アンチウィルスソフトは Kaspersky で決まりか: ずくなしの冷や水

2017年11月17日

アンチウィルスソフトは Kaspersky で決まりか

Stuxnet:スタックスネット (W32/Stuxnet) は、Microsoft Windowsで動作するコンピュータワームであり、2010年6月に発見された。 インターネットから隔離されたスタンドアローンのコンピュータ・システムにも、USBストレージを経由するという手段により感染する。

米国の政府機関がカスペルスキーのアンチウィルスソフトを排除する策に出たのは、CIAの作成したマルウェアなどを探り当て対処策を講じたことに腹を立てたかららしい。ということは、他のアンチウィルスソフトでは、CIAが作り出したウィルスなどのワクチンとしては有効でないということになる。

カスペルスキーのソフトを使ってみることにした。

2017/11/10
‘Kaspersky Lab in crosshairs since exposing US & Israeli spies behind Stuxnet’ – fmr MI5 agent

The campaign to discredit Kaspersky Lab dates back to 2010, when the Russian based cybersecurity firm uncovered the origin of the Stuxnet malicious computer worm which ruined Iran's nuclear centrifuges, experts in the field told RT.

Kaspersky Lab, founded in Moscow in 1997, has been a world leader in cybersecurity for decades, taking pride in working outside of any government’s sphere of influence. US intelligence agencies, however, seem to consider the Russian firm a competitive challenge, cybersecurity experts told RT.

Kaspersky is highly reputable. It has been operating for a couple of decades. It has 400 million users around the world, including until very recently the American government,” former MI5 analyst Annie Machon told RT. “So of course if they are doing it, other countries are going to do it to a competitor corporation around the world too. Obviously, the CIA would be interested in a very successful Russian based company that offers protection on the internet.”

“Kaspersky [has] one of the most successful security teams worldwide. Don’t forget that Kaspersky was the security firm that first of all discovered the NSA linked group of activities involved in cyber espionage activities worldwide,” Pierluigi Paganini, the head of cybersecurity at Grant Thornton Consultants, told RT.

The Russian company became one of the targets amidst the ongoing anti-Russian hysteria in the US, which centers around the unproven allegations of Russian meddling in the 2016 US presidential elections. In September, the US Department of Homeland Security (DHS) ordered all government agencies to stop using Kaspersky products and remove them from computers, citing “security risks.”

And while Kaspersky Lab is actively cooperating with the US authorities, on Thursday, WikiLeaks published a source code for the CIA hacking tool ‘Hive,’ which was used by US intelligence agencies to imitate the Kaspersky Lab code and leave behind false digital fingerprints. Exposing the CIA’s impersonation of Kaspersky Lab is just a part of WikiLeaks’ Vault 7 and 8 revelations which shed light on the CIA’s electronic surveillance methods and cyber warfare tools.

“What is important in this specific story is the complexity, the effort spent by the US intelligence to make hard the attribution. Kaspersky is the actual victim of these activities. There is a government agency, the CIA that conducted cyber espionage activities to also use false flag in its operation in order to make harder the attribution,” Paganini explained.

Kaspersky Lab remains one of the few companies in the world that can expose the CIA’s scheming, and that is why the Russian company is facing so much backlash, Machon believes.

“We have Kaspersky saying 'We can do this-we can prove some of these hacks are not Russian, they are American’ when it comes to the presidential elections. And so they needed to discredit them, and I think that this new application of a virus at state level, a very aggressive virus that would discredit a very proven brand around the world it’s exactly what the Americans would want and the Israelis also would want,” the former MI5 operative pointed out.

The campaign against the Russian cybersecurity firm goes back to 2010, when Kaspersky Lab revealed the origin of the Stuxnet virus, Machon told RT. Back then, Kaspersky Labs stated that “this type of attack could only be conducted with nation-state support and backing.” Nobody officially claimed responsibility for the creation of the complex cyber weapon that targeted industrial control systems, used in infrastructure facilities, to affect their automated processes. However, it is widely believed that US and Israeli intelligence agencies were behind Stuxnet, which reportedly ruined almost one-fifth of Iran’s nuclear centrifuges used to develop civilian atomic power.

“Stuxnet was deployed against the centrifuges that enriched the uranium and nobody knew where it came from. It seemed to be very weaponized at the state level. And it was actually Kaspersky that unveiled who had developed it. And it was American and the Israeli intelligence agencies,” Machon told RT. “So ever since then, it has sort of been daggers drawn between these two competing sides [Kaspersky vs CIA]. Kaspersky has been very much in crosshairs of both American and Israeli intelligence agencies.”

