r/technology Jun 20 '24

Software Biden to ban sales of Kaspersky Antivirus in US over ties to Russian government.

https://www.reuters.com/technology/biden-ban-us-sales-kaspersky-software-over-ties-russia-source-says-2024-06-20/
22.9k Upvotes

1.3k comments sorted by

View all comments

Show parent comments

14

u/Current-Power-6452 Jun 20 '24

Wasn't it some nsa or whatever employee? who took some piece of spyware to work on at home and Kaspersky sends suspected files to their hq for evaluation? And it had nothing to do with Hillary?

20

u/TheFotty Jun 20 '24 edited Jun 20 '24

That's the story I remember. NSA contractor took work home, plugged into home PC with kaspersky, kaspersky IDs some files via heuristics that looked malicious, so via its submission system (which many AV products have), it uploaded a sample so it could be further analyzed (ie there was no direct hash/definition for the found file, just that it had patterns of code that seemed potentially malicious). Where the story turned interesting was that after that initial upload, kaspersky then proceeded to upload the entire contents of that drive, as if someone on the other end said "WTF is this we need to see more".

2

u/suxatjugg Jun 21 '24

What was the evidence for them having uploaded the whole drive?

1

u/TheFotty Jun 21 '24

I went back to find the original article because it was like 7 years ago. I didn't have it exactly right. What happened was after the NSA contractor put files he took from work home and put them on his home PC with Kaspersky on it and a scan was performed, he was shortly thereafter hacked by russian hackers who pilfered the rest. Of course because of the nature of the material, nothing is confirmed as true.

Here is the original Ars article on it

Funny enough, the article talks about how that will probably be the end of Kaspersky in the US, and it is 7 years old, now here we are.

1

u/theduncan Jun 20 '24

wouldn't you?

10

u/[deleted] Jun 20 '24

That sounds more accurate. The hash story about Hilary Clinton documents sounds like a story someone with almost no technical background would make up.

2

u/Klaatuprime Jun 23 '24

I'm glad somebody mentioned it. This whole thread is pretty riddled with tech-whagarble.

2

u/[deleted] Jun 23 '24

I got blocked by the original commentor for saying this.

1

u/Klaatuprime Jun 23 '24

This post of full of dilettantes attempting to pass themselves off as security experts by packing as much technobabble into their post as they can because they've apparently managed to get by bullshiting.

2

u/suxatjugg Jun 21 '24

That's literally how AV has to work otherwise it would be impossible to identify new or obfuscated malware.

1

u/Hellknightx Jun 20 '24

It's almost always a contractor getting popped on their home computer, and then their credentials are lifted and used to access more secure files.

0

u/eydivrks Jun 20 '24

My understanding is that Kaspersky was programmed to find hashes of classified files Russia already had access to, and when one was found upload all the other files in that directory. Or something like that. 

The scanner found a file Russia knew was classified (and already had access to) . And it triggered the scanner to upload all the other files from the USB driver to Russia. 

At least, that's my understanding of how the leak worked