back to article Kaspersky dragged into US govt's trashcan as weaponized blockchain agile devops mulled

President Donald Trump has signed the National Defense Authorization Act for 2018, which includes a ban on products from Kaspersky Lab running in US government agencies. Section 1634 of the law specifies that: No department, agency, organization, or other element of the Federal Government may use, whether directly or through …

  1. Doctor Syntax Silver badge

    The international trade lawyers are already planning how to spend this windfall.

    1. Tom Paine Silver badge

      International trade lawyers do not, inter alia, require the services of no malodorous windfalls.

  2. Notas Badoff

    Fail spelled backwards is liaЯ, right?

    And this government action because Kaspersky software worked correctly, and found that US spies were stupid and oversight was grossly lacking, and so the software is 'bad'?

    Is 'Rexit' when you hate reality and demand to leave it?

    1. ecofeco Silver badge

      Re: Fail spelled backwards is liaЯ, right?

      It's America. Blame everyone but the culprit is SOP.

  3. Anonymous Coward
    Anonymous Coward

    Why just single out kaspersky?

    Surely the US government wouldn't want any of its agencies to use any software under the control of a foreign power.

    Oh look over there, a squirrel and it's red.

    1. Anonymous Coward
      Facepalm

      Why just single out kaspersky?

      "Why just single out kaspersky?

      Because they're not a front for the Israeli security apparatus. Letting agents of a foreign intelligence service bug your computers isn't the best way of securing your cyber infrastructure. The FSB must be laughing itself silly.

      1. Spanners Silver badge
        Boffin

        Re: Why just single out kaspersky?

        I repeat a previous suggestion that Kaspersky is the tool for people who do not want to be too cooperative to the CIA, NSA and other such criminals ,

    2. CrazyOldCatMan Silver badge
      Boffin

      Oh look over there, a squirrel and it's red.

      Not here in most of England it's not. Thanks to the import of US grey squirrels.. (Scotland is more lucky - it's too cold there for the greys to thrive and so the red squirrels have a chance..)

      Just one more lesson fron nature about the dangers of stuff coming from the US :-)

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh look over there, a squirrel and it's red.

        I'm a bit worried about the state of squirrels today. The traditional Red-Communist ones are being (have been) driven out by these new ones acting at the direction of Roswell Aliens!

      2. Anonymous Coward
        Anonymous Coward

        "Just one more lesson fron nature about the dangers of stuff coming from the US :-)"

        I think that the UK (and other Europeans) were just as irresponsible when the exported our human population in the 15th century onwards.

        1. Anonymous Coward
          Anonymous Coward

          > I think that the UK (and other Europeans) were just as irresponsible when the exported our human population in the 15th century onwards.

          We were just grateful to be rid of them as they climbed aboard their prototype B-Ark.

          Little did we know that not drilling a hole in the hull would cause so much pain for so many.

  4. veti Silver badge

    Isn't it unusual, for a law to single out a specific company by name?

    Looks like the sort of thing you'd do if you were building a clientelist government, a la Zimbabwe or Venezuela - in which the executive simply gives money to its political friends, without any pretense of reason or services being involved.

    1. Lysenko

      Isn't it unusual, for a law to single out a specific company by name?

      It's not a million miles away from a Bill of Attainder either, however, the US legislature is historically quite fond of those (particularly where "Commies" are involved) despite the constitution prohibiting them.

      1. Anonymous Coward
        Anonymous Coward

        Товарищ Лисенко you never cease to amaze me! A modern person who knows about Attainder: a nasty little law that was extensively used during the Deformation to steal land from people who disagreed with the ruling elite. So your calling of the similarity is striking - as is the observation that the alleged crimes of the company are unprovable religious dogmata.

        1. Lysenko

          A modern person who knows about Attainder: a nasty little law that was extensively used during the Deformation to steal land from people who disagreed with the ruling elite. So your calling of the similarity is striking - as is the observation that the alleged crimes of the company are unprovable religious dogmata.

          There's nothing religious or obsolete about attainder where US law is concerned. The "Elizabeth Morgan Act" was struck down on that basis in the early 2000's and the Holman Rule is an example (re)activated only this year.

  5. Jonbays

    Doesn't seem to have any procedural fairness to blanket ban a company but at least it distracted him from grabbing pussies or starting a war in the middle east or Korean peninsula. Oh Oh it didn't ; )

  6. Palpy Silver badge

    Sigh... it's geographical as well a geopolitical, innit.

