Cyber Warfare Battle Report-We Got Screwed Again
We got ripped off again, and very badly. The fundamental issue is offense has the advantage by nature of the tech involved. We have got to get our side of this together.
Paywalled unfortunately…
Russian Hackers Stole NSA Data on U.S. Cyber Defense
The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks
By Gordon Lubold and Shane Harris
Updated Oct. 5, 2017 7:31 p.m. ET
WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter. wsj.com
At Ars Tech and other places we see a lot of related worry about Kapersky. If you are an old cold warrior, just the Russian name is enough. But that’s unfair.
The counter argument to what Aitel and plenty of people in security and national security circles are saying is that the extraordinary allegations are based solely on anonymous sources and aren’t backed up with any hard evidence. What’s more, the anonymous sources never say that anyone from Kaspersky Lab aided or cooperated with the hackers. The latter point leaves open the possibility that the hole left open by Kaspersky AV was unintentional by its developers and was exploited by Russian hackers without any help from the company.
In September 2015, Google Project Zero researcher Tavis Ormandy said his cursory examination of Kaspersky AV exposed multiple vulnerabilities that made it possible for attackers to remotely execute malicious code on computers that ran the software. If the hackers had knowledge the NSA contractor was using the Kaspersky AV, it’s at least feasible they exploited those vulnerabilities or similar ones to identify the sensitive materials and possibly also steal them.