Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Businesses Security IT

Kaspersky Explains Why They Won't Say Who Hacked Them 124

New submitter ChannelGonzo writes: Larry Walsh at Channelnomics scores the scoop in a Q&A with Kaspersky's Chris Doggett who says it's not the Russian security company's job to figure out who is responsible for a sophisticated cyber attack on its corporate network over the past few months. "We believe that to go beyond our area of expertise and speculate on the possible sources of attacks is not in the best interest of our customers," Doggett said.
This discussion has been archived. No new comments can be posted.

Kaspersky Explains Why They Won't Say Who Hacked Them

Comments Filter:
  • Russians did it.
    • by Anonymous Coward

      um, a much more likely suspect would be a small country in the middle east.

      • Re:DUHHHHH (Score:5, Funny)

        by Opportunist ( 166417 ) on Friday June 12, 2015 @08:32PM (#49901807)

        Why not us for a change? Dammit, the Russians and Chinese don't have the monopoly on being able to hack something, ya know?

        • Re: (Score:3, Funny)

          by BitZtream ( 692029 )

          No, they don't, they just have a monopoly on getting caught often. We get caught less because we're better at it. It generally takes a traitor for us to get caught.

        • Offshoring... ;-p But your large companies can always hire some H1Bs, of course.
      • You're trolling, right? How about the biggest security complex in the world trying to take a Russian company down that's just too good at detecting threats, especially if the threats may be emminating from said security complex??
    • Re:DUHHHHH (Score:5, Interesting)

      by elwinc ( 663074 ) on Friday June 12, 2015 @08:41PM (#49901839)
      Whoever hacked Kaspersky was probably hunting moles. From the outside, it looks as if Kaspersky has been positively brilliant, revealing state level actors, cracking stuxnet, duqu, & duqu2. But what if some other state level actor had been feeding Kaspersky? What if spies, not security researchers, told Kaspersky where to look? It would be worth a lot for the authors of stuxnet etc to be able to confirm or deny that Kaspersky worked without help. That's the best reason I can see for hacking into Kaspersky.
      • by sshir ( 623215 )
        Or maybe they plan to do some poaching and want to know who's the major talent.
    • I was thinking exactly the opposite. You don't want to say who did it when it was the N.S.A.
  • TL;DR (Score:3, Insightful)

    by OverlordQ ( 264228 ) on Friday June 12, 2015 @07:36PM (#49901577) Journal

    We wont say, because if we do, we'll look bad.

  • by antiperimetaparalogo ( 4091871 ) on Friday June 12, 2015 @07:42PM (#49901617)
    Well, sometimes you can say somethings by saying "i won't say"... i think many of us can understand that they already said who they think those who hacked them were - i understand that as an international company they try to avoid any nationalistic references because it is really bad for business, especially when most of your clients will consider it as an attack to them personaly.
  • They wont say because if they do they will all have mysterious 'accidents'....just like happened to Putin's enemies in the past. http://www.cnn.com/2015/03/03/... [cnn.com] http://www.theglobeandmail.com... [theglobeandmail.com] http://www.businessinsider.com... [businessinsider.com]
  • Duh (Score:4, Funny)

    by penguinoid ( 724646 ) on Friday June 12, 2015 @07:47PM (#49901645) Homepage Journal

    Obviously it's for reasons which have nothing to do with the truth being embarrassing.

  • by presidenteloco ( 659168 ) on Friday June 12, 2015 @07:49PM (#49901659)

    again?

    • by Anonymous Coward

      Antivirus, not investigation.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        More specifically, security software.
        If they don't know how to perform an investigation when security has been breached, then I don't know how they can perform their roles as security experts.

    • by Tablizer ( 95088 ) on Friday June 12, 2015 @09:02PM (#49901917) Journal

      A: Not ticking off Putin.

    • again?

      FTA: "In general, the attribution of cyber attacks is difficult to do conclusively"

      Then the examples given didn't or wouldn't need malware to obtain access to a system.

      • again?

        FTA: "In general, the attribution of cyber attacks is difficult to do conclusively"

        Then the examples given didn't or wouldn't need malware to obtain access to a system.

        FTA "In the case of Duqu, the attackers intentionally introduced false information to confuse investigators"

        While this is unclear what they are saying is they can't point to a person specifically, it being outside their expertise.

  • NSA (Score:5, Insightful)

    by jinchoung ( 629691 ) on Friday June 12, 2015 @08:08PM (#49901729)

    i would be shocked if NSA weren't involved.

