Kaspersky Lab Used by Russia as a Tool to Spy on the U.S.

Software from Russian-based Kaspersky Lab has been used to steal sensitive and classified National Security Agency (NSA) data from an NSA contractor’s personal computer, according to the Wall Street Journal.

The 2015 hack apparently happened when the contractor took the data from the NSA and loaded it onto his computer, which contained Kaspersky antivirus software. Allegedly, the software enabled Russian hackers to see his files. The hack has not been disclosed by the government, noted the Wall Street Journal.

The Washington Post reported that the contractor, a U.S. citizen born in Vietnam, worked for the division of the NSA that creates tools to break into computers overseas for the purpose of gathering intelligence. The employee, who was sacked in 2015, probably did not take the materials for malicious purposes such as handing them to a foreign spy agency, The Washington Post noted.

A New York Times article details how Israeli intelligence officers looked on in real time as Russian government hackers searched computers for the code names of American intelligence programs.

Interestingly, neither the Wall Street Journal nor the Washington Post addressed the issue of why the employee took classified information home on his laptop.

Equally as interesting, the reports provide no information about how an NSA employee’s laptop could be hacked so easily, nor why it took a year for the hack to be disclosed. Plus, neither newspaper provided any evidence of Kaspersky Lab working directly for the Russian secret service.

In a statement, Kaspersky said:

“Kaspersky Lab has not been provided any evidence substantiating the company’s involvement in the alleged incident reported by the Wall Street Journal on October 5, 2017, and it is unfortunate that news coverage of unproven claims continue to perpetuate accusations about the company. 

“However, as the trustworthiness and integrity of our products are fundamental to our business, we are seriously concerned about the article’s implications that attackers may have exploited our software. We reiterate our willingness to work alongside U.S. authorities to address any concerns they may have about our products and respectfully request any relevant information that would enable the company to begin an investigation at the earliest opportunity. 

“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”

Last month, the U.S. Government, Best Buy, and Office Depot suspended business with Kaspersky, as we reported in a blog.

The government issued a binding directive that federal civilian agencies identify Kaspersky software on their networks, and remove it after 90 days, unless otherwise directed.

The Department of Homeland Security (DHS) said it was “concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS said in a statement.

Cross Posted from VIPRE

Report: Macs Vulnerable to Attack Through Firmware Weaknesses

Timely News as October is National Cyber Security Awareness Month (NCSAM)

A report from Duo Security details a potentially systemic issue that leaves Mac computers susceptible to highly targeted and stealthy attacks.

The report shows Mac users who have updated to the latest operating system or downloaded the most recent security update may not be as secure as they originally thought.

Duo Security’s analysis of more than 73,000 Macs across various industries found the Extensible Firmware Interface (EFI) in many models was not receiving security updates that users thought they were getting. This left users susceptible to previously disclosed vulnerabilities such as Thunderstrike 2 and the recent WikiLeaks Vault 7 data dumps that detail attacks against firmware.

Best Deal

Threats Are Lurking While You Trick or Treat!

Stay safe from cybercrime this Halloween with 35% off VIPRE!

Shop Now

While Apple devices were the focus of the study, experts at the company told The Washington Post that Windows-based machines are even more likely to be at risk, because of the range of manufacturers involved in building PCs.

In 2015, Apple began bundling its software and firmware updates in an effort to ensure users automatically obtain the most current firmware security. This allowed Duo Security to analyze the state of Apple’s EFI security by looking at Mac updates over the past three years.

Duo Security’s key findings are:

  • Users running a version of the Mac OS that is older than the latest major release (High Sierra) likely have EFI firmware that has not received the latest fixes for known EFI issues. This means those systems can be software-secure but firmware-
  • On average, 4.2% of Macs running an EFI firmware version that’s different from what they should be running.
  • At least 16 models have never received any EFI firmware updates. The 21.5” iMac, released in late 2015, has the highest occurrence of incorrect EFI firmware with 43% of sampled systems running incorrect versions.
  • 47 models capable of running 10.12, 10.11, 10.10 did not have an EFI firmware patch addressing the vulnerability, Thunderstrike. 31 models did not have an EFI firmware patch addressing the remote version of the vulnerability, Thunderstrike 2.
  • Two recent security updates issued by Apple (Security Update 2017-001 for 10.10 and 10.11) contained the wrong firmware with the update. This would indicate regression or a lag in quality assurance.

The National Cyber Security Awareness Month (NCSAM) was created in 2003 by the U.S. Department of Homeland Security and National Cyber Security Alliance to ensure everyone has the resources they need to stay safe and secure online. The goal of NCSAM is to increase the awareness of the ever-evolving cyber security landscape and bring attention to different measures people can take to keep their information protected.

Re posted from VIPRE