Tag Archives: Antivirus

The Russian Company That Is a Danger to Our Security

Posted on September 6, 2017 | Leave a comment

Eugene Kaspersky, the founder of Kaspersky Lab, is a graduate of the KGB’s elite cryptology institute and was a software engineer for Soviet military intelligence.

MADBURY, N.H. — The Kremlin hacked our presidential election, is waging a cyberwar against our NATO allies and is probing opportunities to use similar tactics against democracies worldwide. Why then are federal agencies, local and state governments and millions of Americans unwittingly inviting this threat into their cyber networks and secure spaces?

That threat is posed by antivirus and security software products created by Kaspersky Lab, a Moscow-based company with extensive ties to Russian intelligence. To close this alarming national security vulnerability, I am advancing bipartisan legislation to prohibit the federal government from using Kaspersky Lab software.

Kaspersky Lab insists that it has “no inappropriate ties with any government.” The company’s products, which are readily available at big-box American retailers, have more than 400 million users around the globe. And it provides security services to major government agencies, including the Department of State, the National Institutes of Health and, reportedly, the Department of Defense.

But at a public hearing of the Senate Intelligence Committee in May, six top intelligence officials, including the heads of the F.B.I., C.I.A. and National Security Agency, were asked if they would be comfortable with Kaspersky Lab software on their agencies’ computers. Each answered with an unequivocal no. I cannot disclose the classified assessments that prompted the intelligence chiefs’ response. But it is unacceptable to ignore questions about Kaspersky Lab because the answers are shielded in classified materials. Fortunately, there is ample publicly available information to help Americans understand the reasons Congress has serious doubts about the company.

The firm’s billionaire founder, Eugene Kaspersky, graduated from the elite cryptology institute of the K.G.B., the Soviet Union’s main intelligence service, and was a software engineer for Soviet military intelligence. He vehemently dismisses concerns that his company assists Russia’s intelligence agencies with cyberespionage and claims that he is the target of Cold War-style conspiracy theories. But Kaspersky Lab has committed missteps that reveal the true nature of its work with Russia’s Federal Security Service, or F.S.B., a successor to the K.G.B.

Bloomberg recently reported on emails from October 2009 in which Mr. Kaspersky directs his staff to work on a secret project “per a big request on the Lubyanka side,” a reference to the F.S.B.’s Moscow offices. The McClatchy news service uncovered records of the official certification of Kaspersky Lab by Russian military intelligence, which experts in this field call “persuasive public evidence” of the company’s links to the Russian government.

The challenge to United States national security grew last year when the company launched a proprietary operating system designed for electrical grids, pipelines, telecommunications networks and other critical infrastructure. The Defense Intelligence Agency recently warned American companies that this software could enable Russian government hackers to shut down critical systems.

Beyond the evidence of direct links between Mr. Kaspersky and the Russian government, we cannot ignore the indirect links inherent in doing business in the Russia of President Vladimir Putin, where oligarchs and tycoons have no choice but to cooperate with the Kremlin. Steve Hall, former C.I.A. station chief in Moscow, told a reporter: “These guys’ families, their well-being, everything they have is in Russia.” He added that he had no doubt that Kaspersky Lab “could be, if it’s not already, under the control of Putin.”

The technical attributes of antivirus software amplify the dangers from Kaspersky Lab. Mr. Kaspersky might be correct when he says that his antivirus software does not contain a “backdoor”: code that deliberately allows access to vulnerable information.

But a backdoor is not necessary. When a user installs Kaspersky Lab software, the company gets an all-access pass to every corner of a user’s computer network, including all applications, files and emails. And because Kaspersky’s servers are in Russia, sensitive United States data is constantly cycled through a hostile country. Under Russian laws and according to Kaspersky Lab’s certification by the F.S.B., the company is required to assist the spy agency in its operations, and the F.S.B. can assign agency officers to work at the company. Russian law requires telecommunications service providers such as Kaspersky Lab to install communications interception equipment that allows the F.S.B. to monitor all of a company’s data transmissions.

The Senate Armed Services Committee in June adopted my measure to prohibit the Department of Defense from using Kaspersky Lab software, to limit fallout from what they fear is already a huge breach of national security data. When broad defense legislation comes before the Senate in the weeks ahead, they hope to amend it to ban Kaspersky software from all of the federal government.

Americans were outraged by Russia’s interference in our presidential election, but a wider threat is Russia’s doctrine of hybrid warfare, which includes cybersabotage of critical American infrastructure from nuclear plants to electrical grids. Kaspersky Lab, with an active presence in millions of computer systems in the United States, is capable of playing a powerful role in such an assault. It’s time to put a stop to this threat to our national security.
You do your own research and then decide if you would want Kaspersky software on your PC in your home.

 

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking, Security

Tagged , ,

14 cybersecurity terms you need to know

Posted on May 31, 2016 | Leave a comment

Cyber_Security

Taking a proactive approach to your online security can help you avoid becoming a victim. Start by familiarizing yourself with these computer security terms. Understanding them can help you recognize a cyber threat — and can also help you protect your computer from one.

1. Adware

Adware is software that displays advertisements on your computer. It can take various forms, but is often a popup ad or an ad displayed in a sidebar in your browser. Typically, adware is more of an annoyance than a security risk, but in some cases it could be monitoring your online browsing activities and relaying that data to a third party.

2. Antivirus software

Antivirus software monitors your computer to find and block malicious programs like viruses. McAfee and Norton are two popular antivirus software packages. To protect your computer against new viruses, it’s important to regularly update your antivirus software.

3. Encryption

Encryption transforms plaintext (readable data) into ciphertext — which is unreadable without an encryption password. Once the user enters the correct encryption password, the text is decoded. Consider using a secure email service like GhostMail to encrypt the content of your sensitive messages.

4. Firewall

A firewall creates a barrier between the internet and your computer to help block hackers, viruses and other threats. Many security suites — like Symantec, Norton, Security Premium and Bitdefender Total Security — include firewall protection.

5. Hacker

A hacker is any unauthorized user who gains access to private data. While hacking can be used for many purposes, some criminal hackers purposefully disrupt or permanently damage an individual computer or an entire network of computers. Hacking attacks cost the average American company more than $7 million per year.

6. Keylogger software

Keylogger software is a type of spyware that records information about your computer keyboard activities — such as your internet browsing, emails, and instant messages — and then sends the data to a third party.

7. Malware

Short for “malicious software,” malware is an umbrella term used to describe software or code that’s designed to damage a computer or collect information from it. Adware, Trojans, and spyware are examples of malware.

8. Phishing

Phishing is a scam where cyber criminals send victims an email that appears to be from a legitimate business or organization. The email convinces the victim to disclose sensitive information such as their date of birth or account numbers, which the criminal often uses to steal their identity. SMiShing is a fraud that’s similar to phishing, but the victim is baited through bogus text messages rather than through email.

9. Security patch

A security patch is used to fix software or operating-system vulnerabilities that hackers could use to infect computers with a virus or another type of malware. It’s best to set up your computer to check for security patches automatically, but you can also go to the software maker’s website and manually download them.

10. Spyware

Spyware is a type of malware that’s used to monitor your activities, collect specific data, and communicate this information to a third party. Spyware can capture everything from screenshots to passwords and emails.

11. Secure Sockets Layer

SSL is a network security protocol that secures information traveling over the internet. Websites that start with “https” use an SSL connection to help keep user information safe.

12. Trojan

A Trojan is a type of malware that appears legitimate or useful — but once it’s installed, a Trojan can allow cyber criminals to do things like delete or modify your data, steal sensitive information, or disrupt your computer’s performance. Most Trojans are delivered through emails, online services, and downloads such as free games and music.

13. Virus

A virus is a self-replicating type of malware designed to corrupt or modify your computer’s programs and files. In some cases, a virus can slow your computer’s performance or stop it from working altogether. Viruses are spread in various ways, but one of the most common is through infected email attachments. Before opening any email attachment (even one from someone you know), contact the sender and confirm its legitimacy.

14. Personally identifiable information

PII, also referred to as sensitive personal information , is any information that can be used on its own — or in tandem with other information — to identify, locate, or contact a person. Driver’s license numbers, Social Security numbers, and home addresses are a few examples of PII that are often used to perpetrate identify theft. Use extreme caution when providing PII online, and, for extra security, disable auto-fill settings on your web browser.

 

 

Once you’ve familiarized yourself with these terms, protect yourself further by following basic computer security practices and learning about current online threats and scams.

 

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking, Security

Tagged , , , ,