Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 02 March 2018 22:01

Shadow Brokers the reason why Kaspersky Lab is in the US doghouse Featured


At times, it does not pay to be the brightest kid on the block. But Kaspersky Lab, which has been in the forefront of A-V research for some time, would have got away even with this, had it not been for a catastrophic leak of Windows vulnerabilities crafted by the NSA via a group that has called itself the Shadow Brokers.

The Brokers, which is how I will refer to the group from now on, leaked a number of NSA Windows exploits on the Web in April 2017.

Even today, despite a long-running investigation by the NSA's counter-intelligence arm, the Q Group, and the FBI, there is no clue as to how these exploits, created by the NSA's elite Tailored Access Operations group, leaked to the outside world. They are all now publicly available on the Web and have been used to craft some of the more widely spread ransomware like last year's WannaCry and NotPetya attacks.

For those who have taken the time and the trouble to read through the sometimes garbled posts posted by the Brokers, it should be clear that they have been made by someone/some people for whom English is a first language. This would not be immediately apparent to someone who has not moved around in countries where English is not the dominant language.

Another fact that is inescapable about the Brokers is that whoever is behind this group has intimate knowledge of the inner workings of the NSA. Else, the group would have been unable to provide detailed information about former NSA hacker Jake Williams on its Twitter account.

The tweets, since deleted, provided such a level of detail about the activities of Williams, a former member of the TAO, that he was reluctant to travel to certain countries for a while, given that the tweets indicated that his NSA work may have been aimed against these countries.

shadow brokers big

Kaspersky Lab was tied to the Brokers through claims in the three main US mainstream newspapers – The New York Times, The Wall Street Journal and the Washington Post.

Permit me to digress a bit, gentle reader, while I explain what anti-virus software does. This genre of software operates like a rootkit; it has access to every file on a Windows system — desktop Linux use does not need any A-V software and Mac users can get away without using it as well — and all A-V software uploads suspicious files to a given location for later analysis.

At times, this is a virus database like the Google-owned VirusTotal, at others it is a database owned by the A-V company in question. In the case of Kaspersky, when a service called Kaspersky Security Network is switched on, suspicious files are uploaded to its servers in Moscow for analysis by its own staff.

With the home version of Kaspersky A-V, the user has to opt in to KSN; the corporate product will query the KSN (by sending a MD5 hash and the file size), but nothing is uploaded. There is no option for businesses to upload files.

The US media reports hinted that Kaspersky Lad had uploaded NSA files to its own servers after they had been detected as malware on an NSA employee's Windows computer. The inference is that they were then given over, or intercepted, by Russian Government hackers and then handed over to the Shadow Brokers.

If one were to believe this theory, then the Brokers are a Russian creation or at least one which is in cahoots with Russia.

But the language used by the Brokers argues against this; only a native English speaker could craft language such as that used by them. And my judgement is made as someone who is a native English speaker, despite having been born in an environment that is far removed from any English-speaking country.

For its sins, Kaspersky Lab has been cut out of supplying security software to the US public service.

It is quite likely that Kaspersky Lab would have suffered this fate anyway, after it repeatedly exposed the antics of a number of nation states, beginning with the UK's GCHQ in 2014, which tried to hack a Belgian telecommunications provider.

In 2015, Kaspersky exposed a group it called the Equation Group, which has been long rumoured to be an internal NSA unit. The company also detailed how the Stuxnet operation was carried out to cripple Iran's nuclear reactors. Stuxnet was discovered by Sergey Ulasen in 2010; he joined Kaspersky Lab a year later. The virus was infiltrated into Iran's nuclear labs through an USB drive as the lab was not connected to any external network.

Israeli Government hackers breached the Kaspersky network in 2014; after the company found out in 2015, it wrote a long, detailed analysis of the incident.

But the leaks by the Shadow Brokers were the straw that broke the camel's back. Even so, had the NSA been able to determine the identity of those behind the leaks early on in the piece, Kaspersky Lab may have escaped.

Given that the NSA, the best-resourced and most experienced digital spy outfit in the world, had been caught with its pants literally around its ankles, someone had to pay a price.

The convenient scapegoat was Kaspersky Lab. Convenient, because in the midst of the bloodletting over the Democrats' 2016 presidential loss, there was a need for a scapegoat and Russia fitted the bill, despite there being very scanty and incomplete evidence.

Kaspersky Lab is undoubtedly Russian. Its founder, Eugene Kaspersky, has worked for Soviet military intelligence in the distant past. Whoa, the US has got its bête noire.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments