FRS176 MarketSegment PageSkin 160x1200px v1

 

 

 

FRS176 MarketSegment PageSkin 160x1200px v1
 

 

 

 

 

Home Technology Regulation Kaspersky response to spy claims misleading: infosec expert

A former employee of the NSA claims Kaspersky Lab has provided misleading information while responding to a Bloomberg article that said emails it had obtained showed that the company had developed products for the Russian intelligence service FSB and also accompanied its agents on raids.

Jake Williams, who runs a company named Rendition Infosec, said in a blog post that some party of Kaspersky Lab's riposte to the Bloomberg story was accurate.

But, he added, it was incorrect to say that Kaspersky Lab could not provide "any government agencies, nor other parties, with information on location of people and doesn't gather 'identifying data from customers' computers' because it is technically impossible".

A few hours after the Bloomberg report appeared, the US government said it was removing Kaspersky Lab from a list of approved software suppliers for two government-wide purchasing contracts that are used to buy technology services.

Kaspersky Lab responded to the government move by saying that it had no ties to any government, and had never helped any government with their cyber-espionage efforts.

Williams said that whether Kaspersky Lab provided real-time intelligence to anyone else was left to be determined.

"But the Kaspersky claim that it is 'technically impossible' to 'gather identifying data from customers’ computers' is completely false," he said.

Williams said it could be true that Kaspersky software did not have any features built in for the sole purpose of gathering identifying data from customers.

"But anti-virus software collects lots of telemetry on malware activities," he pointed out. "Part of that telemetry involves the autorun registry keys used by malware to persist between reboots.

"In some cases, malware even stores exfiltration or configuration data in the registry and Kaspersky needs this data to be effective with their detection, quarantine, and removal of malware artefacts on infected machines.

"As a result, it seems highly unlikely that Kaspersky software does not have the ability to query arbitrary registry keys and return their contents back to Kaspersky operations centres."

He said that by querying the correct registry keys, Kaspersky Lab would be able to gather data such as:

  • The machine name and domain name;
  • The username of the currently logged on user;
  • The usernames of previously logged on users;
  • The email address of the Microsoft account linked to the local accounts (if any);
  • The Wi-Fi network the machine is currently connected to;
  • The names of saved Wi-Fi networks;
  • The Windows unique product ID;
  • The Kaspersky unique product ID;
  • Unique hardware information (processor serial number, etc.);
  • Recently typed URLs;
  • Recently opened document names; and
  • Recently executed programs.

Williams also pointed out that these details were only part of the information that could be enumerated from registry values alone – and Kaspersky software was sure to have this capability.

"This completely discounts the fact that Kaspersky can arbitrarily enable new capabilities in its software at will and deploy those capabilities only to specific machines, presumably those targeted by FSB," he added. "Please note that Rendition isn’t claiming Kaspersky is using these capabilities, but it’s ridiculous to think they don’t have them."

He said that neither side had been totally transparent in the back-and-forth of this affair. While it appeared that Kaspersky Lab appeared to have been more open, it was possible that the US government was more guarded in its comments due to a need to protect sources.

"If the US Government discloses information derived from sensitive sources, it may no longer be able to access those sources – like everything in intelligence (cyber threat intelligence included) there must be an intel gain/loss calculation performed," Williams added.

He was, however, sure that more information would come to light about the stoush soon: "with Kaspersky on the defensive and likely backlash against US companies in Russia and elsewhere, the intelligence community may be sharing more of it what it knows sooner than later".

iTWire has contacted Kaspersky Lab's local outlet for comment.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities