02.21.15
Our Malware Men vs. Kaspersky
From the Voice of America News (condensed):
WASHINGTON—
The revelation of secret technology that buries spyware into computer hard drives could be a blow to espionage efforts by the U.S. National Security Agency, intelligence analysts say.
Kaspersky Lab, a Moscow-based security software manufacturer, recently reported it found computers in 30 nations infected with spying programs …
A former NSA employee told Reuters that Kaspersky’s analysis was correct and that people still in the spy agency valued these espionage programs as highly as Stuxnet.
“Is anybody safe anymore???? That was the reaction to the report by Bill Supernor, the chief technology officer for KoolSpan, a U.S. company providing secure voice and text systems for mobile phones.
KoolSpan sells more products overseas than in the U.S. “Customers already suspicious of U.S. products will now be even more concerned that firms have been compromised,??? Supernor said. “If this is the U.S. doing this to our adversaries we are seriously shooting ourselves in the foot,??? he said …
George Smith, a senior fellow at GlobalSecurity.org, said the report represented “a black eye for the U.S. government because it undermines trust on the global networks.”
“It makes it hard to argue for proper rules of conduct in cyber space because there are now no boundaries,??? Smith said.
Actually, I wasn’t emphatic enough. It’s made it impossible to argue for proper rules of conduct.
Twenty years ago I wrote The Virus Creation Labs. Much of the book was about the nature and ways of the anti-virus industry.
The anti-virus researchers had a code: no virus-writers! Writing malicious code was verboten, immoral. And they were pretty loud and forthright about it.
The question is now is who’s been asked to overlook American-made malware, particularly of this nature, if they run across it? Anyone? American anti-virus and computer security firms?
It puts such US companies in a bind. Even if they haven’t cooperated, how can you be sure?
Computer security conventions are big business. Of course, the US malware industrial complex must send many of its employees to them. Incognito.
But anti-virus researchers were and probably still are pretty smart guys. And they used to be keenly interested in who the virus writers were. Certainly they know their material is read by them. And they know they’ve seen them at conventions, perhaps even been chatted up by one or two.
The next shoe to drop, then, is the identification of one or more of our American malware and virus-writers, and the place they work out of. Much like what was done to the Chinese government hacking operation in Shanghai.
It is hard to say when or if it will come. Things like reality and what constitute reasonable consequences don’t apply to national security matters in the US.
Kaspersky should keep up the good work.
More later, maybe.
Read the entire VOA News piece. There’s a quote from someone at the Heritage Foundation, to the effect that Kaspersky’s anti-virus and malware analysis is part of a campaign to “deligitimize the NSA.”
On the Heritage Foundation here.
Tom Paterson said,
March 1, 2015 at 5:10 am
http://www.c-span.org/video/?324471-3/national-security-agency-director-mike-rogers-cybersecurity
With CC transcript.
00:32:03 Bruce Schneider asks about potential commercial damage.
00:56:58 Sputnik News.
So you’ve addressed the Kaspersky report, said you wouldn’t comment. There was another report on the NSA/GCHQ hacking encryption keys in a sim card…
Mutt User: Would you care to address the evil that is the Ask.com toolbar?
Adm Mike Rogers: Arfle barfle gloop.
Tom Paterson said,
March 1, 2015 at 5:38 am
http://www.c-span.org/video/?324471-3/national-security-agency-director-mike-rogers-cybersecurity
That’s Bruce Schneier … I copied the transcript.