Ah, yeah, I already wondered why these guys were suddenly back... The tell-tale sign here is admission scam emails from name-alike-domains for (mostly) Indian and (some) US colleges (with the payload being, mostly, crypto harvesters), but these are pretty noisy due to being pretty similar to earlier attempts...
> Once Kaspersky discovered that the code its antivirus software detected on the NSA worker’s machine were not malicious programs but source code in development by the U.S. government for its hacking operations, CEO Eugene Kaspersky says he ordered workers to delete the code.
Krebs is ranking lower in my eyes with writing like that. First, that’s obviously malicious software. Secondly, this is muddling binaries and source code. Is the claim that Kaspersky gathered the source for malware off the machine? That’s not typical behavior. If the claim is it gathered the binary that was built, that feels like a nothing burger.
Even the response from Kaspersky makes Krebs seem alarmist for the sake of generating attention traffic rather than someone investigating if there’s anything out of the ordinary in the first place. Didn’t even give them a few days to respond before publishing the article.
First, you are imputing a position onto me I have not taken. Kaspersky is an entirely different time zone and didn't even get 24 hours to respond and indicated this is an issue for them but one they can't solve directly and what that's the case. They said they're working with their vendor to get this situation rectified. This really is unnecessary alarmism unless the situation is still persisting.
I generally have a very positive view of Kaspersky's actions in the security space and they generally are very very careful of their reputation despite the smearing that happens in Western media (the concerns may be valid but the blanket FUD smearing is uncalled for). They have a much higher reputation in my mind than companies like Symantec.
I am trying to temper my dislike for krebs, but it is getting difficult.
Kaspersky operates an autonomous system (AS) and "Prospero" has traffic routed through that AS. Microsoft and Google also route all sorts of malware and spam through their ASes.
>The routing through networks operated by Kaspersky doesn’t by default mean provision of the company’s services, as Kaspersky’s automatic system (AS) path might appear as a technical prefix in the network of telecom providers the company works with
Censorship shouldn't happen at the AS level, anyways.
Good on you for countering the obvious troll who breaks every rule of HN discussion which is conveniently posted on the sidebar. (YEs, I am also breaking the rule now.)
Seriosuly, good luck to future generations having to trudge through discourse when literal shill accounts will call you a shill for simply stating. "I am not american. The article is misrepresenting basic, well understood tech practices. He is a COURT saying the same in previous case with same actor."
I might be missing something here: What sidebar are you talking about? I don't know if one of my extensions is blocking something native to HN or what.
I don't see anything describing rules, aside from the guideline bit along the bottom of the main page.
Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
Please don't fulminate. Please don't sneer, including at the rest of the community.
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
Eschew flamebait. Avoid generic tangents. Omit internet tropes.
Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.
Please don't use Hacker News for political or ideological battle. It tramples curiosity.
Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that".
Please don't pick the most provocative thing in an article or post to complain about in the thread. Find something interesting to respond to instead.
Throwaway accounts are ok for sensitive information, but please don't create accounts routinely. HN is a community—users should have an identity that others can relate to.
Please don't use uppercase for emphasis. If you want to emphasize a word or phrase, put asterisks around it and it will get italicized.
Please don't post insinuations about astroturfing, shilling, brigading, foreign agents, and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
Please don't complain that a submission is inappropriate. If a story is spam or off-topic, flag it. Don't feed egregious comments by replying; flag them instead. If you flag, please don't also comment that you did.
Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
Please don't post comments saying that HN is turning into Reddit. It's a semi-noob illusion, as old as the hills."
Honestly, I really have to take what he says with a shaker of salt after the Ubiquiti fiasco and his refusal to admit what happened until a year later and being forced to by a court.[0]
For me it was when he doxxed someone by connecting them to accounts in forums for sexuality. He revealed the identity and the sexual desires. No, it was not relevant to the story at all.
His original article caused me to stop using Ubiquiti for quite some, I am sure I am not alone. When his false claims were retracted, I was very annoyed that I was mislead and that he was only forced to admit the falsehoods; not pay for the real damage he did to their reputation, as far as I know.
Side note, If you are developing software that hacks anything WHY IN THE HELL would you have any antivirus software installed knowing full well that antivirus software extracts any detected virus and sends it elsewhere? For context that was the excuse for the 2017 ban of Russian antivirus firm....
1. Kaspersky AV had the strongest heuristics analyzer and the largest signature base
2. If you write malware, you want to test it periodically (in sandbox) if AV engines detect it
NSA Contractor has a requirement for AV on all computers, it was installed on all computers and fact it's bad idea on select computers doesn't matter. Contract dictates, the contract gets.
Is this one of these stealth advertisements where cyber security companies teach you how to operate better malware under the pretense of warning the public?
Key takeaways from the article: Prospero is a Russian hoster trusted by top cybercrime groups. Especially popular is their bearhost brand, which provides great service since 2019 and openly invites you to operate botnets, brute-force attacks or phishing websites on their hosting service.
Kaspersky by contrast is barely mentioned in the original portion of the article, it's only the later updates that go into detail here
Edit: maybe stealth advertisement isn't quite the right word. I'm not implying monetary compensation or any business relation, only that better malware provides job security for the cyber security sector
The problem(s) with Russia (as exactly like in China) is the following:
1) a company like Kaspersky can easily be employing 1-5-10-50 KGB/FSB agents, even without them knowing about the existence of the other agents (so they rat on each other)
2) a company like Kaspersky can be arm-twisted and/or knee-capped to knowingly employ 1-5-10-50 employees (similar to US three letter agencies operating in US companies)(room 641A)(NOBUS MS Exchange hole that was there for 20 years, etc)
3) I remember as a sysadmin using McAfee ePO 20+ years ago to "check things and do stuff" on employees' PCs when my Microsoft SMS was not working
4) Russia just like China have a different sense of "rule of law". The supreme law is the "national interest " and Xi/Putin and their apparatus-es define it very freely.
38 comments
[ 3.6 ms ] story [ 68.1 ms ] threadKrebs is ranking lower in my eyes with writing like that. First, that’s obviously malicious software. Secondly, this is muddling binaries and source code. Is the claim that Kaspersky gathered the source for malware off the machine? That’s not typical behavior. If the claim is it gathered the binary that was built, that feels like a nothing burger.
Even the response from Kaspersky makes Krebs seem alarmist for the sake of generating attention traffic rather than someone investigating if there’s anything out of the ordinary in the first place. Didn’t even give them a few days to respond before publishing the article.
I generally have a very positive view of Kaspersky's actions in the security space and they generally are very very careful of their reputation despite the smearing that happens in Western media (the concerns may be valid but the blanket FUD smearing is uncalled for). They have a much higher reputation in my mind than companies like Symantec.
It can be both: lots of malware exists in executable-source form, like PowerShell scripts and the like.
Kaspersky operates an autonomous system (AS) and "Prospero" has traffic routed through that AS. Microsoft and Google also route all sorts of malware and spam through their ASes.
>The routing through networks operated by Kaspersky doesn’t by default mean provision of the company’s services, as Kaspersky’s automatic system (AS) path might appear as a technical prefix in the network of telecom providers the company works with
Censorship shouldn't happen at the AS level, anyways.
I'm not from the US, thanks.
My point is that this is a bad article, and the AS is not where censorship should be implemented, if it's going to be.
Seriosuly, good luck to future generations having to trudge through discourse when literal shill accounts will call you a shill for simply stating. "I am not american. The article is misrepresenting basic, well understood tech practices. He is a COURT saying the same in previous case with same actor."
I don't see anything describing rules, aside from the guideline bit along the bottom of the main page.
HN guidelines: https://news.ycombinator.com/newsguidelines.html
" In Comments
Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
Please don't fulminate. Please don't sneer, including at the rest of the community.
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
Eschew flamebait. Avoid generic tangents. Omit internet tropes.
Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.
Please don't use Hacker News for political or ideological battle. It tramples curiosity.
Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that".
Please don't pick the most provocative thing in an article or post to complain about in the thread. Find something interesting to respond to instead.
Throwaway accounts are ok for sensitive information, but please don't create accounts routinely. HN is a community—users should have an identity that others can relate to.
Please don't use uppercase for emphasis. If you want to emphasize a word or phrase, put asterisks around it and it will get italicized.
Please don't post insinuations about astroturfing, shilling, brigading, foreign agents, and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
Please don't complain that a submission is inappropriate. If a story is spam or off-topic, flag it. Don't feed egregious comments by replying; flag them instead. If you flag, please don't also comment that you did.
Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
Please don't post comments saying that HN is turning into Reddit. It's a semi-noob illusion, as old as the hills."
[0]: https://krebsonsecurity.com/2022/08/final-thoughts-on-ubiqui...
[1]: https://news.ycombinator.com/item?id=32663296
For me, it was when he doxxed security researchers, claiming they were criminals with no evidence.
https://kdp.kaspersky.ru/
NSA Contractor has a requirement for AV on all computers, it was installed on all computers and fact it's bad idea on select computers doesn't matter. Contract dictates, the contract gets.
Key takeaways from the article: Prospero is a Russian hoster trusted by top cybercrime groups. Especially popular is their bearhost brand, which provides great service since 2019 and openly invites you to operate botnets, brute-force attacks or phishing websites on their hosting service.
Kaspersky by contrast is barely mentioned in the original portion of the article, it's only the later updates that go into detail here
Edit: maybe stealth advertisement isn't quite the right word. I'm not implying monetary compensation or any business relation, only that better malware provides job security for the cyber security sector