Russian-Soviet Flag

Kaspersky’s Cold War(e), Unpacking DOJ’s Encryption Talk and regulating IoT

In our latest Security Ledger Podcast we talk about Kaspersky Lab’s Cold War tinged smack down with for NSA analyst Dave Aitel of Immunity Inc. Also: Bruce Schneier weighs in on what has and hasn’t changed in the Trump DOJ’s take on strong encryption, while Josh Corman of PTC tells us that federal rules governing IoT security may be closer than we think.

To say the past week has been a tough one for Moscow-based security software firm Kaspersky Lab* is the understatement of this young century. The company, which has been dogged by rumors of connections to Russia’s intelligence agency the FSB, was the subject of a Wall street journal article that fleshed out those rumors. The article, by Gordon Lubold and Shane Harris of the Journal alleged the company’s anti virus software was used by Russian intelligence to help steal classified hacking tools from the NSA.

Russian-Soviet Flag
Kaspersky Lab’s name has been linked to increasingly detailed reports of spying by Russian intelligence agencies.

That story was followed yesterday by a report in The New York Times that Israeli intelligence operatives directly observed the Russian agents who had hacked into Kaspersky’s network using the software to scan computers for information gathering.

Kaspersky is ‘Dirty’ – but is it unique?

In this week’s podcast, we talk all things Kaspersky with former NSA analyst and CEO of Immunity Inc. Dave Aitel about the company’s plight. Aitel said that – while the company may well have been unaware of attacks on its employees, corporate network or software, the conclusion for governments, businesses and individuals who use the company’s tools is unavoidable: Kaspersky has been compromised.

Tough talk on strong encryption – now what?

Also, the Trump administration has made a point of reversing course on Obama Administration positions on everything from the environment to financial regulation and trade deals. But in one important arena they’re staying the course: official opposition to Silicon Valley’s use of strong encryption. In the second segment of this week’s podcast, we parse Deputy Attorney General Rod Rosenstein’s latest comments on  strong encryption with cryptographer, author and information security super hero Bruce Schneier.

Are IoT safety rules in the offing?

In our final segment: Congress is closer than ever to passing comprehensive legislation to secure the Internet of Things. Josh Corman of the firm PTC and IamTheCavalry testified at that hearing and says that the appetite for change is strong driven, in part, by exasperation over disruptions like the Mirai botnet and Equifax data breach. We talk with Josh about the future of regulation of the Internet of Things – which may be rosier than you’d think.

As always: check our full conversation in our latest Security Ledger podcast below or over at Soundcloud. You can also listen to it on iTunes.  As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.

(*) This author was an employee of Kaspersky Lab’s Threatpost news website from 2010 to 2012.