Kaspersky Lab has close ties to Russian spies – Bloomberg News

“Kaspersky Lab sells security software, including antivirus programs recommended by big-box stores and other U.S. PC retailers. The Moscow-based company ranks sixth in revenue among security-software makers, taking in $667 million in 2013, and is a favorite among Best Buy’s Geek Squad technicians and reviewers on Amazon.com,” Carol Matlack, Michael A Riley, and Jordan Robertson report for Bloomberg News.

“Founder and Chief Executive Officer Eugene Kaspersky used to work for the KGB, and in 2007, one of the company’s Japanese ad campaigns used the slogan ‘A Specialist in Cryptography from KGB,'” Matlack, Riley, and Robertson report. “The sales tactic, a local partner’s idea, was ‘quickly removed by headquarters,’ according to Kaspersky Lab, as the company recruited senior managers in the U.S. and Europe to expand its business and readied an initial public offering with a U.S. investment firm.”

“In 2012, however, Kaspersky Lab abruptly changed course. Since then, high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia’s military or intelligence services,” Matlack, Riley, and Robertson report. “Some of these people actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers who rely on Kaspersky Lab’s software, say six current and former employees who declined to discuss the matter publicly because they feared reprisals.”

Much more in the full article here.

MacDailyNews Take: Things that make you go “hmmm.”

Yet another reason why we’re glad we use Macs!

[Thanks to MacDailyNews Reader “Hans Maristela” for the heads up.]

43 Comments

    1. Jubei, sorry to hijack your comment and the thread but….
      @MDN….ARGH!!!. The whole site is borked. AdMalware redirects from everywhere. Homepage + Contact, News and App links – all redirect to AppStore, iTunes or “Win an iPad (or iPhone) ” pages.
      Tried coming from a search page, same result with a pristine iPhone 6 and an iPad.
      Apologies again but MDN asked for feedback.

  1. To be fair, Kaspersky is still much safer than NSA-controlled McAfee and other local anti-virus software because besides USA and UK no other country has giant data centre facilities that are capable of wall-to-wall totalitarian spying. So even highly censored communications like in China only get relatively narrow on-the-fly spying (the same is with Russia and many European countries).

    Though yes, the best option is not to use such software at all, even from Kaspersky — which is lesser of evils, but evil nonetheless.

      1. How so?

        I do not in those links see mention of any giant wall-to-wall data centres being active in China or Russia.

        Security services of China and Russia obviously try to spy on everything, just like any other spying agencies of other countries, but they do not have anything even remotely close as USA and UA have to pile up and process the data in a totalitarian way. As I wrote above, it is just on-the-fly, short-term spying that is nothing like what UK and USA do.

        So those couple of links to do not contradict to what I wrote at all. I never wrote that China, Russia and other do not spy, but I wrote the depth of what they do with it is incomparably smaller than what USA and UK do.

          1. And in those links there are no hint of giant data centers trying to grab and store absolutely everything. As I wrote from very beginning, it is short-term on the fly spying, and nothing like what USA and UK have.

          2. (By the way, the latest link mostly perverted what Putin has said. He did not really defend USA’s spying program and drones. The balancing parts of his answers were cut in tabloidish way WP covered the interviews.)

            1. The lady dost protest too much.
              If you are seriously contending that US citizens are more closely surveilled than the citizens of China and Russia, you have swallowed the ex-pat, anti-American postures of Laura Poitras and Glenn Greenwald hook line and sinker. They have become non stop detractors of the United States and will negatively spin information against this country whenever they can.

            2. If you are seriously contending that US citizens are more closely surveilled than the citizens of China and Russia,

              Of course, I am. NSA’s budget and scale of giant totalitarian spying systems are unparalleled. You can post any number of links about other spying systems, but in none of them there is even remote resemblance of scale of spying that USA and UK do.

            3. Right, this is what I think and no fact pattern will dissuade me. Hey, by a plane ticket, I’m sure your point of view will be appreciated by Putin or Xi. Of course, you’ll need to avoid contradicting them.

  2. “Yet another reason why we’re glad we use Macs!”

    That really make zero difference when you are talking this level of hacker. Unix/OS X has 1/3 more code to hack, and really has never been vetted much. Add all the third party software to find hooks into OS X. OS X and it’s third party wares has plenty of vuls that this level of cyber character is walking in with very little effort.

    We have the example of basically a low level malware writer that took over 650,000 Mac in 2011 with a small effort. If you coralate total Macs by Macs infected, that would equivalent to the worse PC infectiion outbreak.

    The good thing is Apple and the security community are right on top of it, because there is so little OS X malware floating around. Making OS X a less desirable target because the time spent finding the vuls and writing attack code will get patched within a week or less. Vs up to a month in the waste field of Windows based malware haystack.

    Code is basically code, just because it has OS X on means nothing. They will get in through third party vuls, just like Windows.

    Ok OS X fanboys ATTACK!

    1. You are wrong TED, now you be careful what you say. Code is no more “code is code” than say “your brain” and “Steve Jobs brain” is just a brain like everybody else. They are two totally different things.

      UNIX is way more sophisticated than what is basically glorified DOS code. On top they “look” the same (due to MS copying….gentlemen start your printers….remember that?) but are totally different underneath.

      Steve Jobs once said (BTW, while gates was sitting next to him in that red chair with Kara and Walt), “MS has no taste, I don’t mean that in a small way, I mean that in a BIG way”. Same goes for security in windows. You can substitute the word “taste” with the word “security” in Steve jobs comment.

    2. Sorry Mac Users, I forgot to give full disclosure. As you see above, I am related to the company founder. My job here at Kaspersky is to disseminate FUD and try to get you to use our useless expensive software.

    3. We who work with Mac are STILL looking for one of those 650,000 members of the Amazing Mythical Shrinking MacBot in the wild. Two of the computers I manage were listed by the Dr. Web’s honey-pot server as being members but had never had JAVA installed on them. . . and when check did not have to files on them to have been a member of the MacBot. Many of the UUID’s listed on Dr. Web’s Honey Pot Server were for computers that were not infected with the FlashBack Trojan. Many had never been sold. . . had never had Java installed on them, a necessary component for the Flashback exploit to work, and many of the UUID’s were not yet assigned to Macs because they were not yet manufactured. What Dr. Web had was a list of UUID’s in the range of Apple Macs. . . and that was all.

      Dr. Web announced the 650,000 member MacBot, but then the numbers started dropping . . . first it dropped to 270,000 within a week, then a week later, when several other AV companies started looking and colleges with large installed bases of Macs among their student bodies started reporting NOT finding any infections, the numbers dropped to just over 100,000, then 62,000, then the “infection” disappeared off the radar completely. Where did it go?

      Seeing as how to even get infected one had to download character definitions from an obscure Russian Language game site, and the so-called exploit was a Java exploit, equally exploitable on Windows and Macs, and the game playable equally on Windows and Macs. . . why were 97% of the supposed infections on Macs and only in ENGLISH speaking countries and 95% in the US and Canada??? The reason is that all evidence points to the fact that it wasn’t real.

  3. Although a Mac is relatively secure due to its Unix underpinnings, I started using E-Sets security software. I’ve never had any security warnings so it is mostly just sitting there. At least it isn’t a resource hog.
    I do use Parallels to run Windows and they recommend and provide Kaspersky’s software which I don’t install. I instead use the Windows version of E-set’s software which again isn’t a resource hog compared to Norton/Symantec and others.

  4. Anyone that spreads the falsity that Macs are invulnerable to malware is lying and spreading deception. The only reason you don’t hear about Mads targeted is that Windows makes up the majority of the computers in the world. Hackers want bang for the buck.

    1. That theory has been disproved so many times.

      They started this theory when Mac was 1%. No study, no proof, just pulled it out of their ass.

      Now that iOS/OSX is 50%/18% respectively (give or take a percent here and there), they say the same thing. No proof, no study, just pull it out of their ass.

    2. About six years ago the Witty Worm was written exploiting an already closed vulnerability in the Black Ice Routers. . . targeting the 20,000 un-patched routers still on the Internet. Within 45 minutes of the Witty Worm being released into the wild, EVERY SINGLE Windows computer USING the black Ice routers were infected. Every one. At the time, there were over 50,000,000 OS X Mac computers on the internet, with 99% of them running completely naked of any anti-virus software and most without a firewall. There are many more examples of hackers writing malware for small target markets.

      If it was economical for the cracking and hacking crooks to write the Witty Worm to invade a mere 20,000 potential Windows computers, then 50,000,000 bare naked, sitting duck OS X Macs should be an easy target for them, especially when every study has shown that Mac users are more affluent and use their Macs more than Windows users to buy products on the Internet, so would be far more likely to have credit card and ID information unprotected on their computers, ripe for the picking. WHY DIDN’T THE HACKERS HARVEST THAT LOW LYING FRUIT? The reason is not “Security by Obscurity” but rather getting into a Mac is orders of magnitude more difficult than breaking into Windows computers.

