Israel hack uncovered Russian spies' use of Kaspersky in 2015, report says
Information led to US decision to end use of company’s software across federal government in December
An Israeli security agency hacked into Russian antivirus firm Kaspersky Lab in 2015, providing the crucial evidence required to ban the company from providing services to the US government, according to a report.
While the Israeli spies were inside Kaspersky’s systems, they observed Russian spies in turn using the company’s tools to spy on American spies, the New York Times reports. That information, handed to the US, led to the decision in September to end the use of the company’s software across the federal government by December.
The revelation answers some questions about the unfolding saga around Kaspersky Lab, a previously well-regarded information security firm founded in 1997 by Russian national Eugene Kaspersky. It seems to demonstrate why the US believes Kaspersky Lab software was involved in the hacking of an NSA contractor in 2015, as well as narrows down the nature of Kaspersky Lab’s supposed involvement in the Russian operation.
But it still leaves many further questions unanswered. Crucially for Kaspersky, the Israeli hack apparently failed to provide enough information to determine whether it was a willing, or even knowing, participant in the Russian espionage.
The Russian government exercises tight control over domestic and foreign high-tech industries operating within its borders. In June 2017, it began demanding the source code for certain software imported, ostensibly to search for “backdoors” inserted by foreign intelligence agencies. In practice, it’s widely believed that the Russian security agency scans the source code for undisclosed vulnerabilities it can use to improve its own hacking prowess.
Kaspersky vehemently denies any involvement in Russian state-sponsored hacking. “Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question,” the company told the Guardian.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyber-espionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical.
Israeli security has had a tense relationship with Kaspersky Lab since the company’s research on Stuxnet, a specialised piece of malware created by the US and Israel to harm Iran’s nuclear industry. Photograph: Courtesy/REX/Shutterstock
“It is also important to note, Kaspersky Lab detects all kinds of threats, including nation-state sponsored malware, regardless of the origin or purpose. The company tracks more than 100 advanced persistent threat actors and operations, and for 20 years, Kaspersky Lab has been focused on protecting people and organisations from these cyber-threats – its headquarters’ location doesn’t change that mission.”
In the tangled web of spies spying on spies, it can be difficult to take any statement at face value. The Israeli security community has long had a tense relationship with Kaspersky Lab, dating back to the company’s research on Stuxnet, a specialised piece of malware created by the US and Israel to harm Iran’s nuclear industry.
In fact, the highly sophisticated Israeli hacking operation that targeted Kaspersky appears to have used the same malware that was used to spy on the Iran nuclear negotiations in 2014 and 2015.
Israel’s hacking of Kaspersky reportedly occurred in the same period Kaspersky publicly acknowledged that it had been targeted by a “state actor”. Kaspersky said the malware used in the attack was derived from the Stuxnet virus.
At the time Kaspersky researchers disclosed that dozens of machines in its networks had been infected by the Duqu 2.0 spyware, which appeared to be attempting to access research and information, and which Kaspersky staff described at the time as being a “generation ahead” of anything they had seen before.
Although there was no concrete proof until now, Kaspersky suspected Israel of being behind the attack, not least because the same malware was being used to target the P5+1 talks on Iran’s nuclear programme. Kaspersky researchers also found that the work schedules of the Duqu attackers suggested they were physically located in or near to Israel.
Kaspersky said: “With regards to unverified assertions that this situation relates to Duqu2, a sophisticated cyber-attack of which Kaspersky Lab was not the only target, we are confident that we have identified and removed all of the infections that happened during that incident. Furthermore … Kaspersky Lab publicly reported the attack, and the company offered its assistance to affected or interested organisations to help mitigate this threat.”
The latest revelations over Israel’s electronic espionage activities appear to have come closer to joining the dots linking a series of Israeli cyber-spying and cyberwar operations dating back to at least 2011, beginning with the use of Stuxnet.
In 2015 officials in the Obama administration told journalists that Israel had spied on the nuclear negotiations and used material that it had acquired to attempt to lobby the US Congress in 2015 to derail the deal.
