The rapidly evolving story about Moscow-based Kaspersky Lab’s involvement in helping Russian government hackers steal sensitive National Security Agency materials has taken yet another turn, as The Wall Street Journal reports that the assistance could have come only with the company’s knowledge.
Wednesday’s report, citing unnamed current and former US officials, said the help came in the form of modifications made to the Kaspersky antivirus software that’s used by more than 400 million people around the world. Normally, the programs scan computer files for malware. “But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as ‘top secret,’ which may be written on classified government documents, as well as the classified code names of US government programs, these people said.”
The report is the latest to detail a 2015 event in which an NSA worker—described as a contractor by the WSJ and an employee in articles from The Washington Post—sneaked classified materials out of the agency and onto an Internet-connected computer that had Kaspersky AV installed on it. The WSJ, WaPo, and The New York Times have all reported that hackers working for the Russian government were able to home in on the documents with the help of the Kaspersky software.
On Tuesday, the NYT was first in reporting that NSA officials first learned of the help provided by Kaspersky AV from Israeli intelligence officials who had hacked into Kaspersky’s corporate network and witnessed the assistance in real time.
Wednesday’s report is the first to explicitly say the assistance wasn’t the result of a covert hack or the exploitation of an inadvertent weakness but rather likely came with the knowledge of at least one Kaspersky official.
“There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” the WSJ quoted a former US official with knowledge of the 2015 event saying. The official went on to explain that the Kaspersky software was designed in a way that it would have had to be programmed to look for specific keywords. Kaspersky employees, the official continued, “likely” would have known such a thing was happening. The evidence, Wednesday’s report said, has now caused many US officials to believe the company was a “witting partner” in locating the materials on the home computer.
In a statement issued Wednesday, Kaspersky officials wrote:
Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems.
The company has long maintained it has no inappropriate ties to any government, including Russia’s, and vigorously defends against all malware threats.
Meanwhile, Reuters reported that German officials had no evidence to back the reports Kaspersky AV played a role in the theft of the NSA materials and had no plans to warn against the use of the software. Last month, the US Department of Homeland Security took the unprecedented step of banning all federal government agencies and departments from using any Kaspersky goods or services.
The WSJ went on to report that US intelligence agencies spent months studying and experimenting with Kaspersky software to see if they could trigger it into behaving as if it had discovered classified materials on a computer being monitored by US spies. “Those experiments persuaded officials that Kaspersky was being used to detect classified information,” Wednesday’s report said.
By Dan Goodin for ARS Technica
Statistics from the South African Fraud Prevention Service (SAFPS) show that identity theft has increased by 200% over the past six years.
Manie van Schalkwyk, the executive director of the SAFPS, says you should avoid “investment” schemes that promise unrealistic returns.
“Consumers also regularly fall victim to several types of advance-fee fraud and often divulge their personal details in the hope of winning a prize in a competition that they never entered,” Van Schalkwyk says.
He says you should do the following to prevent your identity from being stolen:
• Treat your identity document, driver’s licence and personal documents as you would cash. Do not leave them lying around the house or in your car.
• Shred documents before throwing them away.
• Clear your letterbox regularly, particularly if you live in a complex where letterboxes are accessible to a number of people.
• Do not click on URLs (links to websites) in SMSes or emails unless you have initiated the transaction and are certain they are from an authentic source.
• Be cautious about sharing your personal information, particularly when applying for services online.
If you lose your identity document or credit card, Van Schalkwyk says you should contact the SAFPS to apply for protective registration on its database.
“The benefit of protective registration is that all member organisations, including banks, clothing and furniture retailers, and some insurance companies, have access to the SAFPS database, and any identity theft or fraud will be flagged and can be prevented. This is a free service.”
To apply for protective registration, SMS the word “Protectid” to 43366, phone 011 867 2234 or 0860 101 248, or email email@example.com
The hashtag #datamustfall is currently trending on Twitter where people are calling for an end to high data prices.
Consumers have once again become fed up with the high cost of mobile data in South Africa.