  5. Any high end pentester is in on an OS X network without issue OS X is wide open to anyone with advanced skill. Thinking otherwise shows you are totally clueless to internet security and especially this false narrative that Macs are safe because it’s based on Free BSD. Guess what, 3rd party programs.

    How did the 650,000 Mac’s get owned by a low grade hacker at best in 2011? What about the mid level and advanced hacker?? What could they do? The low end guy TOTALLY owned the Mac platform for the most part. It is said to be equivalent to the best PC attack ever recorded.

    What would of happened if the advanced hacker added a bunch of ad servers on this and all other Mac sites on a coordinated timer based attack. Also add Amazon ad servers with WP blogs serving the OS X zero day all at one time . Granted, the time to do all the code would take time, but if done by a cyber gang it would happen and the Mac carnage would of been 10 fold. Very easily done as far s execution. The attack model is not there in the black hat community, so it is not done. Windows based PCs just has the numbers. Plus, Crypto based lockers are just too easy now, way not just keep going. Respect the hacker for his skill, don’t be a dumb ares and think OS X is somehow immune.

    It is security through obscurity. I myself disagree with Bruce Schneier.

    1. So anyone could do it, yet the relatively affluent Apply owners are not getting milked by hackers? That makes no sense.

      Hackers are geeks (that’s a compliment) and geeks like challenges. So, the whole “Apple is not vulnerable” has not been enticing enough to any anti-Apple geek to crack the simple Apple code?!?! That makes no sense.

      There are conferences every year that have challenges to crack various OS and hardware and every year they do gain access to OSX…IF they have admin access. So falling prey to either a Trojan or phishing is necessary to let a hacker gain access.

  6. Paul,

    Talk to a good corporate pentester who hacks weekly/ monthly at some of this countries highly defended corporate sites. Social engineeran OS X user to a OS X attack site and you are in. They have zero issues bypassing OS X little X-Protect and GateKeeper. You just don’t seem to respect the skill level of a good skilled hacker. A bypass is a bypass in Windows or OS X….They both (Windows and OS X) have those vuls and they both act the same when executed. Bypass code is bypass code. We are just lucky the hackers are not executing it on OS X

    1. TeD,
      I watched a most famous pentester the other day on a news channel. I believe he was famous because 30 years ago he broke into a US gov computer. I’ll try to find a link for you. Really funny how he is full of himself. Let’s call this guy “Hackster” for reference sake.

      Hackster was a scandalous liar regarding his comments about Apple pay and Touch ID. On touch ID he said that Touch ID has already been hacked!!!

      Which, for PRACTICAL PURPOSES is really NOT true. But the news presenter sucked it all up because…..well they really don’t know any science.

      He was.Of course, referring to the “so called hack” where the hackers got a hold of someones fingerprints, and spent several hours photo shopping followed by several hours of 3D printing a skin like fingerprint. Then to top it all off they had to have the ACTUAL device stolen from this person as well. This scenario is not at all practical for a normal person like you and me to be worried about. Why, because it is really difficult to steal the device without the person knowing it is stolen over a span of several hours. Let alone have access to 3D printing etc.

      On Apple Pay: Now, we all know that the “fraud” talked about on the news isn’t actually a problem with Apple Pay. Right kids? It is actually a case where the guy with the keys (the Banks) sends the key (the Card) to the wrong person. The thief merely uses the key given to him by the bank.

      Furthermore, the “social engineered hacks” you talk about, all rely on the victim somehow giving up the key. Let me be straight here. THERE IS NO PROTECTION AGAINST STUPIDITY! Except……of course Apples Two Step Verification.

      TED, we are talking of “REAL” hacks, not these impractical mean NOTHING hacks or stupid “social engineered hacks”. Hacks, where I am sitting here and you are sitting there and you being able to break into my OS X or IOS device. Go on do that and Ill be impressed.

      BTW, if you went to the NSA now and said you have this Apple Pay hack and Touch ID hack, they would laugh in your face. Why, because they want hacks that they can implement in an instance to any random person.

      You cannot do any such hack on my Mac or my iPhone. BUT, there are plenty for Android and Windoze.

Leave a Reply to enzos Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.