RSS
Словарь компьютерных терминов    1_9  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z   .....  A  Б  В  Г  Д  Ж  З  И  К  Л  М  Н  О  П  Р  С  Т  У  Ф  Х  Ц  Ч

SYSTEM
 Windows10
  Registry Windows 10
  Windows 10 tweaks & tricks
Windows8
Tweaks & tricks
  Network settings
  Registry
Windows7
Windows7: General settings
  Windows7: Registry
  Windows7: Registry faq
  Windows7: Network settings
  Windows7: Security
  Windows7: Firewall
  Windows7: Compatibility Mode
  Windows7: Administrator Password
Windows NT/2K/XP/VISTAWindows NT/2K/XP/VISTA
Win 2K faqWin 2K faq
  Win 2K(kernel & MEM.managment)
  Win 2K и XP (Securit)
  Win 2K и XP (Boot)
  Win 2K и XP (Install)
  Win 2K и XP (Admin)
  Win 2K и XP (File system)
  Win 2K и XP (Services)
  Win 2K & XP optim & tweak
  Win XP faq
  Win XP faq #2
  Win XP faq (net)
  Win XP faq (lan)
  Win XP recover & recovery console
  WinXP & ntfs
  WinXP & game faq
  Win PE
  Win Vista
  Win Vista FAQ
  Win Server tweaks
RegistryRegistry
Reg WIN2K/XP faq
Reg WIN2K/XP faq #2
Reg NT/XP: Structure
Reg XP: Restore & backup
Reg XP: Costumize XP
Reg XP: Inet
Reg NT/XP: SAM
Reg: Inet & LAN
BIOSBIOS
BIOS faq
BIOS recover
BIOS #
computer ambulance

Kaspersky Shares More Details on NSA Incident


The Wall Street Journal reported last month that hackers working for the Russian government stole information on how the U.S. penetrates foreign networks and how it defends against cyberattacks. The files were allegedly taken in 2015 from the personal computer of an NSA contractor who had been using a security product from Kaspersky Lab.

The WSJ article suggested that Kaspersky either knowingly helped the Russian government obtain the files or that the hackers exploited vulnerabilities in the company’s software without the firm’s involvement.

In a preliminary report, Kaspersky said the incident referenced in the WSJ article likely took place in 2014, when the company was investigating malware used by the Equation Group, a threat actor later associated with the NSA.

In a more technical report published on Thursday, Kaspersky said the incident likely occurred between September 11, 2014 and November 17, 2014 – the security firm believes WSJ’s source may have mixed up the dates.

In September 2014, Kaspersky’s products detected malware associated with the Equation Group on a device with an IP address pointing to the Baltimore area in Maryland. It’s worth noting that the NSA headquarters are in Fort Meade, Maryland, less than 20 miles from the city of Baltimore.

The Kaspersky product present on the device automatically sent an archive containing the suspected malware files back to the company’s systems for further analysis. The said archive contained source code for Equation malware, along with four documents with classification markings (e.g. secret, confidential).

The Kaspersky analyst who found the archive informed the company’s CEO of its content and the decision was made to remove the files from its storage systems.

So is it possible that the classified files were somehow obtained by Russian actors from Kaspersky’s systems? The firm denies spying for the Russian government and claims the data was removed from its systems – only some statistics and metadata remain – but it cannot guarantee that its employees handled the data appropriately.

“We cannot assess whether the data was ‘handled appropriately’ (according to US Government norms) since our analysts have not been trained on handling US classified information, nor are they under any legal obligation to do so,” the company said.

While Kaspersky admitted that its systems were breached in 2015 by a threat group linked to Israeli intelligence, the company said it found no evidence that the NSA files left its systems.

As for the assumption that Kaspersky’s products may have been specifically configured to look for secret files on the systems they were installed on, the company said all the signatures for retrieving files from a user’s device are carefully handled and verified by an experienced developer, and there is no evidence that anyone created a signature for files marked “secret” during the Equation investigation.

The company determined that an analyst did create a signature for files with names that included the string “secret,” but it was for a piece of malware associated with the TeamSpy espionage campaign. The signature included a path specific for that malware to avoid false positives.

Another possible scenario is related to the fact that the device of the NSA contractor got infected with malware after the Kaspersky antivirus was disabled. The security product was temporarily disabled when the user attempted to install a pirated copy of Microsoft Office using a known activation tool.

After the antivirus was re-enabled, Kaspersky detected 121 threats on the system. The malware associated with the Office activation tool was Smoke Bot (aka Smoke Loader), which had been sold on Russian underground forums since 2011. At the time of the incident, the malware communicated with servers apparently set up by an individual located in China.

Kaspersky says it’s also possible that the contractor’s computer may have been infected with stealthy malware from a sophisticated threat actor that was not detected at the time.

Several recent media reports focused on Kaspersky’s alleged connection to the Kremlin, which has led to many U.S. officials raising concerns regarding the use of company’s products. As a result, the Department of Homeland Security (DHS) has ordered all government agencies to identify and remove the firm’s products, despite the apparent lack of evidence supporting the claims.

In an effort to clear its name, Kaspersky announced the launch of a new transparency initiative that involves giving partners access to source code and paying significantly larger bug bounties for vulnerabilities found in the firm’s products.


Магазин цифровой техники | Новинки магазина | Микроформаты и микроданные | Типографика в онлайн-текстах | Защита от DDoS-атак | Как добиться хорошего индексирования? | Интерактивная поисковая выдача | Использование виджетов на сайте | Эффективный e-mail-маркетинг | Оформление страницы контактов | Обратная связь с клиентами | Как завоевать доверие клиентов | Оптимизация содержимого тегов title, description, keywords | | Особенности работы с большим семантическим ядром | Руководство по социальным кнопкам | Особенности продвижения коммерческих сайтов в Яндексе | Продвижение блогов | Оптимизация сайтов на платформе WordPress | Основы таргетированной рекламы в соцсетях | Оптимизация видео на YouTube для поисковых систем | Ретаргетинг и ремаркетинг | Приемы продающей рассылки | Яндекс Метрика и Google Analytics: настройка целей | Контекстная реклама: как составить эффективное объявление | Особенности контекстной рекламы для интернет-магазинов | Правила эффективного отбора доноров в ссылочных биржах | Шпионаж — двигатель маркетингового прогресса | Технологии реферального маркетинга: от простых к высокодоходным | Статейное продвижение сайта | Тизерная реклама: принципы работы, фишки, эффективность | SEO-продвижение сообществ ВКонтакте | Контентный маркетинг | Технология RTB | Что такое сквозные ссылки | Влияние ссылок на поисковую выдачу | Оценка эффективности контекстной рекламы  | Влияние триггеров на целевые действия пользователей |   | Продвижение мобильных приложений: внешние факторы | Продвижение мобильных приложений: поисковая оптимизация | Сотовые телефоны | Magic Money | Горячая линия бесплатной юридической консультации | Благотворительность

На главную | Cookie policy | Sitemap

 

po gonn © 2004