Apart from the cost of data, users are also complaining that cellular providers should not be able to set “expiry” dates on data – and that once purchased, data should be the users’ to keep.
A recent Facebook post on the matter went viral when it was shared over 7 500 times, sparking a resurgence in the anger towards SA’s main providers: Cell C, MTN, Vodacom and Telkom.
The questions consumers are now asking revolve around whether this is tantamount to theft, and what impact it has on the country’s small businesses – and the poorest sections of society.
Poet and activist Ntsiki Mazwai has called on South Africans to boycott all social media platforms from midnight.
The social media blackout campaign has the following aims:
“The social media blackout is a campaign that is aimed at lowering data prices. Data costs are obscene and are not affordable for people on the ground. We want to bring attention to this issue; we want to engage government and cellular network companies.”
Mazwai says that from midnight people should log off social media.
“We don’t buy data for 24 hours, we will meet back on social media the following day to discuss the way forward. Why should data expire after 30 days when you’ve paid for it?”
She has encouraged people to take part in the campaign because it is too expensive to access information.
“We keep talking about #feesmustfall but how must students access information or hand in assignments if data costs are so high? This has a negative impact on entrepreneurs and our families because we can’t communicate with them.”
Mazwai has further called on the country to unify for a good cause.
Refilwe Pitjeng for EWN; My Office News
In a piece of advice that seemingly contradicts everything else we’ve ever heard, GCHQ has recommended you should change your password less often.
According to the spy agency’s cybersecurity arm, forcing people to change their passwords regularly is ineffectual, because they are likely to choose a new password that is very similar to the old one.
They are also more likely to write the new password down, for fear of forgetting it. This increases the risk of the password falling into the wrong hands.
“Attackers can exploit this weakness,” says the Communications-Electronics Security Group (CESG). “The new password may have been used elsewhere, and attackers can exploit this too.”
Instead of forcing a changed password at regular intervals, it recommends organisations provide users with information on when their account was last activated.
GCHQ says sticking to the same password for a long time – unless it’s something like ABC123 – is a good idea.
The news comes as a new study into online privacy reveals that one in three Brits secretly know their partner’s passwords .
The survey by money-saving website VoucherCodesPro has revealed the UK’s attitude to trusting loved ones with our passwords .
It discovered that almost three quarters of us have looked through social media messages on someone else’s account without their permission.
The team responsible for the study polled 2,211 UK adults between 18 and 45 who have been in their current relationship for at least two years.
Initially respondents were asked if their partner let them access their social media channels when they wanted to; 51% of respondents stated they did. Respondents were then asked if their partner had let them know their password for social media channels, 21% stated they had.
Following straight on from this, all respondents were then asked if they knew their partner’s password without them being aware of this – with 34% stated they did.
Researchers asked these participants how it was they found their partners password out, 59% stated they ‘guessed’ it, 37% said they ‘keyboard watched’ and the remaining 4% asked their partner’s friends.
As to what those sneaky snoopers got up to once they’d accessed their partner’s accounts – the researchers provided a list:
- Looked through social media messages – 74%
- Looked through the photo gallery – 59%
- Looked through emails – 54%
- Looked through browser history – 46%
- Looked through bank statements – 39%
George Charles, spokesperson for www.VoucherCodesPro.co.uk , made the following comments regarding the study:
“Being open with your partner is incredibly important and snooping at their social media channels or any private documentation just isn’t the way to achieve a healthy relationship,” said George Charles, a spokesperson for VoucherCodesPro.
“Knowing your partner’s password without their knowledge will only lead to trouble. It suggests you are looking for something and if you look hard enough, you will always find something to convince you that your fear is real.”
By Jeff Parsons for www.mirror.co.uk
Copiers can retain sensitive data on their built-in hard drives. The security risks associated with this are great. Copier Secrets, one of the topics covered on Carte Blanche on 30 August, caused a stir on social media platforms as people expressed alarm at the idea of their data and secrets being stolen and used for nefarious purposes.