Kaspersky tools removal update. But keep reading – it gets better:
Now for the punchline – They’ve documented that Kaspersky, a Russian company close to Putin, was hacked by Israel. Kaspersky security researchers have confirmed the NSA hacking tools existence when they discovered it in the spring of 2014. The article;
In a statement, the company (Kaspersky) said it stumbled on the (NSA) code a year earlier than the recent newspaper reports had it (ed: Comey stated summer 2015), in 2014. It said logs showed that the consumer version of Kaspersky’s popular product had been analyzing questionable software from a U.S. computer and found a zip file that was flagged as malicious.
And it further states, again from the article:
Kaspersky’s Equation Group report was one of its most celebrated findings, since it indicated that the group could infect firmware on most computers. That gave the NSA almost undetectable presence.
Kaspersky later responded via email to a question by Reuters to confirm that the company had first discovered the so-called Equation Group programs in the spring of 2014.
So a Russian antivirus software found a zip file with NSA hacking tools in 2014. Hacking tools that target Microsoft and other business software, again, in the Spring of 2014. Confirmed by Israeli Security researchers who hacked Kaspersky.
Now, what they found was a compressed, portable, easily emailed or traded via email even as nobody else had the signatures to detect. A zip file.
A zip file.
For those unfamiliar with the industry, by the time an exploit is being traded in a 7 z it’s long been in the wild. That is the commodity phase of the economic curve.
The economics of the dark web have been researched and are well documented (hint: look at DEFCON and Blackhat presos from a few years back.)
If you are a reporter or security researcher – keep digging. Basic economics say it had to have been being traded early 2013 for high bids with a quick pricing decline as is typical with shrink wrap software.
It remained unpatched. Every company using common business software was, and probably still is, an open book. A trivial metasploit script and your movies, your directional drilling tech, your seismic data, patents, medical history, your porn habit, email, fb, you name it, was and probably still is wide open.
Bottom line: My opinin is the timeline of the NSA hacking tools being released is 2013. If not earlier. (But I’ll stick with my mid-2013 estimated release to the wildebeasts estimate.) NSA let them into the wild as discovered by Russians (current media puts this at 2014) who were then hacked by our allies Israel. Israel then reported this to the US.
And we did nothing. Think about it.
Just add that up and you get Russia hacking US companies and associations using our own tools paid for by YOU. NSA hacking tools discovered and reported to the US by our allies in Israel. 2014 or earlier.
What did NOT happen was responsible reporting to vendors like Microsoft who only patched it when the Shadow Brokers released it on github in 2017. Thus from 2014 (or earlier), our allies, our foes, and our own security agencies did nothing to protect US intellectual property, infrastructure, companies, jobs, and people.
Noodle that one.
…. this story will continue to unfold. And if you are an investigative journalist, maybe ask around the community politely regarding who’s zoo had the code and when.