SH20TAATSB18    Study    Archive    Feed    About    Error ?

Kaspersky case

Update (2018-10-03): -> Case Update

To talk about The Shadow Brokers without mentioning Kaspersky would be a mistake, I think. I want to clarify some points:

Detections!

First (September 2014)

In a press release, the company acknowledges that the detection of TSB tools was indeed effective by Kaspersky that was detected by the Kaspersky product. This detection has put together a .zip archive containing other Equation Group tools (NSA alleged unit) cause the archive matched lots of Equation signatures already in the Kaspersky databases. After these tools were inspected by an analyst, who declared them malicious, he reported these facts to Kaspersky’s CEO. The latter requested the deletion of all traces of this archive from all information systems.

Q5 – If classified information was pulled back, what happened to said data after? Was it handled appropriately?
A5 – After discovering the suspected Equation malware source code and classified documents, the analyst reported the incident to the CEO. Following a request from the CEO, the archive was deleted from all of our systems. With the archive that contained the classified information being subsequently removed from our storage locations, only traces of its detection remain in our system (i.e. – statistics and some metadata). We cannot assess whether the data was “handled appropriately” (according to US Government norms) since our analysts have not been trained on handling US classified information, nor are they under any legal obligation to do so.

Second (1st September 2016)

Kaspersky Anti-Virus software was used by TSB to analyse the materials stolen from the NSA on 2016-09-01 at 07:14 (proven by screen captures of TWPC#1-4 images).

We have two detections:

It’s 2 different detections!

Professional negligence (October 2014)

And to add more fun and shit in this story, more interesting and just a professional negligence was discovered by Kaspersky Labs, the Equation developer used a cracked version of Microsoft Office. This version was backdoored by someone (Kaspersky allegedly think about a Russian threat actor). Do I forgot to precise we talked about confidential information transferred on “home” computer and the user has disabled the Anti-Virus during the crack installation?

Let me summarize:

Yes, for me it’s just a professional negligence!

Controversy

But then why so much noise for what appears to be a malpractice by the NSA employee? The controversy comes from the fact that the founder of the Kaspersky company, Eugene Kaspersky, is a graduate of the IKSI, an academy of Russian secret services, the FSB (formerly the KGB). In addition, a vulnerability in a component of its antivirus product was discovered by Tavis Ormandy that intercepted secure traffic (P0-978), which will then be decried for intercepting critical information. But this can also be qualified by the creation and use of unofficial certificates by the CIA to intercept traffic in Kaspersky products (Vault 8, Wikileaks). According to the sus mentioned facts, there was the discovery, recovery and analysis of an archive containing EquationGroup tools by Kaspersky. Their product also analysed TSB tools on 2016-09-01 at 07:14. Kaspersky said they erased all traces of this archive in their system. The claim cannot be independently verified.

Controversy answer

Eugene Kaspersky also offered to testify and let his source code be audited by the U.S. Congress. He has not been brought to Congress as of 2018-04-15.

Based solely on the facts, there is no technical evidence to prove that this information was transmitted to the FSB by Kaspersky. That’s where the problem lies, *no technical evidence of charge or discharge which leaves public opinion and customers in doubt and I dare to think that this is also what launched the antitrust campaign of the American government services towards Kaspersky software. Kaspersky responded by launching transparency centers around the world.*