Home Open Sauce US media claims on Kaspersky short on essential detail

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

In October, the three biggest mainstream newspapers in the US carried stories about Kaspersky Lab that effectively ensured there would be no second thoughts about the company's deals with the US Government. Examined carefully, these stories are short on essential detail. They are full of holes.

Nobody questioned these reports. They were taken as gospel – after all, the target was a Russian company and for more than a year anything from that country has been considered the spawn of the devil. There are many infosec professionals in the US but they all kept silent.

The New York Times ran a story that claimed Israeli government crackers had witnessed Russian hackers searching for the codenames of NSA exploits on computers around the world. Where it was not specified.

The article omitted this essential detail. (It is known that Israeli government crackers broke into Kaspersky's network in 2014 – the company only discovered it in 2015).

This implies that Russian government hackers had access to Kaspersky Lab systems and also that they had access to the the company's source code. The Kaspersky Security Network is the component of Kaspersky A-V that uploads suspicious files from a device that is being scanned to a KSN server somewhere around the globe for analysis later.

With the home version of Kaspersky A-V, the user has to opt in to the KSN; the corporate product will query the KSN (by sending a MD5 hash and the file size), but nothing is uploaded. There is no option for businesses to upload files.

For anyone to divert suspicious files elsewhere, they would need to have access to the KSN source code in order to change the addresses to which the files would be sent. Such addresses would be hardcoded in the source.

The NYT did not bother about this detail but they claimed that, "What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known."

So how did the Russians get hold of the source code? No detail was offered by the newspaper. Mud was thrown and it stuck.

For the story to hold water, the Russians would have had to get hold of the Kaspersky source code for the home version, recompile it with the URLs pointing to their own servers, then remove the A-V running on whichever computer they found NSA files, install the modified version, and opt in to KSN. They would then have had to run a scan else no files would be exfiltrated.

All this under the nose of the computer user without attracting any suspicion. It takes a bit of faith to believe this.

The Washington Post story skipped over one essential detail – how did NSA exploits, which it claimed were found in Kaspersky's network, get into the possession of the Russian government as claimed?

The Wall Street Journal article also hinted that the source code of Kaspersky software had been made available to the Russian government which had modified it to search for NSA exploits around the world. How this happened is a little detail over which the newspaper skipped over.

There is mention in the stories of a NSA worker who was working on office material at home; he is known to have had malware on his machine through the use of key generation software to obtain a valid key for the version of Microsoft Office he was using. This man is suspected to be Nghia Hoang Pho, a Vietnamese American, who pleaded guilty recently to taking NSA material home to work on it.

It is said that NSA files on his machine were exfiltrated by Russian government hackers. But the question arises: if these hackers had broken into his machine, why did they not use something simple like SCP to send the files where they wanted, rather than mess with the Kaspersky software? All they would have to do was install a simple SCP client like PuTTY.

When Kaspersky issued two blog posts with its version of what had happened, it concentrated on the WSJ story. The explanation offered holds together, at least from a technical point of view.

But both the US media and Kaspersky Lab cannot be dealing with facts. One side is being somewhat parsimonious with the truth.

The legendary Middle East correspondent of the Independent, Robert Fisk, once described the Los Angeles Times as "official sources said". He was poking fun at the newspaper, which uses this term very often to float yarns that favour the US Government's point of view.

With all the holes in the Kaspersky stories run by the three big papers, it looks like this is another case of "official sources said".


It's YOW's 10th anniversary this year and we would like to celebrate with you. YOW! proudly invites you to join us at Celebrating 10 years of YOW! – Dinner with Speakers.

An intimate networking experience, YOW! Dinner with Speakers offers attendees the opportunity to gain industry and career insights on a more personal level with YOW! speakers from the 2018 conference.

An intimate networking experience, YOW! Dinner with Speakers offers attendees the opportunity to gain industry and career insights on a more personal level with YOW! speakers from the 2018 conference.

Book a table of 10, bring a friend, or come by yourself and make new friends!

Register now for YOW! Dinner with Speakers:

· Sydney on Thursday November 29
· Brisbane on Tuesday December 3
· Melbourne on Thursday December 6



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Popular News




Sponsored News