    Why single out Kaspersky?

    Dost thou recall, gentle commentards, the previously-secret hacking tools pulled from the laptop of one Mr. Pho, ostensibly by an automated Kaspersky scan for malware? Did Kaspersky intentionally send the FSB the data?

    “'The more likely scenario is that Russian intelligence has some sort of automated monitoring of the traffic that comes back to Kaspersky,' says James Lewis, Cipher Brief expert and a Senior Vice President and Program Director at the Center for Strategic and International Studies (CSIS)."

    What about an FSB spy inside Kaspersky?

    "...the authoritarian political environment in Russia means that the FSB would not have to go through the subtle process of recruiting insiders within Kaspersky. Rather, what the Kremlin says goes, according to Steve Hall, a former member of the CIA’s Senior Intelligence Service."

    “'The FSB would have no need to have a spy inside of Kaspersky,' says Hall. 'Bottom line is that it’s almost unimportant how they’re doing it – what’s important is that the FSB can do whatever they want because Eugene Kaspersky and that entire company is based in Russia and nobody wants the FSB knocking on grandma’s or mom’s door and saying, ‘your son isn’t being as cooperative as we want him to be.’”

    "[Former British signals intelligence chief Robert] Hannigan agrees. 'It’s simply inconceivable that a Russian company would say ‘no’ to an approach by the FSB: it would be reckless to refuse,' says the former GCHQ chief. 'So, this is not so much about cyber but about authoritarian state control and corruption.'”

    All this is quoted from The Cipher Brief, but the quotes seem pretty common-sensical to me. In pragmatic terms, nobody is picking on Kaspersky because they are Russian; they are picking on them because the environs in which they operate are technically, legally, and politically controlled by an authoritarian regime which is inimical to many Western interests.

    Eugene K. may be a helluva a good fella running an excellent technical security company. But he doesn't control his country, and his country has extraordinarily coercive leverage over anyone or anything in its domain. And probably has extraordinary abilities to monitor internet traffic -- meaning that every datum sent to Kaspersky as part of its security service is probably monitored by the FSB.

    Simples.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sigh... it's geographical as well a geopolitical, innit.

      And we can also reverse the whole argument.

      Especially.

      'It’s simply inconceivable that a American company would say ‘no’ to an approach by the NSA'

      'it would be reckless to refuse,' says the former GCHQ chief. 'So, this is not so much about cyber but about authoritarian state control and corruption.'

      But really thats just word play.

      What is of greater concern is the simple fact that the US by seeing Kaspersky as a hostile cyber weapons system implies that American products are also to be seen as cyber weapons.

      As an Australian, I see the American threat of commercial espionage as more damaging, persistent and likely.

      1. Palpy Silver badge

        Re: Sigh... and absolutely right, mate.

        Yep. You are absolutely arfin' right. The argument cuts on geopolitical boundaries.

        Outside the USA, the same rules apply: why would an Aussie trust McAffee not to send info to the NSA? No reason, mate. If you are outside the confines of the geologically static east coast of NA and the geologically active west coast of NA, then no: do not trust US security software, because it may very well be compromised by NSA.

        If you are in USA, would you rather the details of your company's strategic mineral rights are in the purview of Russia or China or US intelligence? Well, duh.

        Keep your own secrets, my Aussie commentard. Keep them well, and beware NSA. Beware FSB.

        I have no beef with that.

      2. Muscleguy Silver badge

        Re: Sigh... it's geographical as well a geopolitical, innit.

        Ditto wrt a British company and GCHQ/MI5/6 etc wielding various 'notices' premised on the Royal Prerogative non democratic powers.

        Can you imagine how they will run about trashing and shredding stuff when we vote Yes here in Scotland? Just the prospect of iScotland people crawling al over Faslane and Coulport must give them the willies. So far all the SNP have said is that rUKgov will have only so long as they need to safely remove the nuclear vessels and materials for a lease on those sights post Indy. Scotgov will expect to see a lot of building work in Aldermaston/Devon/Cornwall very soon after the Yes vote. There is also the small matter of the rusting nuclear sub hulks sitting at Rosyth while MoD pretends to figure out how to safely remove and make safe their ancient reactors.

        Any English or Welsh ports who want to volunteer to host these? Don't all rush at once now.

        If you don't believe me said hulks are clearly visible on Google Earth. The nuclear warhead bunkers on the hillside above Coulport where they take the warheads off the missiles and put them back on again can also be clearly seen. The boats currently under arms control and cost saving measures not sail with their full complement of missiles/warheads so there must be quite a few in those bunkers. Meaning HMgov needs to dig and pour a lot of concrete somewhere quite soon. Can't have us Scots with our mitts on them, can we?

        1. ecofeco Silver badge

          Re: Sigh... it's geographical as well a geopolitical, innit.

          Holy crap, Muscleguy. Just googled it. There's quite a few subs sitting there, aren't there?

    2. Milton Silver badge

      Re: Sigh... it's geographical as well a geopolitical, innit.

      Why is the post by Palpy being downvoted, I wonder? The key point the author makes is this—

      "Eugene K. may be a helluva a good fella running an excellent technical security company. But he doesn't control his country, and his country has extraordinarily coercive leverage over anyone or anything in its domain."

      —and this is of course true beyond any reasonable argument. Democracy no longer exists in Russia, after a brief post-Gorbachev flowering, the legal system is an entirely corrupted joke, any independent journalist lives in fear and political opposition is a risk to life.

      So yes, when the Kremlin "requests" any damn thing it chooses, you'd better say Da.

      I wouldn't be surprised if Kaspersky products are entirely clean and perhaps better than most western rivals (and they did offer sight of their source code), but it doesn't matter because where Russia is concerned (and this should be true of China and North Korea too, at least) we are looking at capabilities, not intentions.

      Trump is an imbecile, and probably doesn't understand one-hundredth of what he's putting his pawprint on, but in point of fact you should not let your national security depend upon soft- or hardware which may be open to compromise by unfriendly nations.

      The US (or the UK govt for that matter) should not be using Kaspersky any more than it should allow electronic components made in China into any of its secure systems. It boils down to common sense, does it not?

    3. bombastic bob Silver badge
      Linux

      Re: Sigh... it's geographical as well a geopolitical, innit.

      "Why single out Kaspersky?"

      it's mostly an 'N.I.H.' thing, related to national security. If _ANY_ national security stuff relies on "outsourced" tech, it's a potential problem. I think Trump just wants to promote U.S. business while simultaneously NOT relying on Russia-tech.

      I also point out if they switch to Linux or BSD or some other open source OS for gummint desktop computers, they won't even NEED something like Kaspersky's products...

    4. Roland6 Silver badge

      Re: Sigh... it's geographical as well a geopolitical, innit.

      Dost thou recall, gentle commentards, the previously-secret hacking tools pulled from the laptop of one Mr. Pho, ostensibly by an automated Kaspersky scan for malware? Did Kaspersky intentionally send the FSB the data?

      Dost thou not recall, Palpy, one Mr. Pho deliberately used Kaspersky to deal with a malware infection on his PC. Do we have any evidence that the malware was 'benign' ie. it didn't cause the upload of files of 'interest' to it's unknown masters systems, located in places unknown and potentially under surveillance by powers unknown.

      The rest of your post is simply conjecture verging on conspiracy theory about the relationship between KAspersky and the FSB and the powers (and resources) of the FSB, and thus serving only to spread FUD about Kaspersky.

      In pragmatic terms, nobody is picking on Kaspersky because they are Russian; they are picking on them because the environs in which they operate are technically, legally, and politically controlled by an authoritarian regime which is inimical to many Western interests.

      If this were the case, the relevant section of the bill would list several other products similar to Kaspersky, all of which are developed in countries who's governments are as likely to spy on friends and foes alike. Also just because the product comes from a US company, doesn't mean that the original development and support etc. is also based in America...

    5. veti Silver badge

      Re: Sigh... it's geographical as well a geopolitical, innit.

      In pragmatic terms, nobody is picking on Kaspersky because they are Russian; they are picking on them because the environs in which they operate are technically, legally, and politically controlled by an authoritarian regime which is inimical to many Western interests.

      If that's the the case, why single out Kaspersky by name? Surely they should apply a ban to all companies with significant human assets in Russia.

      Personally, I suspect Kaspersky's only real crime is "having the temerity to compete with good Murrican companies who are willing, for a price, to say nice things about the Dear Leader".

  7. CFtheNonPartisan

    The USA under Trump has found a new level of self indulging foolishness that attracts its core support base who are mostly sans filaments, let alone being dim bulbs. Donald Trump is the best Donald there is.

