Kaspersky’s role in NSA breach

Russian hackers had used Kaspersky software to identify classified files on the NSA contractor’s home computer, which they then stole, it said.
It later emerged Kaspersky had also copied files off the PC itself.

…On 11 September 2014, the company said, one of its products deployed on a home computer with an internet protocol (IP) address in Baltimore, Maryland – close to where the NSA is based – had reported what appeared to be variants of the malware used by the Equation Group.

…Soon after, the user had disabled the Kaspersky Lab anti-virus tool and downloaded and installed pirated software infected with another, separate form of malware.

…Kaspersky denies creating “signatures” specifically designed to search for top secret or classified material.

…And during this period the command-and-control servers of this malware were registered to what appeared to be a Chinese entity.
“Given that system owner’s potential clearance level, the user could have been a prime target of nation states,” the Kaspersky spokesman said.
US federal agencies have now been told to remove all Kaspersky software from their computers.

Kaspersky defends its role in NSA breach – BBC News



Microsoft to NSA: WannaCry is your fault 

Microsoft’s top lawyer has blamed the government’s stockpiling of hacking tools as part of the reason for the WannaCry attack, the worldwide ransomware that has hit hundreds of thousands of systems in recent days.

Brad Smith, president and chief legal officer, pointed out that WannaCrypt is based on an exploit developed by the National Security Agency (NSA) and renewed his call for a new “Digital Geneva Convention,” which would require governments to report vulnerabilities to vendors rather than stockpile, sell, or exploit them.

…Smith said he hopes the recent WannaCry attack will change the minds of government agencies and stop developing hacking tools in secret and holding them for use against adversaries, especially since the technology for WannaCry was stolen from the NSA.

Microsoft to NSA: WannaCry is your fault | Network World


Trump vacancy raises consternation with Europe

A key vacancy in the State Department is creating friction between the European Union and United States over a new agreement affecting thousands of U.S. companies that do business in Europe.

The agreement, known as the privacy shield, allows businesses to swiftly send personal data across the Atlantic, something that affects a huge swath of U.S. companies, from Facebook and Apple to Netflix and Google.

Without the shield, companies that operate in Europe would have to enter into special contracts to transfer personal data.

EU officials are worried that the Trump administration has yet to nominate an ombudsman at the State Department to oversee complaints from Europeans about the access U.S. national security agencies may have to their data.

Trump vacancy raises consternation with Europe | TheHill