Kaspersky pulls plug on Europol joint venture after EU parliament vote to ban its software

Fresh political woes for Russian security firm Kaspersky, which has reacted angrily to a vote in the European Union Parliament last week to ban its software — on the grounds that it has been “confirmed as malicious“.

Kaspersky denies this characterization of its software, saying it’s “untrue”.

It has also retaliated by pulling the plug on an existing collaboration with Europol, at least temporarily.

In a statement, a company spokesperson said: 

Today, the European Parliament voted on a report in which Polish representative, MEP Fotyga included an amendment referencing Kaspersky Lab which is based on untrue statements. Although this report has no legislative power it demonstrates a distinct lack of respect for the company which has been a firm friend of Europe in the fight against cybercrime. It is for that reason that Kaspersky Lab has taken the difficult decision to temporarily halt our numerous collaborative European cybercrime-fighting initiatives, including that with Europol, until we receive further official clarifications from the European Parliament .

On account of this news, we will regretfully have to pause one of our successful joint initiatives – NoMoreRansom project – recognised by the European Parliament Research Services as a successful case of public-private cooperation in their recent report – helped many organisations and users to decrypt files on their devices, saving them from financial losses. We hope to be able to resume this and other European collaborative efforts soon.

Founder Eugene Kaspersky added that the company has been “forced to freeze” its co-operation as a result of the parliament’s vote.

“This decision from the European Parliament welcomes cybercrime in Europe. I do not wish to do anything to further encourage the balkanization of the internet, but I feel that the decision taken in Europe leaves me with no choice but to take definitive action. Kaspersky Lab has only ever tried to rid the world of cybercrime. We have showed time and again that we disclose cyber threats regardless of origin and author, even to our own detriment. This is a setback for the fight against cyber threat, but we remain undeterred in our mission – to save the world from Cybercrime,” he also said in a statement.

The security firm has been battling controversy for around a year now, after the US government became suspicious of ties between the company and Russian intelligence agencies — and went on to ban its products for government use in September last year.

Kaspersky has continued to deny the allegations. But in May this year it announced it would be moving some of its core infrastructure outside Russia in a bid to combat suspicion that its software has been hacked or penetrated by the Russian government and used as a route for scooping up US intelligence.

It reiterates the steps it has been taking — “as a sign of our commitment to transparency and openness” — in its response to the EU parliament’s vote, but also lashes out, accusing the parliament of taking a decision that “encourages cybercrime in Europe”.

“We believe that is does not contribute towards building an open and secure Digital Single Market but rather make it more fragmented and less competitive,” it also writes.

Our 400 million users around the globe, trust us to protect their data. We will continue to successfully work with institutions and organisations to deliver a tangible positive impact by fighting cybercrime and defending European and global citizens from cyberthreats. Indeed, in April the European Commission officially stated that ‘the Commission has no indication for any danger associated with this anti-virus engine’.”

Despite its aggressive response to the EU parliament’s motion, the company adds that it remains “willing to meet with MEPs to address any questions about the business, its leadership, expertise, technologies and methodology that they may have”.

During the vote last week, the parliament also resolved to perform “a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices”.

Apple approves first Telegram update since Russia ban

Apple has finally rolled out the latest version of Telegram on the App Store, a day after company chief Pavel Durov said that the tech giant has been blocking its updates since April. Telegram version 4.8.2 will make the app GDPR-compliant — somethi…

Canadian Yahoo hacker gets a five year prison sentence

After pleading guilty in November, the Canadian hacker at least partially to blame for the massive Yahoo hack that exposed up to 3 billion accounts will face five years in prison. According to the Justice Department, the hacker, 23-year-old Karim Baratov, worked under the guidance of two agents from the FSB, Russia’s spy agency, to compromise the accounts.

Those officers, Dmitry Dokuchaev and Igor Sushchin, reside in Russia as does Latvian hacker Alexsey Belan who was also implicated in the Yahoo hack. Given their location, those three are unlikely to face consequences for their involvement, but Baratov’s Canadian citizenship made him vulnerable to prosecution.

“Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to his coconspirator who was working for the FSB and send those accounts’ passwords to Dokuchaev in exchange for money,” the Justice Department described in its summary of Baratov’s sentencing.