Since you’re here …
… we have a small favour to ask. More people are reading the Guardian than ever but advertising revenues across the media are falling fast. And unlike many news organisations, we haven’t put up a paywall – we want to keep our journalism as open as we can. So you can see why we need to ask for your help. The Guardian’s independent, investigative journalism takes a lot of time, money and hard work to produce. But we do it because we believe our perspective matters – because it might well be your perspective, too.
I appreciate there not being a paywall: it is more democratic for the media to be available for all and not a commodity to be purchased by a few. I’m happy to make a contribution so others with less means still have access to information.Thomasine F-R.
If everyone who reads our reporting, who likes it, helps to support it, our future would be much more secure.
Israel hacked Kaspersky to inform US about Russia stealing NSA exploits
Israeli Spies Hacked Kaspersky And Found Russian Hackers Exploiting The Antivirus Software To Obtain US Intelligence Secrets.
We earlier reported that Russian state-sponsored spies and Moscow-based cybersecurity and software developer firm Kaspersky Lab were secretly cooperating with each other as the company’s antivirus software was used by Russian hackers to steal NSA exploits after compromising the PC of an NSA contractor. However, latest reports suggest that Israeli spies are responsible for all the chaos.
According to reports, in 2015 Israeli spies managed to access Kaspersky’s backend systems and identified that Russian hackers were discreetly using the software both as a universal search engine and a spying tool. Spies from Kremlin were accessing computers across the world in real-time to get information about USA’s cyber-espionage tools and hacking weapons.
It is being claimed that Russians hacked the Kaspersky’s servers to obtain suspicious data that the antivirus identified and matched the codenames assigned to USA’s software exploits. This means, without the knowledge of Kaspersky, the Russian government was using its software as a spying tool to get details about the cyber-espionage tools and tactics used by the American intelligence agencies including the NSA.
In a report published by the NYT (New York Times), it is stated that Israeli intelligence has played an important role in discovering the compromising of Kaspersky Lab’s servers and the use of its antivirus software by Russian government-backed hackers as a global, searchable spying tool to search for yet undisclosed American secrets. This was an Israeli operation that was already known to America.
In its report, NYT did not explain the kind of information obtained by the Russians, but it did mention that the Kremlin hackers accessed Kaspersky for two years. While exploring Kaspersky’s systems, Israeli hackers searched for the antivirus software vendor’s research into the NSA and GCHQ’s espionage tactics and when they spotted Kremlin’s hackers accessing the system already, they “tipped off” the NSA. When NSA officials were notified, they initiated a quest for the breach and further investigation revealed that Russian government was in possession of the tools.
Surprisingly the founder of Kaspersky Labs, Eugene Kaspersky, has categorically denied the claims of the article published by the NYT and the NSA also declined to comment on the report.
Matt Tait, the renowned cyber-security expert, stated that antivirus packages are quite risky for organizations, not just the NSA primarily because when a threat is identified on a computer such as spyware or exploit, it is immediately uploaded to the antivirus vendor’s cloud for further analysis.
If that vendor’s backend system is already being observed, then it is very easy for an attacker to target that computer to collect copies of sensitive data. Since Russians were searching America’s exploits to use them against the Western government agencies and corporations as well as improve their cyber defenses.
The Russian government exercises tight control over domestic and foreign high-tech industries operating within its borders. In June 2017, it began demanding the source code for certain software imported, ostensibly to search for “backdoors” inserted by foreign intelligence agencies. In practice, it’s widely believed that the Russian security agency scans the source code for undisclosed vulnerabilities it can use to improve its own hacking prowess.
Kaspersky vehemently denies any involvement in Russian state-sponsored hacking. “Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question,” the company told the Guardian.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyber-espionage efforts, and contrary to erroneous reports, Kaspersky Lab software does not contain any undeclared capabilities such as backdoors as that would be illegal and unethical.
EmoticonEmoticon