    1. Anonymous Coward
      Anonymous Coward

      Donald Trump is the best Donald there is.

      Hmmm, I was thinking more of a Dick, really...

      1. Anonymous Coward
        Anonymous Coward

        "Donald Dick"

  8. amanfromMars 1 Silver badge

    A Definitely Rad and Probably Also Quite Mad Great Game Play?

    Does anyone else imagine the future reality unleashed will be All Virtual Manner of Kaspersky Fans/Subjects and Objects of Interests now increasingly ProACTively remotely attacking and degrading rather than protecting and monitoring U$ Base Systems of SCADA Command/Elite Exclusive Executive Office Operation?

    Such when true is surely an epic fail with untold mounting catastrophic consequences in the pipeline for an ignorant fool move?

    What/Who on Earth are they using for their Intelligence? The product they're flogging is rotten and well past its best sell by date.

    Changing Suppliers delivers Changed Realities. And with AI and IT Command and Control of Media Programming, is it simple and no more difficult that that.

    So, who/what be offering such a Creatively Novel and Immersively Disruptive AI and IT Command and Control of Media Programming?

  9. Paul Smith

    Dumb and dumberer

    When the US banned the use of Huawei telecoms equipment from federal contracts it was because they claimed (without evidence) that Huawei equipment was phoning US secrets home to China. Snowdon later proved that the NSA had corrupted US company equipment to do exactly that.

    If the US is now banning Kaspersky for phoning home to the FSB, then I think it must be safe to assume that US software has already been corrupted to do exactly that. Methinks it is time to find alternate suppliers.

  10. Anonymous Coward
    Anonymous Coward

    Anybody else read this sort of thing and thinking about buying Kaspersky antivirus?

    Got to be better than the current windblows offering. I'd rather the FSB than the NSB were reading my stuff anyway.

    1. Anonymous Coward
      Anonymous Coward

      go for it

      but use a gift card to pay for it else you'll be paying for years.

  11. conscience

    "Anybody else read this sort of thing and thinking about buying Kaspersky antivirus?"

    Yes. If Kaspersky had a version for Linux I would definitely be interested in buying it.

    1. Anonymous Coward
      Anonymous Coward

      If Kaspersky had a version for Linux I would definitely be interested in buying it.

      Well, <a href="https://www.kaspersky.com/small-to-medium-business-security/endpoint-linux>they actually do</a>, and have been for years - this is not the only Linux product either.

    2. Anonymous Coward
      Anonymous Coward

      I didn't think you needed anti-virus on Linux?

      1. T. F. M. Reader Silver badge

        @AC: I didn't think you needed anti-virus on Linux?

        As one fairly common use case, assume you run a Linux mail server - wouldn't you want to scan mail for viruses that may reach Windows client machines in your organization?

  12. This post has been deleted by its author

  13. Anonymous Coward
    Anonymous Coward

    The correct action for the REST of the world ..

    .. is not to EXPLICITLY install Kaspersky.

    By the exact same logic, it is definitely NOT a good idea to install any product of US origin now. Even if you are in the US yourself.

    Kaspersky has refused to whitelist government spyware for years, which I see as the real motive to get them out of the door. If they really were so against Russia, Trump would have been ejected months ago.

    1. Anonymous Coward
      Anonymous Coward

      Re: The correct action for the REST of the world ..

      I apologise for a mistype I only just spotted. Duh.

      The correct sentence should read:

      The correct action for the REST of the world is now to EXPLICITLY install Kaspersky

  14. keith_w Bronze badge

    Many years ago I had the opportunity to install a copy of Kaspersky's AV. It asked for so much personal information including address, and as I recall, date of birth, that I said what the heck (ok, not heck) is this baloney, (ok, not baloney, but another B word) why the heck (again, not heck) do they need this info and cancelled the install.

  15. Anonymous Coward
    Anonymous Coward

    Kaspersky is a scam

    I have no sympathy for them. Would like it if they were blocked from doing business in the US seeings my wife has been charged 100 dollars for the last 3 years by them for a product she doesn't have. How do you block them from charging your credit card? I don't even know.

    1. Paul Smith

      Re: Kaspersky is a scam

      Perhaps instead of disrespecting Kaspersky, you could take a moment to find out how your (and your wife's) credit cards work. It is a lot easier then installing a good AV.

