Tuesday, October 31, 2017

The Year of Transparency

I'm just going to quote a small section here of Rob Graham's blog on Kaspersky, ignoring all the stuff where he calls for more evidence, like everyone does, because it's boring and irrelevant.
I believe Kaspersky is guilty, that the company and Eugene himself, works directly with Russian intelligence.

That's because on a personal basis, people in government have given me specific, credible stories -- the sort of thing they should be making public. And these stories are wholly unrelated to stories that have been made public so far.

There's a lot to read from the Kaspersky press release on the subject of their internal inquiry. But the main thing to read from it is that the US information security community has already had a master class on Russian information operations and yet the Russians still think we will fall for it.

If any of you have a middle schooler, you know that they will gradually up the veracity of their lies when they get caught skipping school. "I was on time"->"I was a bit late"->"I missed class because I was sick"->"I just felt like playing the new Overwatch map so I didn't go to school."

In the Kaspersky case we are led to believe that Eugene was completely caught out by these accusations, and at the same time that someone in 2014 brought to him a zip file full of unreleased source code for NSA tools which he immediately ordered deleted without even looking at it and without asking any detailed questions about the matter.

This is what all parents call: Bullshit.

The US likely has multiple kinds of evidence on KasperskyAV:

  • SIGINT from the Israelis which has KEYLOGS AND SCREENSHOTS of bad things happening INSIDE KASPERSKY HQ (and almost certainly camera video/audio which are not listed in the Kaspersky report but Duqu 2.0 did have a plugin architecture and no modern implant goes without these features)
  • Telemetry from various honeypots set up for Kaspersky analysis. These would be used to demonstrate not just that Kaspersky was "pulling files into the cloud" but HOW and WHEN and using what sorts of signatures. There is a difference to how an operator pulls files versus an automated system, to say the least. What I would have done is feed the Russians intel with codewords from a compromised source and then watched to see if any of those codewords ended up in silent signatures.
  • HUMINT, which is never ever mentioned anywhere in any public documents but you have to assume the CIA was not just sitting around in coffee bars wearing tweed jackets all this time wondering what was up with this Kaspersky thing they keep reading about. Needless to say the US does not go to the lengths it has gone to without at least asking questions of its HUMINT team?
I know the Kaspersky people think I have something against them, which I do not, or that I have inside info, which I also do not. But the tea leaves here literally spell the hilarity out in Cyrillic, which I can, in fact, read. 

No comments:

Post a Comment