While its certainly true that we need to worry about these Russian products, the damage that the NSA has done is enormous.
Can I trust Cisco VPNs? Can I trust Windows? Can I trust my router? The NSA opens boxes in shipment to break their security, and they have the resources to do a lot more.
Unfortunately for us in the U.S., the NSA threat is a real one, not a hypothetical.
And a question for the people who know more than me: is there any IT vendor who hasn't been corrupted by the NSA, the Russians or the Chinese?
The reason you "know" the NSA is a threat is because of the increased "transparency" of western democracies.
There is no transparency in Russia. In a system of kleptocracy, bribery and a questionable judicial system, there is no boundary between state actors and any "private" corporation. If the FSB asks Kasperski for help, they can't say no, and they won't tell.
If given the choice, I'd still rather trust American intelligence services. In fact, I do believe American products to be safer in this regard.
> The reason you "know" the NSA is a threat is because of the increased "transparency" of western democracies.
The reason why we know so much about what the NSA does is because a few NSA contractors have broken the law (for good or for ill) and leaked classified information about operations. Without leaks, there would be no information about what NSA does or doesn't do.
The only difference between NSA and FSB is that FSB hasn't used as many contractors and hasn't had as many leakers in Snowden-like positions.
Leakers, and the ensuing discussion and spread of the leaked information, is part of the western culture of transparency.
Of course government agencies don't want to expose their secrets voluntarily. They have to be dragged into the open kicking and screaming. Doesn't mean that they aren't, though.
It's so much part of a "culture" that one of the leakers is only safe in Russia, another spent five years in solitary confinement, and yet another is holed up in an embassy to avoid extraordinary rendition. Some "culture" there.
Surge of leakers unable to resolve issues internally points to serious structural problems.
I remember times when soviets were prone to leak.
I don't believe that there is any global it firm independent of its handlers..
Ironically, we actually know more about FSB warrantless wiretapping from official sources, because things like SORM-2 and SORM-3 are actual written law.
Whether or not there is transparency (that the NSA works very hard to suppress), that doesn't change the issue. Sure, I absolutely trust the NSA - to break stuff, to snoop, to spy, to eavesdrop. In that regard, I have possibly the most trust in the NSA out of all the organizations I trust.
What I don't trust is the NSA to not break things. Its core to their mission. Is the anyone who is capable of and willing to make products with an assurance of security and privacy? Is there any webcam that I can trust to never spy on me? Any device that isn't leaving my precise location - even when Wi-Fi is off? Is there any firewall I can trust to keep snoops out? Any software that isn't vulnerable to NSA interference? They're ac advanced persistent threat for a reason and we shouldn't forget that.
The difference is that there is a process in place with court oversight, and a judicial system which isn't completely beholden to the government.
Even with the most egregious abuses of these National Security Letters, their scope is still limited and they have to have justification for whatever they demand. There is a record of such letters, which can be examined, for example by politicians in congress or the next administration. Companies can even challenge these letters. And they are still leaked all the time.
> The difference is that there is a process in place with court oversight
You mean the FISA Court that Russ Tice once described as a "kangaroo court with a rubber stamp" and that approves over 99% of applications? Is that 1% rejection rate in a closed door court where due process lives?
TBH, regardless of the NYT and their recent "red-scare", I'd be concerned with using them on sensitive systems -because either knowingly or unwittingly they could have FSB moles working for them.
I have no idea one way or the other (regarding either the NYT or Kaspersky). But it does strike me that your theory is credible.
However it also seems credible that Microsoft, Intel and other critical hardware and software vendors based in the US may have moles and/or agreements in place with CIA/NSA.
That's possible as well but if you are US based at least the damage is contained --the NSA isn't going to give your data to a foreign competitor (or local for you have recourse in the legal system), whereas I'm not so sure the FSB would not "share" information with their preferred firms and if you become aware of it, you would have very little recourse.
