Israeli cyber-sleuths allegedly caught Russian hackers red-handed as they used popular Russian cybersecurity software to raid computers around the world for U.S. intelligence secrets, according to a break-out report in The New York Times.
Citing "multiple people who have been briefed on the matter," the Times reported Tuesday that in 2014 Israeli spies breached the corporate systems of Kaspersky Lab, a Moscow-based cybersecurity firm whose anti-virus software is used the world over, including by several U.S. government and military agencies.
Anti-virus software generally has wide access to data on a system where it's installed, so that it can properly detect hidden malware. But that also means if the software is compromised, as the Times report alleges is the case with Kaspersky's, it could be used by hackers or intelligence agencies to look for anything else -- including secrets.
From the Times report:
Israeli intelligence officers informed the N.S.A. that in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan for American government classified programs, and pulling any findings back to Russian intelligence systems. They provided their N.S.A. [U.S. National Security Agency] counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.
Kaspersky Lab has been the center of cybersecurity controversy for weeks, ever since the Department of Homeland Security ordered federal agencies to stop using the company's software in September.
Prior to the Times revelations, Eugene Kaspersky, the company's founder and CEO, denied wrongdoing and offered to testify before Congress in defense of his company -- a hearing currently scheduled for Oct. 25. Though Kaspersky Lab is reported to have worked with the Russian government at times in the past, the Times reported that technical experts said it's possible Russian intelligence agencies hacked the software without Kaspersky's knowledge.
Eugene Kaspersky posted a statement on Twitter in response to the Times report, saying his company "was not involved in, and does not possess any knowledge of, the situation in question."
"As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company," the statement goes on. "Kaspersky Lab reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.
"In addition, Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts," it added.
The Times report also apparently solved a two-year-old cybersecurity mystery about the identity of the hackers behind Duqu 2.0. Duqu 2.0 was a sophisticated cyber-espionage campaign discovered in 2015 that targeted Kaspersky's own systems. At the time Eugene Kaspersky declined to say who he believed the culprit was, but allowed that it was likely a nation-state due to its complexity. In its Tuesday report, the Times revealed Duqu 2.0 was the Israeli spying operation -- an upgraded cyber campaign based on another espionage operation, which itself was borne out of the joint U.S.-Israeli cyber-attack on an Iranian nuclear plant.
“The attack was very complicated, very smart," Eugene Kaspersky said of the Duqu 2.0 hack in 2015. "[But] come on, it’s stupid to attack a cyber-security company... Sooner or later, we'll find it anyway."
[Do you have a tip or question for Code and Dagger? Reach us at CodeAndDagger@protonmail.com. And if you like what you read and want to help keep the site running (kind of) smoothly, click here to learn how you can lend your support. ]