In case you didn’t know whom or what to believe in the battle between Gene Kaspersky and the U.S. Government, it just got a little weirder.
You probably remember that the DoD told its people to remove Kaspersky’s software from it’s machines. They didn’t say why. But, no matter how this story plays out, that decision was the right decision.
Later it came out that an NSA employee was developing NSA malware to replace malware that Snowden exposed; he removed that classified software from NSA facilities and took it home. It was then thought that the software was compromised to the Ruskies because that employee had Kaspersky software on his computer and Kaspersky was working for the FSB.
Fast forward the story and Gene Kaspersky is fighting for his company’s very existence. Never mind the fact that if the employee had followed both policy and the law, we would not be having this conversation.
Kaspersky has now revealed some more information about the situation. Whether you believe him or not is up to you. Our gov is being totally radio-silent on the situation, which likely means that it is at least, mostly accurate. Probably. No guarantee.
- The NSA employee was running the Kaspersky software on his home computer.
- The employee had intentionally turned on the feature called Kaspersky Security Network, which, by design, forwards suspicious malicious software to Kaspersky’s labs for analysis.
- The employee disabled the Kaspersky software. BECAUSE:
- The employee downloaded pirated software
- After the employee’s computer was infected, the employee turned the anti-virus software back on.
- When turned back on, the Kaspersky software scanned his computer and detected the new NSA malware as a variant of the Equation Group software that Snowden disclosed. Since it was unknown and he had intentionally turned on the security network feature of Kaspersky’s software, it sent the malware (the software that he was developing) to Kaspersky’s labs for analysis.
- This LIKELY ties back to a 2015 breach of Kaspersky’s network (probably by the FSB) which has been well covered in the media.
- ALTERNATIVELY, the pirated software that he downloaded allegedly had a back door in it and if that is true, the Russian FSB could have stolen anything on his computer.
There are probably a bunch of potential variants here, but it seems reasonable that all of this could have easily happened if the alleged scenario happened.
AND NONE OF WHICH WOULD HAVE HAPPENED IF THE NSA COULD GET IT EMPLOYEES TO FOLLOW THE LAW.
HUMAN BEINGS, ONE MORE TIME, ARE THE WEAK LINK IN THE CHAIN.
Information for this post came from Ars Technica.