[acqq]

Where did you read "letting the FSB know about this contractor so they could target and breach his machine."

I somehow missed to see that anybody but you claims that, so please give some link. I also, like the parent poster, only read that the antvirus program, as it should, collected the virus to the company servers.

[kharms]

I read that in the WSJ article that first revealed the security breach.

https://www.wsj.com/articles/russian-hackers-stole-nsa-data-...

>The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

[bobwaycott]

That quote doesn’t say anything at all that indicates Kaspersky “let the FSB know”, as you keep stating.

[acqq]

It is behind a paywall but the quote you give has no sense in the context of the rest of the information I've read. That narration would be different then. Israelis hacked Kaspersky offices, discovered what the antivirus automatically transferred. It is not claimed they discovered anything else there. NSA obviously didn't know what their worker did at home, until Israelis informed them, so how do they know he was targeted afterwards and that Kaspersky was directly involved? Something is still missing.

[lurker69]

Here is sans paywall link: https://archive.is/hB3eo

No mention of FSB in that article.

[acqq]

Thanks. There is however:

"Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s PC, hackers working for Russia homed in on the machine and obtained a large amount of information, said the people familiar with the matter."

But that sounds very implausible, which entry would "the hackers" use? Note that nobody claims that Kaspersky did that "obtaining" that way (by hacking). But it appears to me that Kaspersky software simply first detected suspicious files and then also send them to the servers, which is what the software of most antivirus vendors does. And then the "hackers" story was invented to make it more dramatic. That better fits with the story of the NSA trojan files found on Kaspersky servers by the Israeli, as they hacked Kaspersky.

[ganoushoreilly]

The implications may be that the FSB provided specific signatures for them to look for, they came back when they popped up on a machine located at this contractors house, then further assessments were performed. In context that’s not far fetched at all.

[acqq]

How do you think FSB "came back" to the machine of the NSA malware developer who's in the USA? I think that's exactly what is not plausible. He surely isn't going to open a trojan named isthatyou.jpg.exe in the e-mail sent by them to him. He actually made such stuff (trojans or something) himself as he let Kaspersky's software automatically collect the sample of his "work in progress." Now the unnamed government sources "leak" this as a case of apparent "Russian hackers" whereas the only known hackers in the story are the NSA and the Israel's hackers who hacked the office computers of Kaspersky. Kaspersky's software just did what other antivirus software does too.