39 comments

[ 2.8 ms ] story [ 104 ms ] thread
if someone is suprised by this please, do yourself a favor, and become a farmer or something...
But we might still be outraged and boycott their products, all right?
Isn't this exactly what CIA\NSA would want?
Nothing is stopping you but that's like saying you want to boycott Monsanto products because of the latest misdeed to make the rounds in the news. You should have assumed Kaspersky was working with Russian intelligence before buying just like you should have assumed Monsanto was evil before buying.

Kapersky is one of Russia's top cybersecurity research institutions by default because of the products they sell and the stuff they need to do to make those products. Cooperation with Russian intelligence isn't really optional for them. If they didn't want to cooperate they'd either be infiltrated making it a non-issue or they'd be "convinced".

This is no different than Russia not wanting to use Win10 because they assume that the NSA put in feature requests (or created the features themselves without telling anyone at MSFT).

> Cooperation with Russian intelligence isn't really optional for them.

But that does in no way make it allright - from a consumer perspective. Am I missing something?

Sure. But at the same time it would be foolish to assume that Symantec doesn't work with the US security agencies or Sophos doesn't work with British agencies.

In the worst case scenario, if the government wanted them to, they would have to hand over anything they work on to continue operating.

This was my takeaway. My understanding of the top comment in the chain wasn't that we shouldn't be offended. Just that we shouldn't be surprised. It would be like being surprised that Boeing takes orders from the U.S. government sometimes.
> Sure. But at the same time it would be foolish to assume that Symantec doesn't work with the US security agencies or Sophos doesn't work with British agencies.

But that's not what I said at all. I also condemn all of these agency ties, no matter the country affected.

I think what is confusing you is people are ignoring the point about non-technical consumers and simply using this thread as an opportunity to fluff their crypto-geopolitical feathers and look cool through the use of hyperbole and other techniques.

Yes, you have a point. From a consumer's perspective, who may be using their software without realizing it is Russian or has direct ties to Russian state, there should be education and discussion of this fact. Good thing Bloomberg has a broader audience than HN.

What is obvious to us, isn't obvious to everyone else.
I had this plan, but somebody recently ruined that by explaining the life of a farmer is also filled with software, copyrights (on software/firmwares etc), DRM etc etc

Farmer life isn't very much different from a it techy in a 'technology disappointing' kind of way.

Oh and the copywrite on seeds. Which even if the GMO "patented" Monsanto seeds blow onto your property and grow; can still cause problems for you
it would be fun if it has been working with cia/nsa.
Isn't Kaspersky a Russian name?
Well, this is a russian company founded by a russian whose name is Evgeny Kaspersky. I'd say family name origins are not russian, but I don't think you are interested in etymology or onomatology here.
Isn't Kaspersky a Russian name?
For anyone who's been to their conferences/seminars, this is really easy to guess from the way their employees talk. They love to paint the GRU as a cool older brother all while dissing the CIA for carrying out endless attacks against their clients.
I got drunk with one of their employees at a conference in London and he started loudly singing "The Internationale". It really annoyed the yanks, I found it quite funny.
So, it is American intelligence officials who are concerned about this situation?

At some time in the past, the US, as a democratic society might have done something to separate offensive and defensive intelligence, used some method to give us something like an assurance that concern by American officials would mean that Kaspersky was doing something shady rather, say, that Kapersky was one tool they couldn't use to spy (not that I know anything about the situation at hand).

But as it is, the US (along with all the other states, of course) produced a situation where there's no real difference between the "state actors", where basically every software product from a given nation risks being requisitioned as well be spyware for that nation.

Perhaps it's just as well and anyone caring about privacy will move to all open source, defined builds and so-on.

Or perhaps just buy software from the smallest, least important nation.

> there's no real difference between the "state actors"

This is a classically bogus argument [1]. A foreign adversary, constitutionally unbound, is more worrisome than a domestic actor who, while having a more-legitimate threat of violence, also faces realistic odds of retribution.

While throwing democracy under a bus seems to be in vogue nowadays, suggesting moral or democratic equivalence between the Russian and American states is absurd. Americans support the NSA, et cetera [2] despite lots of messaging to counter their agenda. A better argument would entail how the tech community could communicate its message to American voters.

[1] https://en.wikipedia.org/wiki/Whataboutism

[2] http://www.pewresearch.org/fact-tank/2015/05/29/what-america...

Its not a boggus argument at all. You can look at Whataboutism as a way of calling out hypocrisy. Which is a much bigger problem and is the main reason IMHO why the democracy is being thrown under the bus.
> This is a classically bogus argument [1]. A foreign adversary, constitutionally unbound, is more worrisome than a domestic actor who, while having a more-legitimate threat of violence, also faces realistic odds of retribution.

So, there is no difference between the two actors: I'm German, both are foreign countries that have threatened to nuke Europe. (Well, at least Trump has).

I don't see why I should trust the US more than Russia, both Trump and Putin don't give a fuck about any other country and just want to destroy my life.

Same with me. I mistrust German intelligence agencies just the same, even though they are supposed to be organs of my government. My stance here is simple: if an institution has something to hide from me (barring personal information) then that institution cannot be working in my interest, so I can't trust them.
Exactly. And data that isn’t stored can’t be abused, so we should focus on data minimalism.
I'm no fan of "three letter agencies" but it seems the problem isn't you knowing certain information, it is identifying a set of "yous" who can know it without compromising the purpose the organization is pursuing.
> I don't see why I should trust the US more than Russia, both Trump and Putin don't give a fuck

Principally because Americans, as a people and a system of government, trust Trump less than Russia "trusts" Putin. The number of actions Trump can take unilaterally pales compared with Putin. That said, he fact that we have a world where offensive nuclear strikes can be legally called by a single person is showing its ridiculousness. In America we have a hope of modifying that chain of command. In Russia, who watches Vladimir Putin?

(comment deleted)
Government agencies employ local industry resources especially in cutting edge technical fields, in other news water is wet.
Yeah, I'm pretty sure that Microsoft has worked with US domestic law enforcement on similar "active countermeasures" against hackers targetting its customers for years.
Yes, what would be surprising is if they were shown to not be linked.
Ah, this laughable article with no actual proof... thought this died when it was debunked and ridiculed online last month. The HN frontpage is the last place where I expected to see it again.
Yeah, because Russian intelligence would never co-opt its economic assets for espionage.
I can get why such a thing would be scary to a government. But really, there's no reason this should be about Russia. "Government runs closed source software distributed by foreign company" should sound scary whatever government it is, wherever the company is based.

Governments need to be able to audit the code they run. If there is a place where the "100% libre software" ambition should rule, it's there (provided govs indeed have people who audit code, obviously).

This article was presented before and here it is again.

Some other people intent on giving Eugene a hard time recently: http://www.reuters.com/article/us-usa-kasperskylab-analysis-...

True, it must be hard to remain objective when this happens: https://arstechnica.com/information-technology/2017/01/kaspe...

On the recent embassy ban a former CIA station chief said it will mostly affect the russian staff whom they all assumed to be spies anyway as they suspected that nobody would get a job there unless they had been vetted by GRU.

May we assume they would think the same for KL employees?

Maybe US intelligence is still butthurt over exposure of and then also loss of tools - Equation group et al? Can you imagine how much crapola is coming down the old shitpipe currently - hacked elections, shadowbrokers, HBO/mandiant...? The list of agenda items on the briefing meetings just gets longer and longer and the politicians just get crazier and crazier.

Oh Lordy!

Oh I have another clickbait. American Companies have been working with the NSA.

Common knowledge folks.

Kaspersky also probably has dealings with GHCQ/NSA. If you are a top vendor then nation state actors are going to want to subcontract out non-sensitive duties.