The US government recently prohibited federal agencies from using the company’s products, and the FBI is reportedly convincing private entities to do the same. Its latest headache is linked to the NSA cyberattacks allegedly carried out by Russian hackers, who made away with official cyber defense material in 2015. The US intelligence agency claimed it noticed the stolen files using Kaspersky software. Little else was revealed about the incident (news of which broke last week) until now. It seems Israeli officials tipped off the US about the Russian intrusion, having hacked into Kaspersky’s network, according to The New York Times.
Israel-linked hackers were watching Russian hackers breach an NSA contractor’s computer in real-time using a popular anti-virus tool. It all spins an espionage web worthy of a John le Carré novel. As for Kaspersky, its response is the same boilerplate. The company claims it was “not involved in” nor “does it possess any knowledge of, the situation in question.”
But, according to multiple people in the know, the Russian operation turned Kaspersky’s software (to borrow the Times’ phrasing) into a “Google search for sensitive information.” This classified data was then extracted back to Russian intelligence systems. The NSA, however, has always restricted its analysts from installing Kaspersky’s apps (which may explain why the hackers went after an agency contractor).
Kaspersky detailed the attack on its systems back in June 2015. Although it didn’t pin the blame directly on Israel, it did drop a significant hint by referring to the attack as”Duqu 2.0″ (in reference to the Duqu malware, which matches the Stuxnet virus). The latter was a joint Israel-American cyberweapon that inflicted considerable damage on Iran’s nuclear program, in particular on its Natanz facility. But, the virus didn’t stop there. It ended up accidentally spreading to Indonesia, India, and Azerbaijan, among other regions. Kaspersky noted that the breach, which lasted for several months, used the same algorithm as Duqu. The attack’s other victims reportedly matched Israeli targets, several of which were located in the US, ruling out American collusion.
The Times reports that Israeli officials handed over screenshots and documentation of the hack to their American counterparts. The findings led, in part, to the US government’s decision to block federal agencies from using the anti-virus tool — although, Kaspersky’s alleged ties to the Kremlin didn’t exactly help its cause either.
Still, this doesn’t necessarily mean Kaspersky Lab founder Eugene V. Kaspersky was complicit in the breach. Theoretically speaking, there’s always the chance the software could have been exploited without his consent, or the consent of his staff. Nonetheless, it will do little to free Kaspersky from the maelstrom it’s caught up in.
The New York Times