RT2017/11/17
Kaspersky Lab under attack as it found something the US didn't like – company head
Russian cybersecurity company Kaspersky Lab has fallen victim to a witch hunt in the US just because it did its job too well, the company’s CEO, Eugene Kaspersky, said. He added that his firm might have stumbled upon some secret US business.

The whole situation around the US ban on the use of Kaspersky Lab antivirus products by federal agencies “looks very strange,” Kaspersky told Germany’s Die Zeit daily, adding that the whole issue in fact lacks substance. “It was much more hype and noise than real action,” he said.

Kaspersky then explained that the US authorities ordered all governmental agencies to remove all the company’s software from their computers, even though “we had almost zero installations there.” With little real need for such measures, they were apparently aimed at damaging the company’s reputation.

“It seems that we just do our job better than others and that made someone very disappointed,” Kaspersky said of the motives behind the US government’s move. “It seems that we detected some unknown or probably very well-known malware that made someone in the US very disappointed.”

At the same time, he stressed that his company does not collect “any sensitive personal data,” not to mention any classified documents, adding that the only data Kaspersky Lab is hunting for is “new types of malware, unknown or suspicious apps.”

The Russian cybersecurity company was indeed accused by the US media of using its software to collect the NSA technology for the Russian government – something that Kaspersky Lab vehemently denied.

According to US media reports in October 2017, an employee from the National Security Agency (NSA) elite hacking unit lost some of the agency's espionage tools after storing them on his home computer in 2015. The media jumped to blame Kaspersky Lab and the Kremlin.

Following the reports, the company conducted an internal investigation and stumbled upon an incident dating back to 2014. At the time, Kaspersky Lab was investigating the activities of the Equation Group – a powerful group of hackers that later was identified as an arm of the NSA.

As part of Kaspersky’s investigation, it analyzed information received from a computer of an unidentified user, who is alleged to be the security service employee in question. It turned out that the user installed pirated software containing Equation malware, then “scanned the computer multiple times,” which resulted in antivirus software detecting suspicious files, including a 7z archive.

“The archive itself was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts. Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware,” the company’s October statement explained.

The analyst then reported the matter directly to Eugene Kaspersky, who ordered the company’s copy of the code to be destroyed.

On Thursday, Kaspersky Lab issued another statement concerning this incident following a more extensive investigation. The results of the investigation showed that the computer in question was infected with several types of malware in addition to the one created by Equation. Some of this malware provided access to the data on this computer to an “unknown number of third parties.”

In particular, the computer was infected with backdoor malware called Mokes, which is also known as Smoke Bot and Smoke Loader. It is operated by an organization called Zhou Lou, based in China.

Kaspersky Lab, a world leader in cybersecurity founded in Moscow in 1997, has been under pressure in the US for years. It repeatedly faced allegations of ties to the Kremlin, though no smoking gun has ever been produced.

In July, Kaspersky offered to hand over source code for his software to the US government, but wasn't taken up on the offer. In October, the cybersecurity company pledged to reveal its code to independent experts as part of an unprecedented Global Transparency Initiative aimed at staving off US accusations.

Kaspersky has been swept up in the ongoing anti-Russian hysteria in the US, which centers on the unproven allegations of Russian meddling in the 2016 presidential elections. In September, the US government banned federal agencies from using Kaspersky Lab antivirus products, citing concerns that it could jeopardize national security and claiming the company might have links to the Kremlin. Eugene Kaspersky denounced the move as “baseless paranoia at best.”

Even as Kaspersky Lab is offering its cooperation to US authorities, on Thursday, WikiLeaks published source code for the CIA hacking tool “Hive,” which was used by US intelligence agencies to imitate the Kaspersky Lab code and leave behind false digital fingerprints.

The US might be targeting Kaspersky Lab in its witch hunt because the company might be able to disprove American allegations against Russia, experts told RT. “We have Kaspersky saying, 'We can do this. We can prove some of these hacks are not Russian, they are American,’ when it comes to the presidential elections. And so they needed to discredit them,” former MI5 analyst Annie Machon said.

The campaign against the Russian cybersecurity firm could go back as early as to 2010, when Kaspersky Lab revealed the origin of the Stuxnet virus that hit Iran's nuclear centrifuges, she told RT. Back then, Kaspersky Lab stated that “this type of attack could only be conducted with nation-state support and backing.” Nobody claimed responsibility for the creation of the malware that targeted Iran. However, it is widely believed that the US and Israeli intelligence agencies were behind Stuxnet.
posted by ZUKUNASHI at 16:57| Comment(5) | デジタル・インターネット
この記事へのコメント
以前「スタックスネット」に関して書いたかも知れませんが、記憶が定かでは無い為改めて書きます。

「スタックスネット」を初めて知ったのは、インターネットメディアの「I・W・J」に於ける小笠原みどり氏・映画「スノーデン」を撮影したオリバーストーン監督へのインタビューで、エドワードスノーデン氏が「イスラエル・米国NSA」の開発したウィルスで、イランの核施設の遠心分離機400台を停止させ、日本だけでは無くブラジル・メキシコやベルギー・オーストリアなどの欧州諸国のダム・電力・通信・鉄道・銀行・病院などの様々なインフラ施設に仕掛け、親米では無くなった瞬間に「相手国を実質的に崩壊させられる」と言う話でした。

カスペルスキーは、確か「ロシア企業」が母体だった筈なので、強いのかも知れません。
Posted by 自・公政権では駄目だ! at 2017年11月12日 16:46
自・公政権では駄目ださん、ユージン・カスペルスキー氏は、秀才でKGBでコンピュータ内のコンピュータウィルスの動きの研究をしていました。KGBを退職して、ウイルスソフトの会社を作られたかたです。誰かあべさんの頭にも天才になるウイルスを入れてもらいたいですね。そうしたら日本を救うかもしれませんね。笑!
Posted by 西 亨 at 2017年11月12日 19:49
西亨様 度々有益な情報をご教示頂き有難う御座います。

安倍総理の頭に「天才になるウィルス」を入れたとしても、「馬・鹿と天才は紙一重」とも言いますから、何度入れ直しても「OSに修正不可能なバグが有る」様な状態ですから、ウィルスの効果を期待するのは無理かもしれません。(笑)

それから以前の明治維新関連ですが、「イングランド銀行・英国貴族階級など」は「ワーテルローの戦い」で「ロスチャイルド家」が実質的に支配する様になり、明治維新政府で要職に付いた「マセソン・ボーイズ(ファイブ)」は、ロスチャイルド系で上海を拠点とした「ジャーディンマセソン商会」が英国に留学をさせ、長崎の「グラバー商会」はマセソン商会の「長崎代理店」でした。

例えば「日露戦争」に関し、イギリスとドイツは、ロシアの南下政策をインドやドイツの北側に向けないために、その矛先の主力をアジアに向けさせる必要が有り、「ドイツ皇帝」ウィルヘルム2世の母は、「イギリス王」エドワード7世と兄弟であり、「ロシア皇帝」ニコライ2世の母と、エドワード7世の妻とは姉妹という関係から、中国への進出を図りたいドイツとイギリスの利害が一致して、「日清戦争」後のロシアを全面に立てた「三国干渉」になり、「日露戦争の因果」に成っていたりします。

その為に「日露戦争の日本国債引受」は、ユダヤ系の(英)パース銀行、香港上海銀行、横浜正金銀行(米)クーン・ローブ商会(後にリーマンブラザースへ)、ナショナル・シティ銀行が当初から、後に(独)ワールブルク商会、ドイツ銀行他、(仏)パリ・ロスチャイルド家も行いましたが、有名なジェイコブ・シフ率いる「クーン・ローブ商会」は、「ロックフェラーのメインバンク」で、ロスチャイルド家とは、古の独フランクフルトのゲットー(ユダヤ人隔離居住区)時代からの古い友人だったりする事も、皆さん既に御存知でしょうが、ついでなので書いて置きます。
Posted by 自・公政権では駄目だ! at 2017年11月13日 01:30
こんばんは。

カスペルスキーはIPアドレスを疑似的に変えてインターネットにアクセスする機能など、なかなか素晴らしいです。
うちのローカルネットワークへの侵入者はカスペルスキーでも防げませんでしたが、それでもトップクラスのソフトです。
ただ、カスペルスキーはそれ自体で重いので、セレロンCPUのマシンだとつらいと思います。
その場合、スロバキアのESETが軽めでおすすめです。
Posted by Saito at 2017年11月13日 22:02
カスペルスキー、新しい機械では特に処理が遅くなった感じもしません。セレロンの機械はメールとGM-10の画像処理が主体でカスペルスキーが働く余地はあまりないようです。
ネット閲覧を主にしている新しいほうは、サイトをブロックしたとの情報が次々に表示されます。
私、そんなに変なサイトばっかり見ているのかな。
グローバルランク4500位とおだててくれたEASY COUNTERはブロックされて見れなくなりました。
Posted by ずくなし at 2017年11月13日 23:40
コメントを書く
お名前: [必須入力]

メールアドレス: [必須入力]

ホームページアドレス:

コメント: [必須入力]

※ブログオーナーが承認したコメントのみ表示されます。