90 comments

[ 4.5 ms ] story [ 154 ms ] thread
> The attack on the Democratic National Committee has raised questions about whether the Russian government is trying to influence the American election.

I don't see where they're going with that. Anyone care to elaborate?

Assuming Russia's government was involved in the DNC hack (which, despite most of HN repeatedly saying it's just a conspiracy theory or fearmongering or falsely suggesting that the only evidence is Russian IPs or Russian comments, seems quite plausible at this point), they're trying to help elect the candidate who would best serve their interests. Between Hillary and Trump, that's Trump.
Hillary approved giving Russia control of 20% of US uranium.

It's obvious that Hillary is better for Russia. I think Putin just likes or admires Trump in an entirely personal way. Having Putin all starstruck could be a good thing.

Putin doesn't like or admire anyone but Putin.
Why characterize Putin as a cartoon villain? I'm sure he is more or less a normal man with peers whom he likes, respects, and admires and peers whom he doesn't. Wild caricatures portend propaganda.
Hilarious that this was downvoted, with a cowardly lack of discourse as usual.

Please, continue to assume Putin is a stereotypical cartoon villain. One would think users of a site like HN would have at least passing knowledge of Occam's Razor...

I wasn't the one who downvoted, but I've heard someone who has met him speak (in a semi-private, company-internal event), and his exact words were "Putin is scary." This is from someone who is in tight with the current US administration, and who in the same talk mocked Kim Jong-un saying "North Korea has one export - fear. Everything else, they suck at", so it's not like he's afraid of all world leaders.

You don't get to the highest levels of power by being a normal person nor by having other people who you like, respect, and admire, particularly not in a country with a long tradition of autocratic rule. I think that people who are assuming Putin is just another old Joe are projecting their own thought processes onto him, which in a way is admirable - I would love to believe the best in people too - but is at odds with both the culture and history of the country he rules and with the workings of power across all cultures.

One does not simply get into that type of position without being an psychological apex predator. In fact, many high functioning sociopaths are attracted to positions of power both in the business and political worlds.
Meeting Putin would scare me just on the basis that as ex-KGB he could snap my neck if he was so inclined. I'm not sure that's enough to really characterize the man, though, at least it's little more than what the people who project average-Joeness have. At least with e.g. Larry Ellison we have many independent reports from those that worked with / under him that we can safely agree it is a mistake to anthropomorphize him.
This isn't personal or about admiration. This is about Russian leadership responding to immense economic pressures at home. Buttons have been pushed freezing the assets of Putin supporters, sanctions have been imposed, and Putin's supporter's foreign bank accounts appear to have been exposed. May the Russian leadership have deserved it? Irrelevant. Either way, they appear to be pushing back hard. For you kiddies not around during the Cold War, this so far appears to be light hearted fun by comparison.
There is no evidence that Clinton was directly involved with this decision. Furthermore, the company involved may have 20% of US uranium production capacity, but it actually only produces about 11% of US uranium.

Please save the Donald Trump talking points for a more appropriate forum.

http://www.politifact.com/truth-o-meter/statements/2016/jun/...

(comment deleted)
Can you please elucidate on the evidence that Russia was actually behind the DNC leak? I'm genuinely curious. As far as I know, the only evidence we have that Russia is involved is the word of American officials.
Three cybersecurity firms (Crowdstrike, Fidelis Cybersecurity and Mandiant) have said so:

https://www.wired.com/2016/07/heres-know-russia-dnc-hack/

https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...

Thanks, definitely interesting stuff. For the record, Julian Assange has implied that the source was not Russia, but a now-deceased DNC staffer. I guess at some point all we'll have is someone's word for it, either for or against, and we'll each have to make our own judgment on the source's credibility.
Assange implied no such thing, and specifically debunked the meme that he did.
Do you have a link to the specific debunking? I don't think there's really a way to get out of it. I watched multiple interviews with Assange where he brings up Seth Rich unprompted. Of course he proceeds to state that he doesn't comment on sources, but the fact that he's bringing up an unrelated case and saying "it even could have been someone like this guy" is an implication, even if it's followed up by a "denial". Even mainstream outlets were reporting that Assange "suggested" Rich was the source of the leak.

Maybe Rich wasn't the source, but I don't think it can be reasonably denied that Assange was making some kind of implication there. His motives are undefined.

Since this whole discussion is obviously and thoroughly tainted by personal bias (because the information is so fuzzy that it's just about believing the entities that you trust more), I'll just lay out my cards and say that I don't believe that Russian state actors hacked the DNC (though I'm ready to admit it if real evidence is produced, which I understand is probably not possible).

I think it's a cover story because the powers-that-be don't want the average citizen to know how easy it is to compromise the security of very important institutions, whether they be political organizations or major corporations, lest that citizen decide to take up some targets of their own. I believe the same thing happened with the Sony hack that was blamed on North Korea.

It behooves IDS vendors to make people think that nation-states are regularly trying to invade their systems and it's free publicity to come out and corroborate the mainstream narrative, so they play along/feed into it and say "Yeah it was definitely the Russians even though there's no way we'd actually know that since our software wasn't installed until after-the-fact". This is especially blatant with the follow-on firms that just wanted to cash in on the available PR by saying "uh, yeah, we detected that too".

"though I'm ready to admit it if real evidence is produced, which I understand is probably not possible"

That was settled a long time ago by multiple independent, reputable security companies. It doesn't mean they were the source of the leak though.

Yes, I understand multiple security firms have said "It was Russia, trust us." I don't see much corroboration offered up --- they claim it fits an attack profile, which I don't find entirely convincing. That's not evidence, it's testimony. I offered my theory on why they might be motivated to state this absent evidence in the previous comment.

It is fine if you want to believe their narrative. It was constructed to be believable and at this point it's just an independent judgment call on which sources are credible and which scenario seems more plausible (hacking DNC mail server by a nation-state's cyberwarfare apparatus v. internal whistleblower copying data). No hard feelings.

False Dichotomy. Russia hacked the DNC. Russia may or may not have also leaked the emails. They don't have to be the same event.
>It behooves IDS vendors to make people think that nation-states are regularly trying to invade their systems and it's free publicity to come out and corroborate the mainstream narrative, so they play along/feed into it and say "Yeah it was definitely the Russians even though there's no way we'd actually know that since our software wasn't installed until after-the-fact". This is especially blatant with the follow-on firms that just wanted to cash in on the available PR by saying "uh, yeah, we detected that too".

There is precedent for security vendors falsely claiming that nation states are responsible for some attack when it actually wasn't.

However, in this case top security vendors in direct (and sometimes aggressive competition) with each other are in total agreement, as is every public statement from the intelligence community.

Now, of course, it is in the US government's interest to paint Russia in a bad light, so claims alone aren't enough here. But look at the actual investigative trail ThreatConnect and CrowdStrike presented, and compare it to the past ~5 years of activity from what are almost definitely the same actors, and it's hard to believe they're anything other than a Russia-affiliated group.

Even if we accept Russian responsibility for the hack how do you know their motive is to sabotage the election? It seems to me that insider knowledge of the party is valuable on its own. Why do you think they are trying to influence the election?

It is likely that Hillary Clinton will be the next president of the United States. Would it not be valuable for Russia to have knowledge of her party? Do you think the CIA would be interested to have inside knowledge of United Russia?

>Why do you think they are trying to influence the election?

because it's an election year?

> It seems to me that insider knowledge of the party is valuable on its own.

That kind of information loses most of its value when it is made public. Hence, when an entity with such information releases it, it is usually a safe bet that their goal is to influence public opinion about the party or, if there is information about criminal acts in the information, get someone indicted.

It's really not that simple.

If there are external groups trying to influence this election, they are not limited to the Russian government. They aren't even limited to governments.

Russia is just the bogeyman du jour of American news media. Many other more capable enemies are completely unreported.

The bogeyman figure is conveniently utilized to spin many stories. E.g. The DNC hack. In this case it's being used to smear Trump's campaign.

The fact is there no substantial evidence Trump is a Russian sympathizer. There is also no evidence that Russia is a Trump sympathizer.

The US has not changed its foreign policy agenda since WW2. There is beautiful continuity from Truman, to Eisenhower, to Kennedy, to Johnson, to Nixon, to Ford, to Carter, to Reagan, to HW Bush, to Clinton, to Bush, to Obama. It's highly unlikely that the next presidential election will have a noticeable effect on our policy towards Russia.

It's been suggested by US security officials that the Russians were behind the DNC hack. This is significant because Trump has expressed a strikingly favorable attitude towards Putin and the DNC is essentially Trump's enemy.
Supposedly the Trump campaign is viewed as getting along with Russia while Hillary's campaign is viewed as more antagonistic toward Russia. Trump and Vladimir Putin are both rich businessmen. This article has some details:

http://www.vox.com/2016/7/27/12271042/donald-trump-russia-pu...

> All of this raises one big question: What the hell is going on with Trump and Russia? The answer appears to be twofold. First, the Kremlin appears to be interfering in the US election in a way likely to help Trump become president. (...)

> Second, Trump is deeply, weirdly pro-Russian. Trump’s proposed foreign policy would, intentionally or no, aid Vladimir Putin in ways the Russian dictator could only dream about before Trump. Trump has repeatedly expressed wild admiration for Putin personally; his campaign staff and businesses have extensive ties to Russian interests. (Just yesterday, the New York Times reported the existence of a handwritten ledger documenting $12.7 million in payments to Trump's campaign manager, Paul Manafort, from Ukraine's pro-Russian deposed president, Viktor Yanukovych).

Trump has been known to make statements like, "Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing [from Hillary Clinton's email server]. I think you will probably be rewarded mightily by our press."

The article also reviews the evidence pointing to that Russia might be interfering in the election or helping Trump in some way.

Surely if "Russia" releases Hillarys emails it wouldnt be a big deal because she says there is no national security issue with her private server?
>Supposedly the Trump campaign is viewed as getting along with Russia while Hillary's campaign is viewed as more antagonistic toward Russia. Trump and Vladimir Putin are both rich businessmen.

All irrelevant. If its the Russian's its tit-for-tat reactions to pressure Russia is experiencing as a result of certain policy choices its made these past years:

https://www.theguardian.com/world/2014/mar/20/obama-extends-...

http://foreignpolicy.com/2014/03/20/u-s-freezes-assets-of-ru...

Manafort was hired by many Republican campaigns. Ford, Reagan, HW Bush. Cold War era. He's always been big in the Republican establishment. Check his Wikipedia for yourself.

The story isn't as simple as "Trump is pro-Russian." If that were the case, then Cold War era presidents could be described as Pro-Russian.

Manager has only recently been involved with Putin via Yanukovych. http://bigstory.ap.org/article/c01989a47ee5421593ba1b301ec07...
Manafort, of course.
What's more likely:

Trump hires Manafort because he has Russian ties?

Or

Trump hires Manafort because he's connected to the Republican establishment?

"both" seems most likely to me.

Trump could have any number of choices among the Republican establishment, but he also has a number of business interests in Russia, so a Republican with Russian ties is possibly more attractive to him than a Republican without because he unifies Trump's political and business goals.

Manafort's Russian ties aren't only known to Trump. The entire Republican Party establishment is well-aware of his background. Manafort is a part of that establishment and he's close to HW Bush.

This isn't Trump using private information to his personal advantage. This is complicity within the entire Republican Party establishment.

It's more likely that the Republican party itself has ties to Russia. Manafort was probably a compromise between the Republican establishment and the Trump campaign when he won the nomination, seeing as he let Lewandowski go and Manafort was tasked with moderating Trump's image. It also was Manafort who allegedly pressured Trump into supporting Ryan.

Trump is probably not using the Presidency to get preferential business treatment in Russia. There are much much much much easier ways to get edge, even in Russia. If he is, it's a goal that is way out there on the periphery, likely not something on which he would base his choice of campaign chairman.

There is an overemphasis on Trump in commentary concerning the DNC hack. The explanation is even more basic. In the same way the US has pursued Putin's power base economically the Russian's are pursuing Obama (and now Hillary's) base. Each is trying to fracture the political support base of the other's respective policy makers. Trump is at best tangential to all this.
I think that's a key component, but is it not true that at a policy level, Trump is more in line with Putin than Clinton is?
How many of us in America actually know what Putin's real policy positions are? All we hear about him out here is that he's a scary bad guy.

I think it'd be really interesting to see a neutral comparison of Clinton-Trump-Putin policy positions. IMO, it's not self-evident that Trump, a free market capitalist, would be closer to Putin, a former Soviet operative. I also don't think it's implicit that Putin's policy positions are automatically worth avoiding just because he's associated with them.

Also, even if Trump and Putin have similar beliefs, wouldn't Putin have an interest in putting in the person that is less like him? It seems that Putin's interest would be in a weak United States, which would give Russia more room to re-emerge as a world power. In this case, based on his belief that his policy positions are conducive to the health of a country, Putin would want a dissimilar leader to run the US.

> IMO, it's not self-evident that Trump, a free market capitalist, would be closer to Putin, a former Soviet operative.

this isn't about ideology. it's Trump and not Clinton who is talking about backing out of NATO.

It's pretty difficult, because Trump's position on things usually has few details, and changes quite often.

But I think it is important to note that economic policies are clearly secondary considerations for both Trump and Putin.

One specific policy I think they share is on Syria. I think Trump's current thinking is to back the Assard forces against ISIS (although I'm not entirely sure about that?). This is exactly Putins position: he wants the Mediterranean port Syria gives him, and will make sure Assad stays to keep it.

(To be fair, there aren't really any great choices in Syria anymore, so just because both Trump and Putin make the same one doesn't automatically make it bad. But Assard is a pretty bad guy, even on the scale of middle eastern dictators, so Clinton's choice to insist he leaves power is also a reasonable position)

Has replacing a despot in a middle eastern country ever worked out?
Sure. Tunisia, maybe Uganda (Idi Amin) if we count the horn of Africa.

Syria isn't the same though. It's more like civil war cases like Rwanda or the former Yugoslavia.

The superficial explanation is that Russia supports Trump. I think that is an unsubtle interpretation which misses much of what is going on.

Russia wants to collapse confidence in the US: both external confidence from the US's allies as well as internal confidence.

I'm sure Russia would love many of the things Trump has espoused to come to pass: The US reducing support of the Ukraine and NATO and Japan and maybe even South Korea are all aligned with Russian interests. Trump's policy on Syria (insofar as I can understand it) seems well aligned with Russia's too.

But more broadly, Russia loves to cause chaos in the US democratic system. Anything that can make the US population consider their system corrupt removes any moral legitimacy the US has overseas, with strengthens Russia's hand.

Read the but in this story[1] about the Turkish Incirlik base. Be very aware that Russia would love to break any kind of Turkish/US alignment, and would love a weak Turkey. Ignore the Trump angle if it annoys you.

Sowing chaos is the game here.

[1] http://www.thedailybeast.com/articles/2016/08/06/how-russia-...

The issue here is that US does everything it can to do just that themselves...
A hack seems pretty plausible. But looking at what was leaked and from what I could guess from their lingo, there's just "scripts" (documentation on how to implement specific operations/implant a target) and "bins" (the code-scripts, tools, and exploits themselves). It looks very operational and task-oriented, like a messy mishmash of directories a pentester would prepare before a CTF competition or something.

The documentation is fairly shitty and poorly formatted, and the Python I looked at is abysmal (though it's not uncommon for infosec experts to be shitty scripters).

So, they probably got into something akin to a "forward operating base", or perhaps a compromised server where an incompetent implanter accidentally left all of this stuff lying around, but not an actual compromise of NSA's network. There also doesn't look to be anything in here that wasn't already known from the Snowden leaks, other than some specific technical details and context clues from people writing the documentation.

"just"
If Snowden never leaked anything, this would be a huge revelation.

But this is just some technical documentation about project codenames we already know a lot about.

    #################
    #    Survey     #
    #################


    # Set up forward tunnel to TCP/443 on the target, and reverse tunnel for NOPEN.

    -tunnel
    l 443 $TARGETIP 443
    r $RHP1 127.0.0.1 $RHP1

    #perform touch to gather info and set env for exploit

    ./eligiblecandidate.py -t https://127.0.0.1:443 touch

It's dozens of documents like these, and poorly written scripts (not to be confused with operation "scripts", like movie scripts) to make it a bit easier.

The only somewhat interesting thing is the exploit code for ex-0-days, but I believe vendors are mostly patched against everything discussed in the Snowden leaks. Someone correct me if I'm wrong.

The script style is intentional. They may be discovered / heard / stuck. It minimizes attribution.

Even still, "poorly written" is mostly big talk.

"Even still, "poorly written" is mostly big talk."

This. Custom code (likely adapted from some other script the author saw or wrote in the past) made for a 1-time job for one server doesn't have to be efficient/good because it doesn't have to scale. Getting it written, making it do what it needs and getting as entrenched in the target as possible ASAP is far more important than writing "good" and/or legible code.

But they should totally have golden key back doors to everything and can surely keep THAT safe.
NSA is not agitating for backdoors; FBI and other domestic law enforcement is.
Why would they when the FBI and domestic law enforcement is doing their job for them?

Also, a known backdoor not very useful for them.

They spent the 90s trying to get that access[1]. The timeline I've heard is that the failure to get the U.S. tech industry on board with easily-accessed systems caused them to focus on the kinds of mass exploit development we're hearing about now.

1. e.g. https://en.wikipedia.org/wiki/Clipper_chip or weak export-grade crypto

I recommend Dave Aitel's explanation of the hack (link below). https://cybersecpolitics.blogspot.com/2016/08/why-eqgrp-leak...

Even with NSA's considerable budget operating and defending against Russia, China and several dozen other unfriendly and friendly countries is no easy task.

> Information results from HUMINT, not simple hack of a C2 box as suggested (not that even that would be easy). Level of difficulty: Very Experienced Nation State.

I don't get his reasoning why it necessarily has to be HUMINT. State actors from other countries can find 0-day exploits presumably. Don't think it was that outrageous they could have hacked into a c2 server.

People who do the work at NSA (assuming it is) are not necessarily super-wizzards or automatically better equipped at defending against an attack. They were most likely average developers from the DC area who happen to have clearance and work for Uncle Sam. Because of compartmentalization, those who specialize in attackig specific targets (firewalls) might not necessarily have the knowledge to secure a server well.

So, it sounds like Snowden going public forced them to tighten up security, in effect locking out the Russians that previously had access to the source code of taxpayer sponsored malware? Lovely, that.
Is it possible that it's an insider operation like that of Snowden himself? Perhaps it's somebody who wanted the information outed, but who wanted to avoid the 'publicity' (and all that it brings).
Given that Snowden was popping off keys just recently, this seems like an odd coincidence. I'm not saying he's involved, I'm saying he probably should be considered a datapoint in this drama.
> Given that Snowden was popping off keys just recently, this seems like an odd coincidence. I'm not saying he's involved, I'm saying he probably should be considered a datapoint in this drama.

HNer might say you put your point across like Trump or Glen Beck - I'm not saying it. If it were true, you'd be a weasel to suggest one thing while disassociating yourself from the said suggestion[1], which means you could be a coward who is afraid of people judging you for holding such a disagreeable opinion while dog-whistling to the minority who do not share the same distaste. I'm not saying this is what you are, I think it is an idea that should be considered when reading your comments.

1. http://literarydevices.net/paralipsis/

You're being annoying about an extremely minor phrasing issue, and being incredibly rude to the person you're responding to.

The person you're responding to is obviously trying to imply something about the strength of their belief: That it's not ironclad and it's an interesting coincidence.

That you're drawing an analogy between the poster and Glenn Beck is extremely cringeworthy. Leave him back where he belongs, in 2012.

I've seen people discussing the NSA insider theory now. The main claim is that the file hierarchy matches that of the files on a physically segregated NSA network (according to some anonymous off-the-record ex-NSA operator, so various pinches of salt).

Shadow Brokers: The insider theory

https://medium.com/p/shadowbrokers-the-insider-theory-ded733...

If it is an insider though, that would seem to have important implications all of its own.

According to various people who looked at the leak, time stamps in various files go well into the Oct/2013. That's 4 months after Snowden leaks. That's well after they 'tightened up security'.

Also, right after the Equation leak, NSA.gov site was shut down for over 24 hrs and it came back online today.

Very strange.

Government sites have extremely poor uptime. Them doing up and down really means morning and I wouldn't read into it.
(I posted in anther thread but this might be more appropriate)

Took a quick look at files:

> TOOLS/Apache/httpd-2.0.52-9.ent.i386.rpm

Heh RHEL4! Nothing points to a 3 letter US govt agency like an outdated RHEL version. Even for 2013 (based on file date) RHEL4 was ancient. RHEL7 beta for example, came out that year.

Also another striking thing about it, there are no swear or l33t-speak words in there. I know if I had to write ASN.1-based SNMP firmware hacks for obscure Juniper switches, that code would be drowning in curse words.

Seeing this kind of stuff is fun too:

     ar rules update filename `/tmp/.b` type ar url http://topsec.com.cn
Also a bit of whimsy perhaps, can't be too serious after all, even at the NSA:

    class ELCAExploit(HTTPSExploit):
      name = "ELIGIBLECANDIDATE"
      version = "v1.1.0.1"
      desc="What is the sound of a single thread blocking?"
      modes = ["nopen"]
There's something hilarious and poetic to me about seeing exploits organized into nice, big-corporation-style object hierarchy.
You wrote this and I immediately imagined an AbstractSingletonExploitFactoryBean...
Since Conway's Law [1] states that "organizations which design systems ... are constrained to produce designs which are copies of the communication structures of these organizations", this code leak must reveal a lot of interesting clues about the NSA's internal communication structures!

[1] https://en.wikipedia.org/wiki/Conway%27s_law

It's worth remembering that part of their Operational security practices will be dedicated to avoiding this. Not saying they can defy Conway's law but I imagine the analysis would be less revealing than theory would predict.
They seem to have forgotten about the part of operational security practices that are dedicated to avoiding having your top secret code stolen in the first place.
Is there something about the Equation dump that is not relevant to HN? Seems that most stories related to it are rapidly flagged off the front page, despite obvious interest.
Yeah I found that surprising. Wonder what happened. One would think _Hacker_ News crowd would be marginally interested in _hacking_ news, but oh well.
(comment deleted)
Absolutely. I suspect mod(s) are taking it off the front page.
It's "political" news. More important to keep the focus on new versions of Rails, rounds of funding and IPOs.
The many dollars the DOD has funding these projects eventually flow into the hands of (many) people with actual jobs. They have the culture to read HN, but cannot click the link, much less upvote the story for fear of losing their careers. I wonder if the number of readings of those stories drops significantly just owing to the number of people here who are ultimately paid by the same budget as paid for the files in question.
Hasn't some past leaks been covered by the Freedom of Information Act?
Au contraire:

https://news.ycombinator.com/item?id=12290623

https://news.ycombinator.com/item?id=12297530

https://news.ycombinator.com/item?id=12292703

https://news.ycombinator.com/item?id=12300947

HN's moderation practice around this sort of thing is well established: once a major story has had a major thread, the test for new submissions becomes "does this article add significant new information?" If yes, then the post is a new story in its own right and it makes sense to have a new discussion. If not, we treat it as a repost and downweight it.

We came up with this after the Great Snowden Flood of 2013, and it has held up well in practice. It allows for long-running stories to have repeated discussion while protecting the front page from being overwhelmed by follow-up posts that don't add anything new. The latter is important because major stories attract lots of copycat articles.

Maybe a feature to sticky a thread for a while is called for so major stories like this don't fall off too quickly?
I've heard of a Dutch Auction before, but apparently a Pseudo-Latvian Auction is where only the highest bidder wins the auction, and the auctioneer gets to keep all of the bids.

>Auction Instructions

>We auction best files to highest bidder. Auction files better than stuxnet. Auction files better than free files we already give you. The party which sends most bitcoins to address: 19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK before bidding stops is winner, we tell how to decrypt. Very important!!! When you send bitcoin you add additional output to transaction. You add OP_Return output. In Op_Return output you put your (bidder) contact info. We suggest use bitmessage or I2P-bote email address. No other information will be disclosed by us publicly. Do not believe unsigned messages. We will contact winner with decryption instructions. Winner can do with files as they please, we not release files to public.

'Tullock auction' is the proper term and it's actually not that uncommon if you think of a lottery as a kind of auction. I've also seen it played like a real auction at charity events. If you want to stretch the meaning you could even see bribery as a Tullock auction.
Like potato jokes, you don't actually get these in Latvia.
I'm curious: why isn't Kaspersky viewed as beholden to the Russian government? In a country like Russia, you do business essentially at the government's pleasure. You can't do anything too out of line, or they will shut you down, in ways that are more opaque than could be done in the US.

I mean, these are the guys who used a radiological weapon to kill a dissident in a foreign country. They do not mess around. That must have a chilling effect on companies in or reachable by Russia.

If people started writing about how Kaspersky was not to be trusted because of potential ties to the Russian government that would seriously harm their business!!! Kaspersky is a potential advertiser after all.

Better to reserve the Russian sympathizer narrative for situations when it would vastly increase readership. A Kaspersky take-down benefits nobody's pocket.

It really doesn't. Either someone leaked these scripts or some remote shell was compromised. Not "the NSA".