Unless you aren't in the US or Russia, then you have Russia potentially spying for Russian companies/government, and the US/NSA potentially spying for US companies/government. The NSA has been caught with their hand in the cookie jar when it comes to corporate espionage[0][1].
I think it's common knowledge industrial espionage is practiced from time to time by all major powers. The question is a calculus. Who'd put you in a smaller/bigger ditch, relatively speaking.
You really don't need FSB moles if the property and even personal survival of the CEO is in the hands of an authocratic regime.
No Russian citizen in Russia, especially not anyone with any kind of wealth, can deny the government's requests. Whether the influence on Kasperky is from the top or only starts further down the chain, is more of a stylistic aspect of handling intelligence assets...
This, too, is not unique to Russia. Joseph Nacchio was CEO of Qwest[1] when he refused to hand things over to the NSA. Lucrative government contracts were then dropped, Qwest's earnings took a hit, and Nacchio was subsequently prosecuted for insider trading. As I understand it, the accusation was that he knew they were not going to meet their earnings forecast and his contention is that he did not because the government contracts being dropped was a surprise to him.
"Since being freed in September 2013, Nacchio, 65, has repeatedly denied he engaged in insider trading, arguing that he thought Qwest had opportunities to get federal contracts that would have boosted its revenue, but those opportunities were withdrawn after the company's alleged refusal to cooperate with a National Security Agency surveillance program.
Nacchio has suggested repeatedly that the government's prosecution of him was payback for not helping the NSA."[2]
Even if it turns out that Nacchio really is guilty of insider trading and the government did nothing untoward, one can see how easy it would be for the US government to destroy the life of a CEO they find uncooperative.
That seems to be a rather particular case, of which the details are not publicly known. It could easily be that the NSA had a particularly good reason to withdraw the contracts, and obviously the company didn't have a right to these contracts in the first place, or the NSA wouldn't have been able to stop them.
On the other hand, the NSA is not controlled by the government, at least not to the level of individual prosecutions, investigations or contracts.
One can, and such an article would also be 100% correct. Even if Symantec doesn't partner with NSA today, there's certainly a potential for them to be doing that tomorrow.
The pragmatic difference is that it's very hard for another country to completely avoid relying on software products created in the sphere of influence of Western spy agencies, whereas it's relatively easy for US to ditch Kaspersky.
Despite its statement of fact in the title, this is in the opinion section and is riddled with innuendo, inaccuracies, and fearmongering, starting with the oft-repeated and incorrect idea that Russia "hacked our election". This is of course not the case - some email was hacked and it exposed some of the illegal/unethical dealings of a candidate. Had the leaked emails all been about how hard that candidate was going to work for the American people, perhaps the result would have been more to the liking of the author of this piece.
Perhaps it is a bad idea for the US government to use Kapersky software, and perhaps it isn't. I wouldn't be able to determine that by reading this opinion, because it contains no facts backing up the author's fears.
According to this article, voting machines were targeted, but it seems very unclear as to whether or not those attempts were successful or had any effect on anything at all. Previous reports have all concluded that no votes were actually affected by hacking, and this article strives to imply that votes were affected but has no facts to back that up.
I would assume that attempts to gather information on and hack into voting machines happen all the time, by both state actors and private individuals. They key is whether or not such attempts are successful.
Hacking the election doesn't mean having to actually flip votes, though the Russians clearly tried to do that and we don't know if they were successful. What is clear is that they tried to infiltrate election machines and the companies that produced them, on a grand scale. What is also clear is they waged a very successful propaganda campaign that pushed fake news stories, primarily through social media. Votes could have been effected by the former and almost certainly by the latter. Again, as the article points out below you wouldn't have to flip votes to effect outcomes, simply keeping people from voting could be enough, especially in a close election.
Let's say I believe the good Senator from NH, that Kaspersky is evil.
What she has failed to show is how are Kaspersky's actions worse than those of Cisco, Juniper, Microsoft, Intel, etc.? Can she state, with conviction, that the NSA does not have backdoors in US products? That the NSA is not exploiting holes (which they could get fixed by the vendors, but aren't) ?
BTW: the US has been "hacking" elections one way or the other all across the globe for decades. I find this uproar in the US about being hacked laughable, as we've been doing it for so many years! Sure, we may not use the exact same techniques are the Russians, but we do meddle in other countries' elections all the time.
I really do not expect such journalism from New York times,
>But a backdoor is not necessary. When a user installs Kaspersky Lab software, the company gets an all-access pass to every corner of a user’s computer network, including all applications, files and emails.
Isn't this true for all antiviruses.
>The Kremlin hacked our presidential election, is waging a cyberwar against our NATO allies and is probing opportunities to use similar tactics against democracies worldwide
Any proof for this?
Just realized that this was written by a Democratic Senator who took a stand against Kaspersky. That explains the lack of balance in the article and the tone.
Also. I would have a problem with any one having my data, be it Symantec and NSA or Kaspersky and KGB.
The idea of the Russians hacking the election is just a signal of political bias. There isn't even any accusation of miscounting votes or any typical election fraud. US voters still got what they voted for exactly as the system is supposed to work.
The NYT had been quite biased for a long time. I think the last time they did any real journalism was during the first major Wikileaks story - the one where Greenwald played a big part.
Can you provide an article, or source for this specific claim? There was definitely illicit accesses to voter registration databases during the 2016 election, but you specifically said voting machines.
> The New York Times reporters acknowledge that it is uncertain whether the problems were caused by Kremlin-directed hacking or a more innocuous mishap like software malfunctions or human error. Furthermore, an NSA analysis was unable to determine if the Russian hackers were successful in compromising the election vendors or what specific data had been accessed.
I need a little more than that before I get all riled up about the Red Scare.
That's the first line in the article and is stated as fact, what's the evidence for that? How exactly did Kremlin hack our election?
Are they implying had it not been for their hackers we might have had Hillary as a president. I remember her campaigning in California multiple times and but I guess those sneaky Russian hackers changed her itinerary to never visit Wisconsin. They also forced her to setup that stupid server and send classified information over it. Then held the hands of her staffers as they smashed those blackberries with hammers.
Saw someone else here stopped reading at that line, and can't blame them. This is becoming like the WMD and the Iraq War story. At some point it becomes counterproductive to repeat it because it starts to work in the opposite direction. No doubt there it was a very well thought out PR campaign, but it's time to wrap up and move on.
I've never even heard anyone explain how they could prove it in the first place. How do they differentiate an attack launched from Russia with a Russian attack? How do the differentiate state vs private actors? How do they rule out intentionally created back doors?
It always comes down to "it was the Russians, trust us".
I think NSA is such a danger and threat, aside from installing backdoors and weakening security, the major reason is that it legitimizes such behavior, so that others like China, Russia, Iran etc, can do the same and not even blush about it.
As someone said, Kaspersky is danger because it is revealing NSA tools.
This is not a news article. This is an op-ed piece by a US Senator. The author may be concerned about NSA/CIA inserting their spyware into US products, and may also be concerned about various US intelligence agencies spying on US citizens. Neither of these topics are significant to point the Senator is making.
The point of the article is that Russian spyware is a security threat on the US. It is an op-ed piece, you can agree or disagree as to how credible the threat is ... and if you are from NH you can get extra credit and can take that into consideration when you vote on her candidacy next time she comes up for reelection.
Russian propaganda to the contrary, there is a difference between the workings of the CIA and FSB, and the general political and judicial systems of Russia and the USA.
If ex-CIA employees work for Cisco, their work is subject to corporate leadership. Whatever they do, or are allowed to do, is the responsibility of the company as a whole.
Can I trust Cisco VPNs? Can I trust Windows? Can I trust my router? The NSA opens boxes in shipment to break their security, and they have the resources to do a lot more.
Unfortunately for us in the U.S., the NSA threat is a real one, not a hypothetical.
And a question for the people who know more than me: is there any IT vendor who hasn't been corrupted by the NSA, the Russians or the Chinese?