Israel hacked Kaspersky; tips NSA that its tools had been breached

[Morisato 8]

https://www.washingtonpost.com/world/national-security/israel-hacked-kaspersky-then-tipped-the-nsa-that-its-tools-had-been-breached/2017/10/10/d48ce774-aa95-11e7-850e-2bdd1236be5d_story.html

https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html

 

Poor Kaspersky and those that still use it (though it seems to be safe unless you have files that trigger certain keywords on scan).

[itman 1,659]

I wish AV vendors including Eset "good luck" at getting anyone to upload any data after this incident. Per the NY times article:

Quote

Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.

 

[cyberhash 188]

Data collection/distribution is part of every AV and it's been going on for longer than these articles imply.

[TJP 143]

Anti-Russian articles in the USA media is no surprise at this time. It wasn't too long ago the USA were seen as the 'bad guys' e.g. hxxp://www.theregister.co.uk/2013/07/05/americans_to_fess_up_to_spying_on_europeans/

Some of the comments on the first story on the Washington Post are as nutty as the story itself. Xenophobia at its worst.

[productionpaint 0]

Can we get any kind of assurance from ESET that they're not similarly compromised like Kaspersky supposedly is?

[foneil 342]

On 10/15/2017 at 5:12 PM, productionpaint said:

Can we get any kind of assurance from ESET that they're not similarly compromised like Kaspersky supposedly is?

ESET has no comment on this story at this time ("Kaspersky compromised") as details are still emerging. However, our implementation is different and we operate under the laws of the EU, and Slovakia is a member of the European Union and NATO. Slovakia is also on the list of DOD approved countries (http://gsa.federalschedules.com/resources/taa-designated-countries/). 
 

[peteyt 393]

An interesting article I came across - A reporter contacted multiple Antivirus Vendors about their security practises and shared the responses. Seems eset has yet to respond to them though https://www.databreachtoday.com/surveying-17-anti-virus-firms-on-their-security-practices-a-10393

[jdashn 12]

Might have missed this part of that article? Was updated today:

Quote

 

ESET's Response

ESET says that by default, its products don't send any user files to the cloud for scanning, but instead send hashes of suspect files. "However, if the user decides to send files/items for analysis, this option is also available in our products," a spokesman tells ISMG. "In such cases all of the processed information is encrypted, including metadata."

Users can opt in to sharing suspect files during software installation. Even so, only suspicious files will be submitted, and numerous files types, including documents, "are excluded from submission by default," ESET says. All suspicious files are submitted to ESET anonymously and are not connected to any license information, it says.

The company says it does not share files with VirusTotal, or for that matter law-enforcement agencies or intelligence agencies, but notes that "in the case of a legitimate request we follow standard procedures required by [EU or national] legislation.

 

 

Edited October 27, 2017 by jdashn

[peteyt 393]

39 minutes ago, jdashn said:

Might have missed this part of that article? Was updated today:

 

thanks for the heads up. 

[SCR 195]

Thanks for the update jdashn.