The GRU and Kaspersky - are they related in some way?

stockhausen · 4 Oct 2018 at 13:16

Dutch security services expelled four Russians over a cyber attack plot targeting the global chemical weapons watchdog, officials said. The operation by Russia's GRU military intelligence allegedly targeted the Organisation for the Prevention of Chemical Weapons in The Hague in April.

Russian cyber intelligence officers tried to hack the UK's Foreign Office, a British diplomat has said. Peter Wilson, the UK ambassador in The Hague, said Russian intelligence officers tried to compromise Foreign Office systems with an attack in March.

It is true that Britain's National Cyber Security Centre (NCSC) is on high alert for the possibility of some kind of Russian activity. More people and resources have been devoted to monitoring and investigation. There has also been outreach to companies to warn them on what to look out for and what to do. "Russia is our most capable hostile adversary in cyber-space, so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies," NCSC chief Ciaran Martin said in a statement.

Kaspersky is often described as one of the best anti-virus products, it was a while ago implicated in hacking the CIA. Any anti-virus software of necessity has to monitor everything going on on a PC.

Can Kaspersky be trusted in the current environment?
Come to that, can ANY anti-virus software be trusted?

Mynight · 4 Oct 2018 at 13:24

Can you trust anything you're running? Unless you have access to the code and the knowledge to vet it you can't.

I was under the impression the CIA(NSA?)issue was actually a contractor who had taken home their work. Kaspersky flagged it as any good AV should have done and uploaded samples.

I imagine if another AV had caught it we'd never have heard about it.

stockhausen · 4 Oct 2018 at 13:52

Mynight said:
Can you trust anything you're running? Unless you have access to the code and the knowledge to vet it you can't.

I was under the impression the CIA(NSA?)issue was actually a contractor who had taken home their work. Kaspersky flagged it as any good AV should have done and uploaded samples.

I imagine if another AV had caught it we'd never have heard about it.

I take your point about possible hidden objectives in software - Trusteer Rapport is an example.

However, my point is more about any possible (covert) relationship between the Russian GRU which appears to be very active in cyber attacks and an anti-virus organisation based in Russia.

Mynight · 4 Oct 2018 at 14:07

stockhausen said:
I take your point about possible hidden objectives in software - Trusteer Rapport is an example.

However, my point is more about any possible (covert) relationship between the Russian GRU which appears to be very active in cyber attacks and an anti-virus organisation based in Russia.

Sorry I neglected that bit didn't I

.

Honestly I have no clue but I wouldn't be anymore surprised about Russia's GRU and Kaspersky than Comodo and USA's NSA or Avast and Czech Republic's NCSO (?). You'd probably find China is embedded in most of them

.

With something like an AV pretty much everyone has one installed it's a good place for malicious actors to get stuck in.

Chances are the popular AV companies are all compromised in some way or another. Maybe not even by their own governments.

Problem is even if we all decided to forgo using AV as a security risk we'd only move the vector to OSs or to the firmware. Even if we somehow bypassed all of that we'd only know our computer is secure anything we connect to(and along the way)can also be a target.

Should we be anymore concerned about Russia having access than any other?

TheMightyTen · 4 Oct 2018 at 14:48

Does Kaspersky do travel guides for interesting architectural European destinations, specifically Cathedrals with spires between 299m and 301m or exciting inovative campuses in the Hague?

kaiowas · 4 Oct 2018 at 14:56

Mynight said:
Honestly I have no clue but I wouldn't be anymore surprised about Russia's GRU and Kaspersky than Comodo and USA's NSA or Avast and Czech Republic's NCSO (?). You'd probably find China is embedded in most of them .

China are manufacturing all of the hardware - they don't need backdoors at the software level

Hades · 4 Oct 2018 at 16:28

Mynight said:
Sorry I neglected that bit didn't I .

Honestly I have no clue but I wouldn't be anymore surprised about Russia's GRU and Kaspersky than Comodo and USA's NSA or Avast and Czech Republic's NCSO (?). You'd probably find China is embedded in most of them .

With something like an AV pretty much everyone has one installed it's a good place for malicious actors to get stuck in.

Chances are the popular AV companies are all compromised in some way or another. Maybe not even by their own governments.

Problem is even if we all decided to forgo using AV as a security risk we'd only move the vector to OSs or to the firmware. Even if we somehow bypassed all of that we'd only know our computer is secure anything we connect to(and along the way)can also be a target.

Should we be anymore concerned about Russia having access than any other?

Without wanting to sound like an open source zealot this is a good case for using it, from the OS (Linux) to browsers (Chromium, Waterfox, etc). Unfortunately as you point out there are other vectors such as many points on the internet, your PC firmware and hardware, router, etc. But at least it reduces the points of exposure.

The GRU and Kaspersky - are they related in some way?

More options

stockhausen

stockhausen

Capodecina

Mynight

Mynight

stockhausen

stockhausen

Capodecina

Mynight

Mynight

TheMightyTen

TheMightyTen

kaiowas

kaiowas

Hades

Hades