US officials believe Russian hackers have used Kaspersky software to spy on Americans, but Positive-a smaller company selling different products and services-has no equivalent. There are few better intelligence collection tools than an antivirus, software which is purposely designed to see everything happening on a computer, and can even take control of the machines it occupies. Kaspersky has always denied a special relationship with the Russian government.īut one factor that sets Kaspersky apart from Positive, at least in the eyes of American intelligence officials, is that Kaspersky sells antivirus software to western companies and governments. The biggest Russian cybersecurity company, Kaspersky, has been under fire for years over its relationships with the Russian government-eventually being banned from US government networks. Thursday’s announcement is not the first time that Russian security companies have come under scrutiny. It pointed out that there is “no evidence” of wrongdoing and said it provides all vulnerabilities to software vendors “without exception.” Tit for tat One day after the sanctions announcement, Positive issued a statement denying “the groundless accusations” from the US. NSA director of cybersecurity Rob Joyce said the companies being sanctioned "provide a range of services to the SVR, from providing the expertise to developing tools, supplying infrastructure and even, sometimes, operationally supporting activities,” Politico reported. The company’s marquee annual event, Positive Hack Days, was described in recent US sanctions as “recruiting events for the FSB and GRU.” The event has long been famous for being frequented by Russian agents. US intelligence has concluded that Positive did not just discover and publicize flaws, but also developed offensive hacking capabilities to exploit security holes that it foundįormer US officials say there is a tight working relationship with the Russian intelligence agency FSB that includes exploit discovery, malware development, and even reverse engineering of cyber capabilities used by Western nations like the United States against Russia itself. Such practices are illegal in the western world: American private military contractors are under direct and daily management of the agency they’re working for during cyber contracts. Tight working relationshipĪmerican intelligence agencies have long concluded that Positive also runs actual hacking operations itself, with a large team allowed to run its own cyber campaigns as long as they are in Russia’s national interest. One former American intelligence official, who requested anonymity because they are not authorized to discuss classified material, described the relationship between companies like Positive and their Russian intelligence counterparts as “complex” and even “abusive.” The pay is relatively low, the demands are one-sided, the power dynamic is skewed, and the implicit threat for non-cooperation can loom large. Much of what Positive does for the Russian government’s hacking operations is similar to what American security contractors do for United States agencies. Privately, the US has concluded that Positive did not just discover and publicize flaws in the system, but also developed offensive hacking capabilities to exploit security holes that were then used by Russian intelligence in cyber campaigns. In a public demonstration for Forbes, Positive showed how it can bypass encryption by exploiting weaknesses in SS7. One area that’s stood out is the firm’s work on SS7, a technology that’s critical to global telephone networks. But according to previously unreported US intelligence assessments, it also develops and sells weaponized software exploits to the Russian government. The company is open about some of its links to the Russian government, and boasts an 18-year track record of defensive cybersecurity expertise including a two-decade relationship with the Russian Ministry of Defense. The public side of Positive is like many cybersecurity companies: staff look at high-tech security, publish research on new threats, and even have cutesy office signs that read “stay positive!” hanging above their desks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |