted by Agrossive View Post
    For government systems yes.

    If there's an equal equivalent American option why not use that and avoid the possible threat of a foreign influence?
    It will be insanely hard. Intel, Nvidia, AMD and so on make their chips in all kinds of exotic places like Taiwan and China. Considering how large the government is and how many of these common chips it uses, and how lacking the alternatives, it will be quite the issue to be US-only. If I remember correctly, even the "American" GlobalFoundries is owned by the Abu Dhabi Emirate and still has foundries in Singapore and India (I think).

    It will become harder and harder to keep secrets, at least without finding a way to bring back manufacturing of ICs.
    "I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear." - EFF, A Declaration of the Independence of Cyberspace

  13. #13
    The Undying Doctor Amadeus's Avatar
    Join Date
    May 2011
    Location
    In Security Watching...
    Posts
    36,634
    Yeah Kaspersky much like Russia today are held and controlled by the Russian Government, and yes Kaspersky has long since been known to be a front for Russian hackers, just like Troll Farms and other nonsense. Seriously it follows the reasoning that if it seems to good to be true it probably is, and when it comes to anything Russian, especially in these sensitive areas based on our history politically and geographically.

    Yes it's a mistake to trust them. I have known about Kaspersky going back a few years. The only saving grace is that unless you happen to be their target, they aren't any more or less effective than many other software security.

    That said any old norton free anti virus is good enough, unless you are generally someone who would likely be a target
    "Intellect alone is useless in a fight...you can't even break a rule, how can you be expected to break bone" Khan Singh

  14. #14
    Quote Originally Posted by CryotriX View Post
    Just a smear. No evidence. No nothing. Just paranoia. Conspiracy theories at EU governing level.
    They have a component that is specifically designed to upload any file on your machine it wants onto their cloud for inspection (KSN). This component is turned on by default. It was seen uploading password-protected archives, for example. You can turn it off. However, since Kaspersky is associated with Russian security (long story, but the ties are very strong, and are multi-pronged, eg, his company has a lot of luck securing govt contracts), the amount of trust in both the intentions of the feature and whether turning it off actually turns it off is not big. Better to be safe and just use something else.

  15. #15
    Quote Originally Posted by Agrossive View Post
    I feel like it should be a common sense thing to use an American companies products and services for security needs. That's just adding an additional variable of possible threat by using a foreign company for security, ally or not.
    Actually its the opposite. US is the only country in the world that is confirmed to spy on everyone, including allies.

    US security products should be avoided at all costs because they are much more likely to contain backdoors than other products.

    Let's see facts:
    1. Kaspersky software was the only software that found US government made malware
    2. US government is not interested in their malware being detected
    3. US is the only country known to spy on its allies and get away with that
    4. US government shills for its companies all the time
    5. Red scare in US politics and new low for journalism where perception is all that matters, not facts
    6. No facts were ever produced, only claims

    US has become a laughing stock. US "intelligence" is shilling for politicians, making unbacked claims that benefit anti-Russia hysteria. US government is shilling for corporations, using politics to force everyone to use US products.

    US is using Russian scare to push their products. Its a fact. Don't buy cheap Russian gas, buy expensive US gas. Don't buy Russian high quality security software, buy expensive shit quality US software that for some reason (incompetence or intentional?) doesn't detect US government made malware.

    Whole thing is nothing but political bullshit. EU have followed this for a while, but its about time to get US dicks out of EU politician's mouths and rely on facts.
    Bow to your Gnomish Overlords! Attempting to take over Azeroth since 2005.

  16. #16
    Quote Originally Posted by BoltBlaster View Post
    Let's see facts:
    1. Kaspersky software was the only software that found US government made malware
    2. US government is not interested in their malware being detected
    3. US is the only country known to spy on its allies and get away with that
    4. US government shills for its companies all the time
    5. Red scare in US politics and new low for journalism where perception is all that matters, not facts
    6. No facts were ever produced, only claims
    2 through 6 are just noise. Any links for 1? What specifically Kaspersky software found and where? I am not saying they didn't found anything or that the US aren't spying - they do - but specifics matter. So, what are they?

  17. #17
    Quote Originally Posted by rda View Post
    They have a component that is specifically designed to upload any file on your machine it wants onto their cloud for inspection (KSN). This component is turned on by default. It was seen uploading password-protected archives, for example. You can turn it off. However, since Kaspersky is associated with Russian security (long story, but the ties are very strong, and are multi-pronged, eg, his company has a lot of luck securing govt contracts), the amount of trust in both the intentions of the feature and whether turning it off actually turns it off is not big. Better to be safe and just use something else.
    KSN has equivalents in pretty much all security software. It's the much advertised "cloud". It's incredibly important to upload samples to the servers, so analysts can take a look at them. I have as much trust in a Russian corporation as I have in a US one. None. But I like security, and Kaspersky served me well for more than a decade, without a single hitch. So yeah, I don't like it when they are attacked for basically nothing.

    - - - Updated - - -

    Quote Originally Posted by Doctor Amadeus View Post
    Yeah Kaspersky much like Russia today are held and controlled by the Russian Government, and yes Kaspersky has long since been known to be a front for Russian hackers, just like Troll Farms and other nonsense. Seriously it follows the reasoning that if it seems to good to be true it probably is, and when it comes to anything Russian, especially in these sensitive areas based on our history politically and geographically.

    Yes it's a mistake to trust them. I have known about Kaspersky going back a few years. The only saving grace is that unless you happen to be their target, they aren't any more or less effective than many other software security.

    That said any old norton free anti virus is good enough, unless you are generally someone who would likely be a target
    Proof baby, PROOF. You make claims, you need to being proof. Always. EU just said that exactly these claims have no weight.

    I'm sure you have better intelligence than the EU.
    "I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear." - EFF, A Declaration of the Independence of Cyberspace

  18. #18
    Quote Originally Posted by CryotriX View Post
    KSN has equivalents in pretty much all security software. It's the much advertised "cloud". It's incredibly important to upload samples to the servers, so analysts can take a look at them. I have as much trust in a Russian corporation as I have in a US one. None. But I like security, and Kaspersky served me well for more than a decade, without a single hitch. So yeah, I don't like it when they are attacked for basically nothing.
    Other packages mostly send metadata about files (hashsums, etc), not entire files. Maybe someone somewhere does send entire files, too, but that's not common. You say pretty much all security software does it, but is that really the case?

    (I tamed my initial post a little because who knows, maybe I am wrong.)

    ---
    Added later: OK, I did a quick check and you have a point, others do it too. It's not in "pretty much all security software" like you say, but the feature exists in some of the big ones and they are prominent enough to call the feature standard. The question is thus the one of trust. I would trust Kaspersky much less than I would trust Microsoft, for example, particularly to turn the feature off (I trust Microsoft to do it, and I don't trust Kaspersky to do it), but I get that this is a complicated question and unless / until there's evidence of Kaspersky actively abusing trust, then it's all moot.
    Last edited by rda; 2019-04-18 at 04:06 PM.

  19. #19
    The Undying freefolk's Avatar
    Join Date
    Apr 2014
    Location
    Nevada
    Posts
    32,466
    Quote Originally Posted by BoltBlaster View Post
    Actually its the opposite. US is the only country in the world that is confirmed to spy on everyone, including allies.

    *eyeroll*

    The only countries that don't spy on each other are "Five Eyes" countries.

    https://en.wikipedia.org/wiki/Five_Eyes

    How can you be that naive?
    .


    Sing your death song like a hero coming home.

    -- Tecumseh

  20. #20
    Quote Originally Posted by Agrossive View Post
    I feel like it should be a common sense thing to use an American companies products and services for security needs. That's just adding an additional variable of possible threat by using a foreign company for security, ally or not.
    This is an EU document, and both Kaspersky and American companies are from a foreign country in the EU.

    It's unclear if Kaspersky have spied on EU countries and/or companies within them - but is clear that the US will and have; both for strategic reasons and commercial reasons. Obviously it doesn't mean that you cannot use those products at all - you just have to consider the possibility and see how serious and how it can be mitigated.

    - - - Updated - - -

    Quote Originally Posted by Stands in the Fire View Post
    *eyeroll*

    The only countries that don't spy on each other are "Five Eyes" countries.

    https://en.wikipedia.org/wiki/Five_Eyes
    Are you sure about that?

    Note that technically that page claims something different: that the countries don't spy on the other governments among "Five Eyes", but they deliberately spy on the citizens of the other countries.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •