Haywards Heath IT security specialist asks what can we learn from Kaspersky

The way that data breach has been handled by these two organisations provides valuable insight into how it should be done.

Haywards Heath IT security specialist Gary Johnston has been taking a particular interest in events at Kaspersky and the US Office of Personnel Management.

As an IT security specialist when stories of this kind unfold it is always interesting to see how they are dealt with by the companies involved, very often unfortunately the answer is badly.

Haywards Heath IT security specialist Gary Johnston says Kaspersky and The US Office of Personnel Management provide contrasting examples of how to deal with a data breach.

Tamite Haywards Heath IT security specialist comment on Kasperky & US Office of Personnel Management data breach

Kaspersky have given a text book demonstration of how to handle the potentially embarrassing fact that they have been the victim of data breach. Kasperky disclosed the fact that during the testing of a new product designed to search for APTs (Advanced Persistent Threats) they had actually discovered an intrusion on their own network.

The phrase not knowing whether to laugh or cry comes to mind. I should imagine that the event was akin to the head designer at Dyson plugging in the latest design, pushing a button, watching his own workshop disappear up the nozzle and saying to the assembled audience, “well that worked”. Presumably the new product has passed its Beta testing with flying colours.

Kaspersky unlike previous victims of this type of event, have actually in some ways turned what could have been a hugely embarrassing event into something a little more positive. They promptly admitted to the breach and the investigation showed that the attack was highly advanced. Using what Kaspersky have dubbed Duqu 2.0 which presumably infers a link to Duqu 1.0 (BBC News) which was famously uncovered by Kaspersky in 2011 to eves drop on the organisation.

Gary Johnston of Haywards Heath IT Security specialist Tamite Secure IT comments that Kaspersky appear to have been open about the scope of the breach from the start, including the extent and the timeline of the attack and the fact that within a short period of being discovered it appeared to uninstall itself and attempt to cover its tracks (Computer Weekly), it makes fascinating reading and gives a real feel for the sophistication of the APT.

July was also a good month to bury bad news as the events at Kaspersky were possibly over shadowed news wise by the events at The US Office of Personnel Management (US OPM) who managed to leak tens of millions of records relating to government employees. (BBC News)

In contrast to Kaspersky the reaction of The US OPM went through the usual phases, of denial, to grudging acceptance while still understating and minimalizing the extent of the breach. The classical pattern was almost complete when after having been over taken by events, The US OPM finally resorted to a hand wringing confession to the true extent of the breach. The final phase was marked by the inevitable and ritual decapitation of the person deemed most culpable. In this case the Director of US OPM Katherine Archuleta who announced she would step down to help the department “move beyond the current challenges”.

However of the two events, the one at Kaspersky is the more troubling, it seems to be a universal fact that governments don’t do a great job of IT or IT Security per se and in any case the USOP have what is known as previous. The fact that Kaspersky who do IT Security well have been spied upon for an indeterminate period should be seen as sinister.

Gary Johnston Haywards Heath IT Security Specialist goes on to say that there are three scenarios that have been mooted.

1. The Israelis who have plenty of “previous” spying on the Iranian Nuclear Arms proliferation talks and wanting early warning if their latest piece of Spyware has been exposed.

2. GCHQ, Nation state China, US NSA etc. a security service wanting to know how to circumvent the latest security products.

3. Three Cyber criminals least likely but similar motive.

The comments in this blog represent the thoughts of Haywards Heath IT security specialist Gary Johnston of Tamite IT

Speak Your Mind