Acting U.S. Attorney for the Northern District of California Alex G. Tse issued a stern warning to other would-be hackers doing a foreign government’s dirty work:

“The sentence imposed reflects the seriousness of hacking for hire. Hackers such as Baratov ply their trade without regard for the criminal objectives of the people who hire and pay them. These hackers are not minor players; they are a critical tool used by criminals to obtain and exploit personal information illegally. In sentencing Baratov to five years in prison, the Court sent a clear message to hackers that participating in cyber attacks sponsored by nation states will result in significant consequences.”

In addition to his prison sentence, Baratov was ordered to pay out all of his remaining assets up to $2,250,000 in the form of a fine. As part of his plea, Baratov also admitted to hacking as many as 11,000 email accounts between 2010 and his arrest in 2017.

Baratov’s crimes include aggravated identity theft and conspiracy to violate the Computer Fraud and Abuse Act.

Russia Demands Apple Remove Telegram From Russian App Store

The Russian government has asked Apple to help it block Telegram, the secure messaging app that’s highly popular in the country, reports WCCFTech.

A Russian court in April ordered carriers and internet providers in the country to block Telegram back in April, after Telegram refused to provide Russia with backdoor access to user messages.



Telegram, for those unfamiliar with the app, offers end-to-end encryption for secure messaging purposes. With end-to-end encryption, no one, not even Telegram, can access the messages that are sent between users.

Despite issuing the block order back in April, Russia has only been able to disrupt Telegram’s operations in the country by 15 to 30 percent.

Given the government’s inability to block the app, Roskomnadzor, the division of the government that controls media and telecommunications, has demanded that Apple remove the Telegram app from the Russian App Store. The group first asked Apple to remove the app in April, but is appealing to Apple again.

“In order to avoid possible action by Roskomnadzor for violations of the functioning of the above-mentioned Apple Inc. service, we ask you to inform us as soon as possible about your company’s further actions to resolve the problematic issue,” the regulator wrote.

Roskomnadzor has given Apple one month to remove the Telegram app from the App Store. Roskomnadzor’s director Alexander Zharov said he did not want to “forecast further actions” should Apple not comply with the request following the 30 day period.

The Russian government said that it needed access to Telegram to read messages and prevent future terror attacks in the country.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Discuss this article in our forums

Russia’s Yandex unveils Plus, a Prime-style service for $2.75/month, ‘Station’ smart speaker and Alice skills

Russian search giant Yandex is sometimes described as the “Google of Russia”, but maybe it should be described as the Amazon of Russia, too.

The company today took the wraps off Yandex.Plus, a service modelled on Amazon Prime that gives users a number of perks for a monthly fee — 169 roubles/month, or about $2.75. On top of that, the company is making its first foray into hardware with a new, $160 smart speaker, Yandex.Station, and a new skills platform, called Yandex.Dialogues, for the Russian-speaking intelligent assistant it unveiled last year, called Alice.

The Station speaker and Plus will be available only in Russia, and the three were all unveiled in Moscow at the company’s annual what’s-new event, which it calls Yet Another Conference.

Plus, which is available now, features include access to streaming service Yandex.Music; storage service Yandex.Disc; discounts for Yandex.Taxi (its Uber-like transportation service, which has partly acquired Uber’s Russian assets and now runs it in a JV); free deliveries and early access to Yandex.Market (an e-commerce marketplace that is in beta); film and TV streaming through its video service KinoPoisk; and expedited services and discounts for Yandex.Drive, its car-sharing service.

(Yandex.Drive’s landing page underscores just how Anglicised the Russian language has become in all things tech, and tech-related: Its big lettering proclaims “Каршеринг” — the Russian transliteration for “Car sharing.”)

The Station speaker, which will go on sale later this summer. was a much-rumored work in progress for the company after it first announced Alice last year.

The new product comes at an important time for Yandex on two fronts: competition from other tech companies across all its services, and specifically competition in its core business of search.

While Amazon with its Echo, Google with its Home device and Apple with its own HomePod all have ambitions to make their own smart speaker plays as international as possible, none of them have to date entered the Russian market, meaning that Yandex has a window of opportunity to build up its own customer base and ecosystem in this area ahead of any of them moving in.

Indeed, that has partly been the company’s strategy from day one. Yandex Search, the company’s first and original (and still core) product launched and gained market share at a time when search engines outside the country either didn’t search in Russian or simply did it poorly.

But with the progress of time, other search engines have started to work much better in the country, and so while Yandex is currently number-one, its market share has slowly eroded to Google — today Yandex has around a 53 percent share to Google’s 43 percent, after a much wider gap years ago. This means also an erosion of the company’s revenues from search, and this, too, is partly also why Yandex has expanded into other market segments, including the ones being announced today: in order to diversify.

Yandex is quick to point out that Station is not just another “me too” product, though.

Station, it says, “is the first smart speaker to incorporate a full video streaming experience” by way of an HDMI output that users can link up to a screen, and then ask Alice to search for and playback videos, movies and television shows Yandex’s own KinoPoisk, ivi and Amediateka (which streams HBO in Russia) and others.

It also works with other music streaming devices via Bluetooth, Yandex says, and has all the basic features that have quickly become the norm with smart speakers: users can set alarms, listen to music, news and weather, and use the Station as a diversion for children, with story telling and other features.

As for Dialogues, the service was in beta testing for three months before now, and the idea is very similar to the skills that can be created for Amazon’s Alexa. Developers of third-party apps can integrate them into Alice so that people can use those apps with a voice interface, and also when using Alice to call up information or order things.

To sweeten the deal, Yandex says that the Dialogues interface will also make results discoverable through Yandex’s text-base search results, too.

Yandex, operating inside of Russia, has always had a much less confrontational relationship with the government than other companies when it comes to how information is stored and potentially accessed by the state. But considering the moves that some of its fellow Russian companies have made, as Yandex continues to move deeper into a wider range of services, it will be interesting to see how and if its position continues to remain this way.

More to come.

 

FBI seizes domain behind major Russian botnet

The FBI has seized a domain linked to what's believed to be a Russian botnet composed of 500,000 infected routers around the world. According to the Department of Justice, the botnet — that is, a network of computers infected with malware — is unde…

Kaspersky to move some core infrastructure out of Russia to fight for trust

Russian cybersecurity software maker Kaspersky Labs has announced it will be moving core infrastructure processes to Zurich, Switzerland, as part of a shift announced last year to try to win back customer trust.

It also said it’s arranging for the process to be independently supervised by a Switzerland-based third party qualified to conduct technical software reviews.

“By the end of 2019, Kaspersky Lab will have established a data center in Zurich and in this facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow,” it writes in a press release.

“Kaspersky Lab will relocate to Zurich its ‘software build conveyer’ — a set of programming tools used to assemble ready to use software out of source code. Before the end of 2018, Kaspersky Lab products and threat detection rule databases (AV databases) will start to be assembled and signed with a digital signature in Switzerland, before being distributed to the endpoints of customers worldwide.

“The relocation will ensure that all newly assembled software can be verified by an independent organization, and show that software builds and updates received by customers match the source code provided for audit.”

In October the company unveiled what it dubbed a “comprehensive transparency initiative” as it battled suspicion that its antivirus software had been hacked or penetrated by the Russian government and used as a route for scooping up US intelligence.

Since then Kaspersky has closed its Washington D.C. office — after a ban on its products for U.S. government use which was signed into law by president Trump in December.

Being a trusted global cybersecurity firm and operating core processes out of Russia where authorities might be able to lean on your company for access has essentially become untenable as geopolitical concern over the Kremlin’s online activities has spiked in recent years.

Yesterday the Dutch government became the latest public sector customer to announce a move away from Kaspersky products (via Reuters) — saying it was doing so as a “precautionary measure”, and advising companies operating vital services to do the same.

Responding to the Dutch government’s decision, Kaspersky described it as “very disappointing”, saying its transparency initiative is “designed precisely to address any fears that people or organisations may have”.

“We are implementing these measures first and foremost in response to the evolving, ultra-connected global landscape and the challenges the cyber-world is currently facing,” the company adds in a detailed Q&A about the measures. “This is not exclusive to Kaspersky Lab, and we believe other organizations will in future also choose to adapt to these trends. Having said that, the overall aim of these measures is transparency, verified and proven, which means that anyone with concerns will now be able to see the integrity and trustworthiness of our solutions.”

The core processes that Kaspersky will move from Russia to Switzerland over this year and next — include customer data storage and processing (for “most regions”); and software assembly, including threat detection updates.

As a result of the shift it says it will be setting up “hundreds” of servers in Switzerland and establishing a new data center there, as well as drawing on facilities of a number of local data center providers.

Kaspersky is not exiting Russia entirely, though, and products for the Russian market will continue to be developed and distributed out of Moscow.

“In Switzerland we will be creating the ‘worldwide’ (ww) version of our products and AV bases. All modules for the ww-version will be compiled there. We will continue to use the current software build conveyer in Moscow for creating products and AV bases for the Russian market,” it writes, claiming it is retaining a software build conveyor in Russia to “simplify local certification”.

Data of customers from Latin American and Asia (with the exception of Japan, South Korea and Singapore) will also continue to be stored and processed in Russia — but Kaspersky says the list of countries for which data will be processed and stored in Switzerland will be “further extended, adding: “The current list is an initial one… and we are also considering the relocation of further data processing to other planned Transparency Centers, when these are opened.”

Whether retaining a presence and infrastructure in Russia will work against Kaspersky’s wider efforts to win back trust globally remains to be seen.

In the Q&A it claims: “There will be no difference between Switzerland and Russia in terms of data processing. In both regions we will adhere to our fundamental principle of respecting and protecting people’s privacy, and we will use a uniform approach to processing users’ data, with strict policies applied.”

However other pre-emptive responses in the document underline the trust challenge it is likely to face — such as a question asking what kind of data stored in Switzerland that will be sent or available to staff in its Moscow HQ.

On this it writes: “All data processed by Kaspersky Lab products located in regions excluding Russia, CIS, Latin America, Asian and African countries, will be stored in Switzerland. By default only aggregated statistics data will be sent to R&D in Moscow. However, Kaspersky Lab experts from HQ and other locations around the world will be able to access data stored in the Transparency Center. Each information request will be logged and monitored by the independent Swiss-based organization.”

Clearly the robustness of the third party oversight provisions will be essential to its Global Transparency Initiative winning trust.

Kaspersky’s activity in Switzerland will be overseen by an (as yet unnamed) independent third party which the company says will have “all access necessary to verify the trustworthiness of our products and business processes”, including: “Supervising and logging instances of Kaspersky Lab employees accessing product meta data received through KSN [Kaspersky Security Network] and stored in the Swiss data center; and organizing and conducting a source code review, plus other tasks aimed at assessing and verifying the trustworthiness of its products.

Switzerland will also host one of the dedicated Transparency Centers the company said last year that it would be opening as part of the wider program aimed at securing customer trust.

It expects the Swiss center to open this year, although the shifting of core infrastructure processes won’t be completed until Q4 2019. (It says on account of the complexity of redesigning infrastructure that’s been operating for ~20 years — estimating the cost of the project to be $12M.)

Within the Transparency Center, which Kaspersky will operate itself, the source code of its products and software updates will be available for review by “responsible stakeholders” — from the public and private sector.

It adds that the details of review processes — including how governments will be able to review code — are “currently under discussion” and will be made public “as soon as they are available”.

And providing government review in a way that does not risk further undermining customer trust may also provide a tricky balancing act for Kaspersky, given multi-directional geopolitical sensibilities, so the devil will be in the policy detail vis-a-vis “trusted” partners and whether the processes it deploys can reassure all of its customers all of the time.

“Trusted partners will have access to the company’s code, software updates and threat detection rules, among other things,” it writes, saying the Center will provide these third parties with: “Access to secure software development documentation; Access to the source code of any publicly released product; Access to threat detection rule databases; Access to the source code of cloud services responsible for receiving and storing the data of customers based in Europe, North America, Australia, Japan, South Korea and Singapore; Access to software tools used for the creation of a product (the build scripts), threat detection rule databases and cloud services”; along with “technical consultations on code and technologies”.

It is still intending to open two additional centers, one in North America and one in Asia, but precise locations have not yet been announced.

On supervision and review Kaspersky also says that it’s hoping to work with partners to establish an independent, non-profit organization for the purpose of producing professional technical reviews of the trustworthiness of the security products of multiple members — including but not limited to Kaspersky Lab itself.

Which would certainly go further to bolster trust. Though it has nothing firm to share about this plan as yet.

“Since transparency and trust are becoming universal requirements across the cybersecurity industry, Kaspersky Lab supports the creation of a new, non-profit organization to take on this responsibility, not just for the company, but for other partners and members who wish to join,” it writes on this.

Next month it’s also hosting an online summit to discuss “the growing need for transparency, collaboration and trust” within the cybersecurity industry.

Commenting in a statement, CEO Eugene Kaspersky, added: In a rapidly changing industry such as ours we have to adapt to the evolving needs of our clients, stakeholders and partners. Transparency is one such need, and that is why we’ve decided to redesign our infrastructure and move our data processing facilities to Switzerland. We believe such action will become a global trend for cybersecurity, and that a policy of trust will catch on across the industry as a key basic requirement.”

What we can learn from the 3,500 Russian Facebook ads meant to stir up U.S. politics

On Thursday, Democrats on the House Intelligence Committee released a massive new trove of Russian government-funded Facebook political ads targeted at American voters. While we’d seen a cross section of the ads before through prior releases from the committee, the breadth of ideological manipulation is on full display across the more than 3,500 newly released ads — and that doesn’t even count still unreleased unpaid content that shared the same divisive aims.

After viewing the ads, which stretch from 2015 to late 2017, some clear trends emerged.

Russia focused on black Americans

Many, many of these ads targeted black Americans. From the fairly large sample of ads that we reviewed, black Americans were clearly of particular interest, likely in an effort to escalate latent racial tensions.

Many of these ads appeared as memorials for black Americans killed by police officers. Others simply intended to stir up black pride, like one featuring an Angela Davis quote. One ad posted by “Black Matters” was targeted at Ferguson, Missouri residents in June 2015 and only featured the lyrics to Tupac’s “California Love.” Around this time, many ads targeted black Facebook users in Baltimore and the St. Louis area.

Some Instagram ads targeted black voters interested in black power, Malcolm X, and the new Black Panther party using Facebook profile information. In the days leading up to November 8, 2016 other ads specifically targeted black Americans with anti-Clinton messaging.

Not all posts were divisive (though most were)

While most ads played into obvious ideological agendas, those posts were occasionally punctuated by more neutral content. The less controversial or call-to-action style posts were likely designed to buffer the politically divisive content, helping to build out and grow an account over time.

For accounts that grew over the course of multiple years, some “neutral” posts were likely useful for making them appear legitimate and build trust among followers. Some posts targeting LGBT users and other identity-based groups just shared positive messages specific to those communities.

Ads targeted media consumers and geographic areas

Some ads we came across targeted Buzzfeed readers, though they were inexplicably more meme-oriented and not political in nature. Others focused on Facebook users that liked the Huffington Post’s Black Voices section or Sean Hannity.

Many ads targeting black voters targeted major U.S. cities with large black populations (Baltimore and New Orleans, for example). Other geo-centric ads tapped into Texas pride and called on Texans to secede.

Conservatives were targeted on many issues

We already knew this from the ad previews, but the new collection of ads makes it clear that conservative Americans across a number of interest groups were regularly targeted. This targeting concentrated on stirring up patriotic and sometimes nationalist sentiment with anti-Clinton, gun rights, anti-immigrant and religious stances. Some custom-made accounts spoke directly to veterans and conservative Christians. Libertarians were also separately targeted.

Events rallied competing causes

Among the Russian-bought ads, event-based posts became fairly frequent in 2016. The day after the election, an event called for an anti-Trump rally in Union Square even as another ad called for Trump supporters to rally outside Trump tower. In another instance, the ads promoted both a pro-Beyoncé and anti-Beyoncé event in New York City.

Candidate ads were mostly pro-Trump, anti-Clinton

Consistent with the intelligence community’s assessment of Russia’s intentions during the 2016 U.S. election, among the candidates, posts slamming Hillary Clinton seemed to prevail. Pro-Trump ads were fairly common, though other ads stirred up anti-Trump sentiment too. Few ads seemed to oppose Bernie Sanders and some rallied support for Sanders even after Clinton had won the nomination. One ad in August 2016 from account Williams&Kalvin denounced both presidential candidates and potentially in an effort to discourage turnout among black voters. In this case and others, posts called for voters to ignore the election outright.

While efforts like the Honest Ads Act are mounting to combat foreign-paid social media influence in U.S. politics, the scope and variety of today’s House Intel release makes it clear that Americans would be well served to pause before engaging with provocative, partisan ideological content on social platforms — at least when it comes from unknown sources.