Israeli intelligence warned US of Russian spies using Kaspersky software

11 Oct 2017

Kaspersky Lab headquarters, Moscow. Image: StockPhotoVideo/Shutterstock

Israeli spies apparently caught Russian hackers locating confidential NSA material that had been improperly stored on an employee computer.

In an intriguing twist in the ongoing saga, both The New York Times and The Washington Post have reported that Israeli hackers who buried themselves in Kaspersky’s own network actually tipped the US off to the Russian intrusion that was underway.

The 2015 breach that allegedly occurred via Kaspersky Lab software saw hackers target the home computer of an NSA contractor after essentially using the antivirus program to identify confidential files. The material stolen included details about foreign network penetration, network defence and surveillance code.

Hackers combing for sensitive information

The New York Times described the Russian hackers’ use of Kaspersky tools as a “sort of Google search for sensitive information”.

The Russians were seemingly able to access the confidential files through the antivirus suite of programs. Like all antivirus tools, it performs a full scan of the computer before removing or neutering any dangerous files and sending a report back. This procedure was a useful way for Russian intelligence to survey and retrieve contents of classified machines.

This is the first time Israeli involvement in this developing tale of espionage has been disclosed, and the Russian antivirus firm didn’t discover the intrusion into its systems until mid-2015, when an engineer noticed some unusual activity. The information that Israel gave to NSA included screenshots and other documentation. A report was issued by Kaspersky at the time but Israel was never mentioned.

Kaspersky distancing itself

CEO Eugene Kaspersky has vehemently denied any knowledge of incidents throughout the entire furore. Kaspersky software has been subject to an outright ban on US administration computers, further stirring the rumours.

In theory, the Russian hackers could have exploited Kaspersky without the company’s knowledge, and it is also posited that intelligence officers may have infiltrated the company without knowledge from the C-levels there.

The company issued this statement in response: “Kaspersky Lab was not involved in, and does not possess any knowledge of, the situation in question. As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company.

“Kaspersky Lab reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems, and [Kaspersky] respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.

“In addition, Kaspersky Lab has never helped, nor will help, any government in the world with its cyber-espionage efforts.”

Kaspersky Lab headquarters, Moscow. Image: StockPhotoVideo/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects