[kharms]

"Everything else is speculation" ignores the well sourced "speculation" about Kaspersky's next step: letting the FSB know about this contractor so they could target and breach his machine.

It's speculative in the sense that we weren't there, but the information comes from the same source as all of those facts.

[morsch]

There is no single source for the article.

It refers to a "person familiar with the case" when they explain how an NSA guy exposed his malware to Kaspersky.

It refers to different sources which discuss how any malware might have made its way from Kaspersky to the NSA -- unnamed "information security analysts" (they think the KGB hacked Kaspersky), "other experts" (they say the Russian's version of PRISM picked it up) and Steven Hall, a former spook with no disclosed ties to the case (he says Kaspersky is "likely to be beholden to the Kremlin").

[stickdogg]

It is obvious to me that Kaspersky is beholden to the Kremlin. The founders of Kaspersky are after all Russian.

[thewhitetulip]

Why would a hacker not use Mac or Linux for sensitive stuff?

[andreif]

Why would a NSA guy use Russian security software?

[leereeves]

Why would an NSA guy put secret government tools on his personal laptop?

[YouKnowBetter]

Stupid as it may sound, but my experience with many many "why did you take the data there" dramas, the answer is:

To get things done you can not do at the office or you just lack the office time to get it done.

[marcosdumay]

Too restrictive corporate policies?

[marcusjt]

User error

[_e]

Why would a NSA guy even run any AV? Isolate and compartmentalize everything based on the task and its dependencies. You should assume everything you run could be bad or that you are already compromised.

[wetghost]

He works for the NSA, but he was on his home computer which is unlikely to stay air-gapped unless he's content with making mspaint art and playing skifree :)

[stickdogg]

Straight up. They spew forth this stupid reasoning so that the general public will become frightened. Most people don't understand what any AV does, or how it operates anyway. For them to understand compartmentalization based on dependencies is way too far out there. The US government might have granted access as well in another effort to spread fear amongst the uneducated American populus.

[thecrazyone]

Is this reasonable to do with number of softwares even average people use?

There was a person on the docker team, who had dockerized every other applications like chrome, firefox, ALSA sound server, and more. But even she found it hard to sandbox everything.

I'm using docker as a leading sandboxing tech. Do you mean something else when you mean sandbox?

[codedokode]

I should warn that Docker was never planned as a security tool. If you read the documentation on Linux containers you will see that they are pretty complicated and therefore can have vulnerabilities.

[SEJeff]

Because he's a RIS mole pretending to be incompetent.

[13of40]

I assume if you voluntarily give Kaspersky root access to your laptop, they don't care whether it's Windows, Mac, or Linux.

[marcosdumay]

Does Karpersky sell that run on Macs or desktop Linux?

[13of40]

According to Google they have both, and based on the descriptions they probably follow the same model as the Windows one. That said, it would be kind of ironic if the original comment actually meant, "Use Mac or Linux for sensitive stuff because there's a good chance Kaspersky doesn't exist (or work very well) on them."

[acqq]

Where did you read "letting the FSB know about this contractor so they could target and breach his machine."

I somehow missed to see that anybody but you claims that, so please give some link. I also, like the parent poster, only read that the antvirus program, as it should, collected the virus to the company servers.

[kharms]

I read that in the WSJ article that first revealed the security breach.

https://www.wsj.com/articles/russian-hackers-stole-nsa-data-...

>The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

[bobwaycott]

That quote doesn’t say anything at all that indicates Kaspersky “let the FSB know”, as you keep stating.

[acqq]

It is behind a paywall but the quote you give has no sense in the context of the rest of the information I've read. That narration would be different then. Israelis hacked Kaspersky offices, discovered what the antivirus automatically transferred. It is not claimed they discovered anything else there. NSA obviously didn't know what their worker did at home, until Israelis informed them, so how do they know he was targeted afterwards and that Kaspersky was directly involved? Something is still missing.

[lurker69]

Here is sans paywall link: https://archive.is/hB3eo

No mention of FSB in that article.

[acqq]

Thanks. There is however:

"Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s PC, hackers working for Russia homed in on the machine and obtained a large amount of information, said the people familiar with the matter."

But that sounds very implausible, which entry would "the hackers" use? Note that nobody claims that Kaspersky did that "obtaining" that way (by hacking). But it appears to me that Kaspersky software simply first detected suspicious files and then also send them to the servers, which is what the software of most antivirus vendors does. And then the "hackers" story was invented to make it more dramatic. That better fits with the story of the NSA trojan files found on Kaspersky servers by the Israeli, as they hacked Kaspersky.

[ganoushoreilly]

The implications may be that the FSB provided specific signatures for them to look for, they came back when they popped up on a machine located at this contractors house, then further assessments were performed. In context that’s not far fetched at all.