{"id":43594,"date":"2024-06-07T16:34:03","date_gmt":"2024-06-07T20:34:03","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=43594"},"modified":"2024-09-25T15:08:36","modified_gmt":"2024-09-25T19:08:36","slug":"no-bounty-for-kaspersky","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2024\/06\/07\/no-bounty-for-kaspersky\/","title":{"rendered":"No Bounty for Kaspersky"},"content":{"rendered":"<p><a href=\"https:\/\/therecord.media\/kaspersky-apple-bug-bounty-declined\">Alexander Martin<\/a> (via <a href=\"https:\/\/x.com\/DamienPetrilli\/status\/1798627726515155136\">Damien Petrilli<\/a>):<\/p>\n<blockquote cite=\"https:\/\/therecord.media\/kaspersky-apple-bug-bounty-declined\"><p>Apple declined to issue a bug bounty to the Russian cybersecurity company Kaspersky Lab after it disclosed four zero-day vulnerabilities in iPhone software that were allegedly used to spy on Kaspersky employees as well as Russian diplomats.<\/p><p>[&#8230;]<\/p><p>Operation Triangulation, as the spying campaign was named, was &ldquo;definitely the most sophisticated attack chain we have ever seen,&rdquo; the Kaspersky researchers said, with an explanation of it including 13 separate bullet points.<\/p><p>[&#8230;]<\/p><p> On the same day as Kaspersky&rsquo;s disclosure, Russia&rsquo;s Federal Security Service (FSB) <a href=\"https:\/\/therecord.media\/russia-accusses-us-of-hacking-apple-devices-to-spy-on-diplomats\">accused<\/a> the United States and Apple of having collaborated to enable the U.S. to spy on Russian diplomats. <\/p><p>[&#8230;]<\/p><p>Although Kaspersky is not specifically sanctioned in the United States in relation to the Ukraine conflict, the Department of Homeland Security had previously banned its products from government use on security grounds due to the level of control anti-virus software requires on a computer and the risks attached to that control for a company based in Russia.<\/p><\/blockquote>\n\n<p>See also: <a href=\"https:\/\/malwaretips.com\/threads\/apple-wont-pay-bug-bounty-to-russian-cybersecurity-firm-kaspersky-lab.131436\/\">MalwareTips<\/a>.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2024\/05\/14\/no-bounty-for-kernel-vulnerability\/\">No Bounty for Kernel Vulnerability<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2023\/12\/28\/operation-triangulation-details\/\">Operation Triangulation Details<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2023\/06\/27\/triangulation-exploit\/\">Triangulation Exploit<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/03\/02\/apple-halts-sales-in-russia\/\">Apple Halts Sales in Russia<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2021\/07\/13\/more-trouble-with-the-apple-security-bounty\/\">More Trouble With the Apple Security Bounty<\/a><\/li>\n<\/ul>\n\n<p id=\"no-bounty-for-kaspersky-update-2024-06-12\">Update (2024-06-12): <a href=\"https:\/\/9to5mac.com\/2024\/06\/09\/security-bite-apple-refused-to-pay-bounty-to-kaspersky-for-uncovering-vulnerability-part-of-operation-triangulation\/\">Arin Waichulis<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=40628879\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/9to5mac.com\/2024\/06\/09\/security-bite-apple-refused-to-pay-bounty-to-kaspersky-for-uncovering-vulnerability-part-of-operation-triangulation\/\"><p>Galov even proposed that Kaspersky donate the bounty to charity, but Apple rejected this, citing internal policies without explanation. It&rsquo;s not uncommon for research firms to donate bounty payments from large companies to charity. Some perceive it as an extension of their ethical obligation, but it undeniably contributes to a positive reputation within the security community.<\/p><p>[&#8230;]<\/p><p>According to Apple&rsquo;s <a href=\"https:\/\/security.apple.com\/bounty\/\">Security Bounty Program<\/a>, the reward for discovering such vulnerabilities can be up to $1 million. It&rsquo;s crucial to maintain this reward, as non-reported iOS zero-days can sell for well north of a million dollars in corners of the dark web.<\/p><p>[&#8230;]<\/p><p>Additionally, per Apple Security Bounty&rsquo;s <a href=\"https:\/\/security.apple.com\/terms-and-conditions\/\">terms and conditions<\/a>, &ldquo;Apple Security Bounty awards may not be paid to you if you are in any U.S. embargoed countries or on the U.S. Treasury Department&rsquo;s list of Specially Designated Nationals, the U.S. Department of Commerce Denied Person&rsquo;s List or Entity List, or any other restricted party lists.&rdquo;<\/p><\/blockquote>\n<p>It doesn&rsquo;t seem like giving it to charity would violate the sanctions.<\/p>\n\n<p><a href=\"https:\/\/pxlnv.com\/linklog\/fsb-nsa-backdoor\/\">Nick Heer<\/a>:<\/p>\n<blockquote cite=\"https:\/\/pxlnv.com\/linklog\/fsb-nsa-backdoor\/\">\n<p>Kaspersky <a href=\"https:\/\/securelist.com\/operation-triangulation\/109842\/\">discovered<\/a> this malware. It has affected devices running versions up to iOS 15.7, and it has been seen in use as early as 2019.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/arstechnica.com\/information-technology\/2023\/06\/clickless-ios-exploits-infect-kaspersky-iphones-with-never-before-seen-malware\/\">Dan Goodin<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=36154455\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/arstechnica.com\/information-technology\/2023\/06\/clickless-ios-exploits-infect-kaspersky-iphones-with-never-before-seen-malware\/\">\n<p>According to officials inside the Russian National Coordination Centre for Computer Incidents, the attacks were part of a broader campaign by the US National Security Agency that infected several thousand iPhones belonging to people inside diplomatic missions and embassies in Russia, specifically from those located in NATO countries, post-Soviet nations, Israel, and China. A separate alert from the FSB, Russia's Federal Security Service, alleged Apple cooperated with the NSA in the campaign. An Apple representative denied the claim.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/github.com\/KasperskyLab\/triangle_check\">Kaspersky Lab<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=36164340\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/github.com\/KasperskyLab\/triangle_check\">\n<p>This script allows to scan iTunes backups for indicator of compromise by Operation Triangulation.<\/p>\n<\/blockquote>\n\n<p id=\"no-bounty-for-kaspersky-update-2024-09-25\">Update (2024-09-25): <a href=\"https:\/\/www.techdirt.com\/2024\/09\/25\/kaspersky-leaves-u-s-deletes-itself-swaps-everybodys-antivirus-for-software-nobody-asked-for\/\">Karl Bode<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.techdirt.com\/2024\/09\/25\/kaspersky-leaves-u-s-deletes-itself-swaps-everybodys-antivirus-for-software-nobody-asked-for\/\">\n<p>Regardless, this week Kaspersky Labs effectively left the U.S., but not before engaging in a practice that doesn&rsquo;t exactly scream &ldquo;high security standards.&rdquo; The company effectively <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning\/\">deleted its products from U.S. user computers without anybody&rsquo;s consent<\/a>, then replaced it with UltraAV&rsquo;s antivirus solution &mdash; also without informing users.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Alexander Martin (via Damien Petrilli): Apple declined to issue a bug bounty to the Russian cybersecurity company Kaspersky Lab after it disclosed four zero-day vulnerabilities in iPhone software that were allegedly used to spy on Kaspersky employees as well as Russian diplomats.[&#8230;]Operation Triangulation, as the spying campaign was named, was &ldquo;definitely the most sophisticated attack [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2024-06-07T20:34:06Z","apple_news_api_id":"e6438ca9-70c6-4608-ab23-684612514c20","apple_news_api_modified_at":"2024-09-25T19:08:38Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAg==","apple_news_api_share_url":"https:\/\/apple.news\/A5kOMqXDGRgirI2hGElFMIA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[2098,31,2078,2185,504,705,1676,48],"class_list":["post-43594","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple-security-bounty","tag-ios","tag-ios-15","tag-ios-16","tag-malware","tag-nsa","tag-russia","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/43594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=43594"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/43594\/revisions"}],"predecessor-version":[{"id":45090,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/43594\/revisions\/45090"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=43594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=43594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=43594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}