    • What's to gain? The NSA ain't some Dr-Evil kinda organizations doing evil stuff for the sake of being evil, that's more a bonus value to them. First and foremost they aim for more power.

      What's in it for them if they pwn an antivirus corporation? And of all the targets, why Kaspersky? I don't know the inner workings of the companies, but if the quality of their product reflects in any way their competence, McAfee would not only be a far easier but, considering their corporate clients, far more interesting ta

      • by Anonymous Coward

        I think it's India, they've been taking over IT work on the cheap for years now. It's a sneaky move to control all the networks. Nobody suspects them while they remotely administer your computers, but they're even planting thousands of spys.... oh, I mean "workers" in the US now. They work for less because they are also being paid by the homeland I'm sure.
        Anyways, that's my new theory.

        • by KGIII ( 973947 )

          I like that theory. You need to flesh it out a bit more - throw in some real names and links to things that can be misinterpreted and you should be all set for an independent documentary.

          • by DescX ( 4012275 )

            Extra bonus points if s/he fleshes it out with silly sounding acronyms.

            "We discovered a plain text file payload with a random set of characters that just didn't make sense -- IDSIRA. Our first tip off was the file encoding, set to ASCII instead of UTF-8. After investigating this matter and cross referencing against thesaurus.com, it's clear that the Indian Demonology Squad for Interdiction and Reactive Attrition is alive and well."

        • by gl4ss ( 559668 )

          which india are they spying for?

          the thing with india is that it's like 2000 states that barely get along long enough to put a killer in a prison.

      • Re: (Score:3, Informative)

        by evilrip ( 713562 )
        Plenty to gain; Kaspersky is installed all over parts of the world that in high interest and these did find stuxnet out. Probably they decided it was better to use them as access vector instead of a worm that could spin out of control.
      • Maybe they were doing it to earn brownie points with other US gov parties - military guys, other intel agencies, politicians. I can think of reasons they would all want to get to Kaspersky, so the only reason the NSA needs is that they want to stay on all those parties' good side. Internal cooperation is needed to keep the whole US gov system working. The NSA can't put troops on the ground and the Army doesn't have some of the NSA's spying capabilities - they need eachother to keep the whole thing afloat. (
  • Clearly they do a lot of business in Israel. Plus the fear being called antisemetic.
    • Clearly they do a lot of business in Israel. Plus the fear being called antisemetic.

      MY GOODNESS are you implying that Israel might be behind this? What? Are you ANTISEMITIC?????

  • Someone with money (Score:5, Insightful)

    by Iamthecheese ( 1264298 ) on Friday June 12, 2015 @08:17PM (#49901773)
    People were poopooing the virus, but I think that's because they didn't read the report. [securelist.com]

    This is a highly sophisticated polymorphic virus using multiple forms of encryption in multiple layers against multiple attack vectors. It's really a piece of work. I don't know why someone would write it and then use it directly against Kaspersky but whoever did it had the cash to hire some very clever people, or was a team of programmers with a genius at the helm and amazing opsec.

    Considering the sophistication of the virus I think it would be silly to speculate about who wrote it: whoever it is had to spend a good deal of effort covering their tracks and could easily have compromised multiple third parties just to create red herrings.
    • Let's see. What do we know so far:

      Kaspersky is an anti-virus company.
      Kaspersky is the only (relevant) anti-virus company that does not have its HQ in the US or Europe but from a country that has a rather strained relationship with those countries.
      Kaspersky is hence the only (relevant) anti-virus company that can't be browbeat into not finding something that certain entities do not want found.

      If you excuse me, I go shop for more tinfoil before it's too late...

      • I'm with you. I expect a company to be completely transparent about the products they sell, and their business practices. When they are the victim of a crime I expect them to protect themselves.

        I'm pretty sure there's more to this story than we're getting at the moment. I'll stay tuned and defer judgement.

      • If you excuse me, I go shop for more tinfoil before it's too late...

        You have plenty of perspective, but forgot to look in both directions.

        • What other direction is there? Who else, what other "power", has the means and skills to do something like that?

          ISIS/terror groups? Please. Yes, they have a handful of skilled computer people but they are not only few and far between, they are also FAR from having the necessary organization. Plus, it's not their style, they're for shock and awe, not cloak and dagger.

          Russia? Half of the staff of K formerly worked for the KGB or other groups, and as Putin once said, there ain't such a thing as a former KGB. I

          • If the Russian government wanted something from K, I am fairly sure it would not have required a letter,

            What letter are you talking about? No letter was mentioned in either FA.

