Today Active Directory Security is mission-critical to organizational security worldwide and thus mission-critical to Cyber Security worldwide. On this blog, former Microsoft Program Manager for Active Directory Security, and today, CEO of Paramount Defenses, shares valuable technical insights on Active Directory Security.

Sunday, July 30, 2017

Regarding Cyber Security, Kaspersky Labs, Russia & the U.S. Government


In light of the recent controversy surrounding whether or not Kaspersky Labs, a Russian cyber security company's, anti-virus software should be running on computers in the U.S. Government, thought I'd re-post a recent post concerning this subject.

As you may have heard, according to Reuters, earlier this week the U.S. Congress, and specifically a U.S. Congressional Panel has asked 22 government agencies to share documents on Kaspersky Labs, saying that its products could be used to carry out "nefarious activities against the United States."

While I am not going to comment on this specific topic/issue, I just wanted to say one thing:

The only thing I will say is that the U.S. Congress and all U.S. Government Agencies, including all U.S. intelligence agencies should know that today, computer software other than Kaspersky Labs' anti-virus software, that was highly likely written in Russia and that may very likely still being supported from within Russia, is very likely still running in possibly the highest privileged security contexts across potentially many parts of the U.S. Government.

If this is true, then if someone could compromise a specific location in Russia, they could... <you can complete the sentence.>

By the way, this is neither something that we uniquely know nor is it classified information. This information is freely available in the public domain and can be easily deduced by some basic online sleuthing, by anyone with merely an Internet connection.

Interestingly, I should also mention that this very piece of computer software may also be running (for years now) in the highest privileged security context in not just the networks of the U.S. Government, but at thousands of organizations worldwide today.

Just one more thing; as a cyber security professional, I find the means by which whoever hacked the DNC and John Podesta's emails absolutely laughable - I mean what an amateur job it was, and yet its impact on global security may have been colossal.

I mean, here we worry about how someone could write a few lines of code targeting Active Directory and potentially be in a position to proverbially shut the motor of the world, (considering that the whole world runs on Active Directory,) and there some kid just phishes John Podesta into obtaining access to his Gmail account and thereby to vast amounts of private email, which he/she then purportedly passes on to WikiLeaks, who ends up releasing it in the public domain. and that according to the CIA, that ends up influencing the U.S. Election.

Finally, and I have said this before, the idea of setting up a joint cyber security unit with Russia may not be a good idea.

Before I put my pen down, let me just say, and I cannot stress one point enough - if potentially untrustworthy code is running in the highest security contexts in your IT network, it likely is not your network anymore (i.e. you're likely not the only one who has access to (and/or can access, control access to, as well as divulge, tamper and destroy) almost everything in your network.)

Best wishes,

PS: To the respected folks in our govt., please know that we already informed the highest cyber security officials concerning the likely presence of Russian code earlier last year. However, if there is still a need to identify it, pls let us know; we're here to help.

PS2: That's all for now. We will continue with Day-11 of our advanced Active Directory Security School for Microsoft tomorrow.

No comments:

Post a Comment