      1. Fruit and Nutcase Silver badge
        Coat

        Re: Kaspersky is a scam

        @Paul Smith

        find out how your (and your wife's) credit cards work.

        Easy - She spends, you pay.

    2. Anonymous Coward
      Anonymous Coward

      Re: Kaspersky is a scam

      How do you block them from charging your credit card? I don't even know.

      You tell the CC company. Also, Kaspersky is fairly easy to reach so you really haven't tried.

  16. Mystic Megabyte Silver badge
    Linux

    Wormold

    I'm going to install Kaspersky (Linux version) and send myself an email with plans attached for a giant vacuum cleaner that's labelled "Top Secret". Suck on that Ruskies!

    1. Stevie Silver badge

      Re: Wormold

      Mystic Megabyte, I accuse you of being Alec Guinness and claim my five pounds.

  17. Stevie Silver badge

    Bah!

    Section 1642 commands there be a Commander commanding cyber command in a command capacity.

  18. Anonymous Coward
    Anonymous Coward

    Strange World

    Check Point firewalls utilize a Kaspersky A/V engine. Recall they are a Israeli company and there is little love lost between Israel and Russia.

    Further, the US Dept of Defense continues to list Check Point devices on their approved product list: https://aplits.disa.mil/processAPList.action

  19. amanfromMars 1 Silver badge

    If IT were Too Simple, Anyone Could Lead Everyone Anywhere and Everywhere

    Surely the new modern post era concern and/or areas of more abiding interest for both State and Non-State Intelligence Agencies, is not so much the keeping secret of Top Secrets/Sensitive Compartmented Information, which they may or may not have and be using to ensure definite self advantage, but the greater sharing of such secrets with all and/or a Chosen Few ...... for Beta IntelAIgent Surfing of SMARTR Waves on World Wide Webs which deliver with/for AI, More Perfect Virtually Realised Futures.

    A Quantum Communications Leap for Reality into New Virtualisation Fields which Produce and Propagate, Present and Provision for Future Global Picture ProMotions with Remotely Controlled Advanced IntelAIgent Programming of Alien Assets/Novel Goods/Immaculate Source.

    Or do you not think, and think the the Future appears all by itself, with paths and words to follow presenting themselves without vast aforethought by SMARTR Wave Riders, to be shared by an Almighty Magic?

    That is just too unbelievable to be acceptable as true and an honest reflection of the state of Current Play in Virtualised Reality Fields ...... Live Operational Virtual Environments.

    And now the news is El Registered here for your pleasure, what would you like IT and AI to do next for you?

    1. amanfromMars 1 Silver badge

      Re: If IT were Too Simple, Anyone Could Lead Everyone Anywhere and Everywhere

      And selflessly shared here for enlightened peer to frightened peer review and superbug hunt ...... if you be up for and up to the task.

      Pathetic indifference and embedded ignorance are such catastrophic systemic hurdles to overcome for magical progress, are they not? Or be they just simple colossal 0day vulnerabilities to exploit and expose as an AIRoot with route mapping facilities/virtual travel enabling abilities?

  20. Anonymous Coward
    Anonymous Coward

    If my government says:

    If my government says:

    you don't need rights on the internet, you need rights on the internet

    you need this vaccination, you don't need it

    you must buy over priced insurance, you are boned.

    you don't need a gun, you will need a gun

    we aren't spying on you, they are spying on you

    your food is safe, your food isn't safe

    it isn't lying to you, it's lying to you

    you can't have Kaspersky, you need Kaspersky

    It isn't in the middle east for oil companies benefit, you get the picture.

  21. conundrum

    cry babies

    Everyone seem to be forgetting the most important dynamic here, supplier and customer. The US is Kaspersky’s customer it is not obligated to be a customer for life, which is what some are implying. So the US made it official that Kaspersky will not be used and many of you lose your mind. Guess what, they are pay the bill it is their right to stop using the product. The US does not trust the Russian government and a news flash for you all neither does Kaspersky both pre and post divorce. If you are a Kaspersky partner you pay for your licenses through intermediary banks to a holding company on the Isle of Mann, so yes even Kaspersky knows not to trust the Russian government and make sure all that lovely cabbage is far out of the reach of the government. That way in case they need to run they will still be rich. How do I know this simple I was a Kaspersky business partner and have had drinks with Eugene and Natalia, both of who are very nice people.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020