    • I don't know why someone would write it and then use it directly against Kaspersky

      Probably they wrote it themselves to get publicity. You haven't seen the source to the exploit, have you?

  • 1. they don't know. 2 they don't care. 3. they like it.
  • by NotQuiteReal ( 608241 ) on Friday June 12, 2015 @08:53PM (#49901879) Journal
    If I do it standing up, I am "safe", right?
  • There a firms who are paid millions to do that for a single customer. Kaspersky is probably just afraid, and I don't blame him. If encryption is made illegal, I'm sure antivirus won't be far behind.
  • No one wins (Score:2, Troll)

    by ShaunC ( 203807 )

    Announcing to the world that you've been infiltrated by Mossad is a decision that must be weighed by some enormous number of calculated steps.

    If you're correct, you will be accused of being anti-Semitic.

    If you're wrong, you will be accused of being anti-Semitic.

    The only winning move is not to play.

    • by CBravo ( 35450 )
      I rewrote that for you:

      Announcing to the world that you've been infiltrated by [major unknown party] is a decision that must be weighed by some enormous number of calculated steps.

      If you're correct, you have risk

      If you're wrong, you have risk

      The only winning move is not to play.
  • by Anonymous Coward on Friday June 12, 2015 @09:26PM (#49902031)

    I read the report and they were clear without saying directly.

    1. From compile dates the office work week was Sunday to Friday.
    2. There was much less activity on Friday and no activity on Saturday.
    3. The time zone was UTC+2 hours

    That is code for Israel. They could not be any clearer withut saying it directly.

    • by Anonymous Coward

      Yes, but someone could have set up those timestamps to try and frame Israel.

    • by tgv ( 254536 )

      Turkey and Egypt would fit the bill too, I believe. The whole region doesn't work on Saturday.

    • by Slayer ( 6656 )
      4. Their report [securelist.com] states on page 5, that instead of "PROP" the exploit code used the word "HASHVA" on multiple occasions. While this could be a short form of "hash value", it just by pure coincidence means "thought" in Hebrew ...
      • by Anonymous Coward

        I am israeli, the hebrew word for thought is "macshava".

        Hashva means " she thought", but hey, dont let the facts confuse you.

  • by ihtoit ( 3393327 ) on Friday June 12, 2015 @09:52PM (#49902123)

    ...is basically what they're saying. And they're right, they're not cops, they're not investigators. They're a software company.

    THAT SAID:

    From what I can gather, the "hack" was in the form of a highly complex payload which used multiple vectors. This isn't script kiddy stuff, this is planned and executed with a LOT of money behind it. Less likely to be a disgruntled employee or a pissed off customer, more likely to be a state player or rival with knowledge of the network. They might start by discussing with the police, the identities of those outside the company that the employees from the Directors to the janitors talk to about work, then run backgrounds on those people. I would not be too surprised (though the evidence is currently lacking to back up my position) if this were the work of British or American foreign intelligence - DoD, CIA or MI6. I don't think the FSB would be up for this since it's a Russian company with clear access to computers all over the world by simple virtue of the ubiquitous nature of its software. It wouldn't make the GRU very happy to suddenly find a potential backdoor to millions of computers suddenly slammed shut by a sister agency. Who else? Israel? I doubt it, what motive would they have? Besides, they're too busy killing Palestinians. Though looking at the Wired [wired.com] article, it would appear that suspicion is heavily on Israel with the toolkit being identified - and sharing a lot of common code - as a Duqu derivative with some Stuxnet code in there as well, which they're calling Duqu 2.0. This article does not agree with the one referenced in TFS, in that Kaspersky is reported to not actually know how much data has been stolen but they do know it's a significant amount and specific in nature.

  • Were the update servers compromised?
    The target could have been one or more customers.

    Given the advanced nature of what has been found,
    customer clean-up might be very difficult.
    --
    When you think the trick is happening, it's already been done.

  • How to marginalize themselves as a company in just one small statement. I think they take the prize. Yea, we don't care. As if.

  • They are dealing with an extra-legal entity who doesn't have to answer to courts or legislators. FSB, NSA. Who cares what three letters they go by. They have guns and assasins on staff. And no need to answer to anyone else.

    I don't expect any corporate officers at Kaspersky (or any other company) to die for the security of my PC.

If all else fails, lower your standards.

Working...