Home Technology Regulation Kaspersky response to spy claims misleading: infosec expert

Kaspersky response to spy claims misleading: infosec expert

Kaspersky response to spy claims misleading: infosec expert Featured

A former employee of the NSA claims Kaspersky Lab has provided misleading information while responding to a Bloomberg article that said emails it had obtained showed that the company had developed products for the Russian intelligence service FSB and also accompanied its agents on raids.

Jake Williams, who runs a company named Rendition Infosec, said in a blog post that some part of Kaspersky Lab's riposte to the Bloomberg story was accurate.

But, he added, it was incorrect to say that Kaspersky Lab could not provide "any government agencies, nor other parties, with information on location of people and doesn't gather 'identifying data from customers' computers' because it is technically impossible".

A few hours after the Bloomberg report appeared, the US government said it was removing Kaspersky Lab from a list of approved software suppliers for two government-wide purchasing contracts that are used to buy technology services.

Kaspersky Lab responded to the government move by saying that it had no ties to any government, and had never helped any government with their cyber-espionage efforts.

Williams said that whether Kaspersky Lab provided real-time intelligence to anyone else was left to be determined.

"But the Kaspersky claim that it is 'technically impossible' to 'gather identifying data from customers’ computers' is completely false," he said.

Williams said it could be true that Kaspersky software did not have any features built in for the sole purpose of gathering identifying data from customers.

"But anti-virus software collects lots of telemetry on malware activities," he pointed out. "Part of that telemetry involves the autorun registry keys used by malware to persist between reboots.

"In some cases, malware even stores exfiltration or configuration data in the registry and Kaspersky needs this data to be effective with their detection, quarantine, and removal of malware artefacts on infected machines.

"As a result, it seems highly unlikely that Kaspersky software does not have the ability to query arbitrary registry keys and return their contents back to Kaspersky operations centres."

He said that by querying the correct registry keys, Kaspersky Lab would be able to gather data such as:

  • The machine name and domain name;
  • The username of the currently logged on user;
  • The usernames of previously logged on users;
  • The email address of the Microsoft account linked to the local accounts (if any);
  • The Wi-Fi network the machine is currently connected to;
  • The names of saved Wi-Fi networks;
  • The Windows unique product ID;
  • The Kaspersky unique product ID;
  • Unique hardware information (processor serial number, etc.);
  • Recently typed URLs;
  • Recently opened document names; and
  • Recently executed programs.

Williams also pointed out that these details were only part of the information that could be enumerated from registry values alone – and Kaspersky software was sure to have this capability.

"This completely discounts the fact that Kaspersky can arbitrarily enable new capabilities in its software at will and deploy those capabilities only to specific machines, presumably those targeted by FSB," he added. "Please note that Rendition isn’t claiming Kaspersky is using these capabilities, but it’s ridiculous to think they don’t have them."

He said that neither side had been totally transparent in the back-and-forth of this affair. While it appeared that Kaspersky Lab appeared to have been more open, it was possible that the US government was more guarded in its comments due to a need to protect sources.

"If the US Government discloses information derived from sensitive sources, it may no longer be able to access those sources – like everything in intelligence (cyber threat intelligence included) there must be an intel gain/loss calculation performed," Williams added.

He was, however, sure that more information would come to light about the stoush soon: "with Kaspersky on the defensive and likely backlash against US companies in Russia and elsewhere, the intelligence community may be sharing more of it what it knows sooner than later".

iTWire has contacted Kaspersky Lab's local outlet for comment.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

RECOVERING FROM RANSOMWARE

Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.

DOWNLOAD THE REPORT!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications