The Verge reports this instance of software McCarthyism by the Wall Street Journal against Kaspersky Lab saying:
…
According to the report, the hackers seem to have identified the files — which contained “details of how the U.S. penetrates foreign computer networks and defends against cyberattacks” — after an antivirus scan by Kaspersky antivirus software, which somehow alerted hackers to the sensitive files.
… (emphasis added)
Doesn’t “…somehow alerted hackers to the sensitive files…” sound a bit weak? Even allowing for restating the content of the original WSJ report?
The Wall Street Journal reports in Russian Hackers Stole NSA Data on U.S. Cyber Defense:
Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.
The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.
…
U.S. investigators believe the contractor’s use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.
But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.
Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter.
…
The facts reported by the Wall Street Journal support guilt by association style McCarthyism but in a software context.
Here are the only facts I can glean from the WSJ report and common knowledge of virus software:
- NSA contractor removed files from NSA and put them on his home computer
- Home computer was either a PC or Mac (only desktops supported by Kaspersky)
- Kaspersky anti-virus software was on the PC or Mac
- Kaspersky anti-virus software is either active or runs at specified times
- Kaspersky anti-virus software scanned the home computer one or more times
- Hackers stole NSA files from the home computer
That’s it, those are all the facts reported in the Wall Street Journal “story,” better labeled a slander against Kaspersky Lab.
The following claims are made with no evidence whatsoever:
- “after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab”
- “believe the contractor’s use of the software alerted Russian hackers to the presence of files”
- “whether Kaspersky technicians programed the software to look for specific parameters”
- “unclear is whether Kaspersky employees alerted the Russian government to the finding”
- “armed with the knowledge that Kaspersky’s software provided”
The only evidence in the possession of investigators is the co-locations of the NSA files and Kaspersky anti-virus software on the same computer.
All the other beliefs, suppositions, assumptions, etc., of investigators are attempts to further the government’s current witch hunt against Kaspersky Labs.
The contractor’s computer likely also had MS Office, the home of more than a few security weaknesses. To say nothing of phishing emails, web browsers, and the many other avenues for penetration.
As far as “discovering” the contractor to get the files in question, it could have been by chance and/or the contractor bragging to a waitress about his work. We’re not talking about the sharpest knife in the drawer on security matters.
Judging hacking claims based on co-location of software is guilt by association pure and simple. The Wall Street Journal should not dignify such government rumors by reporting them.