Researchers say the case of Olympic Destroyer malware show how threat actors can manipulate “geopolitical agenda” with false flags.
A recent FBI public service advisory warned of an increase in reports of compromised or spoofed emails involving W-2 forms.
A massive mobile espionage campaign has been collecting troves of sensitive personal information since 2012, according to a new report from the Electronic Frontier Foundation and security firm Lookout.
Moscow-based cyber security firm Kaspersky Lab has taken the United States government to a U.S. federal court for its decision to ban the use of Kaspersky products in federal agencies and departments.
In September 2017, the United States Department of Homeland Security (DHS) issued a Binding Operational Directive (BOD) ordering civilian government agencies to remove Kaspersky Lab software from their computers and networks within 90 days.
The order came amid mounting concern among United States officials that the Kaspersky antivirus software could be helping Russian government spy on their activities, which may threaten the U.S. national security.
U.S. President Donald Trump also signed into law last week legislation that bans the use of Kaspersky products within the U.S. government, capping a months-long effort to purge Kaspersky from federal agencies amid concerns it’s vulnerable to Kremlin influence.
The Kaspersky’s appeal is part of an ongoing campaign by the company to refute allegations that the company is vulnerable to Russian influence.
Moreover, there’s no substantial evidence yet available which can prove these allegations, but an article published by US media WSJ in October claimed that Kaspersky software helped Russian spies steal highly classified documents and hacking tools belonging to the NSA in 2015 from a staffer’s home PC.
Just last month, Kaspersky claimed that its antivirus package running on the staffer’s PC detected the copies of the NSA exploits as malware and uploaded them to its cloud for analysis, but its analysts immediately deleted them.
Earlier this month, the NSA staffer, identified as Nghia Hoang Pho, a 67-year-old of Ellicott City, Maryland, pleaded guilty to illegally taking classified documents home, which were later stolen by Russian hackers.
Kaspersky Lab Challenges DHS’s Ban on its Software in U.S. Court
Underlining that U.S. authorities have not provided any substantial evidence of wrongdoing by the company, CEO Eugene Kaspersky wrote in an open letter to the Homeland Security agency on Monday, stressing that the “DHS’s decision is unconstitutional” and based purely on “subjective, non-technical public sources.”
“One of the foundational principles enshrined in the U.S. Constitution, which I deeply respect, is due process: the opportunity to contest any evidence and defend oneself before the government takes adverse action,” Kaspersky wrote.
“Unfortunately, in the case of Binding Operational Directive 17-01, DHS did not provide Kaspersky Lab with a meaningful opportunity to be heard before the Directive’s issuance, and therefore, Kaspersky Lab’s due process rights were infringed.”
Kaspersky argues that the company was not given enough time to contest allegations before the DHS issued a ban, and that the documents available at the time of the ban were based more on references than a technical threat that the company could analyze and respond to.
The company also said that it wrote to DHS in mid-July to address any concerns the U.S. agency had, and DHS even acknowledged receipt of the communication in mid-August, appreciating the company’s offer to provide information on the matter.
Kaspersky: DHS Harmed Kaspersky Lab’s Reputation
However, Kaspersky said the agency did not follow up with the company “until the notification regarding the issuance of Binding Operational Directive 17-01” and accusing Kaspersky products of causing infosec risks on federal information systems.
“DHS has harmed Kaspersky Lab’s reputation, negatively affected the livelihoods of its U.S.-based employees and U.S.-based business partners, and undermined the company’s contributions to the broader cybersecurity community,” Kaspersky wrote.
“In filing this appeal, Kaspersky Lab hopes to protect its due process rights under the US Constitution and federal law and repair the harm caused to its commercial operations, its US-based employees, and its US-based business partners.”
CEO Eugene Kaspersky has repeatedly denied the company’s ties to any government and said it would not help a government with cyber espionage, adding that “If the Russian government comes to me and asks me to anything wrong, or my employees, I will move the business out of Russia.”
In October, it was also reported that Israeli government hackers hacked into Kaspersky‘s network in 2015 and caught Russian hackers red-handed hacking United States government with the help of Kaspersky software.
In the wake of this incident, Kaspersky Lab also launched a transparency initiative late October, giving partners access to its antivirus source code and paying large bug bounties for security issues discovered in its products.
For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.
Pentagon contractor left 1.8 billion mostly benign publicly accessible social-media posts scraped from the internet on a publicly accessible Amazon storage bucket.
The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents.
Do you know—United States Government has banned federal agencies from using Kaspersky antivirus software over spying fear?
Though there’s no solid evidence yet available, an article published by WSJ claims that the Russian state-sponsored hackers stole highly classified NSA documents from a contractor in 2015 with the help of a security program made by Russia-based security firm Kaspersky Lab.
Currently, there is no way to independently confirm if the claims on the popular security vendor published by the Wall Street Journal is accurate—and the story does not even prove the involvement of Kaspersky.
“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” Kaspersky said in a statement.
The NSA contractor working with the American intelligence agency, whose identity has not yet been disclosed, reportedly downloaded a cache of highly classified information from government systems and moved it to a personal computer at home, which is clear violation of known security procedures.
Citing some anonymous sources, the Journal says that the targeted computer was running Kaspersky antivirus—the same app the U.S. Department of Homeland Security (DHS) recently banned from all government computer systems over spying fear.
The classified documents taken to home by the contractor contained details about how the NSA breaks into foreign computer networks for cyber espionage operations as well as defends its systems against cyber attacks.
Although what role Kaspersky played in the breach is not entirely clear, US officials believe antivirus scan performed by Kaspersky Lab’s security software on the contractor’s computer helped Russian hackers in identifying the files containing sensitive information.
In response to the WSJ story, Kaspersky CEO Eugene Kaspersky said his company “has not been provided with any evidence substantiating the company’s involvement in the alleged incident. The only conclusion sees to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”
Also, it is not clear exactly how the files were stolen, but it has been speculated that the antivirus’ practice of uploading suspicious files (malware executables) on the company’s server, located in Russia, may have granted the Russian government access to the data.
Another possibility is that Russian hackers stole the confidential data by exploiting vulnerabilities in Kaspersky Lab software installed on the targeted system, according to the person, who asked not to be identified.
“Now, if we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us?” Kaspersky said.
“We patch the most severe bugs in a matter of hours; so why not make the world a bit more secure by reporting the vulnerability to us? I cannot imagine an ethical justification for not doing so.”
This breach of NSA classified files, which is being called “one of the most significant security breaches in recent years,” was occurred in 2015, but detected in 2016.
However, it is not clear whether this security incident has any ties to the Shadow Brokers campaign, an ongoing public leak of NSA hacking tools that many officials and experts have linked to the Russian government.
Powered by WPeMatico
Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet tied to Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin.
Tor cofounder Roger Dingledine sets the record straight at DEF CON on popular myths, and at the same time teases upcoming features.