Israeli government hackers were the ones who discovered the Kremlin’s use of Kaspersky Lab computer software to steal U.S. intelligence two years ago, according to U.S. sources.
In 2015, Israeli hackers found tools in the Moscow-based computer security firm that could have only come from the U.S. National Security Agency — a discovery that contributed to the Department of Homeland Security’s decision last month to ban all Kaspersky Lab software from U.S. government servers and order existing prducts to be removed within 90 days.
The Israeli discovery was first reported by The New York Times, which cited current and former U.S. officials.
Kaspersky’s popular antivirus software gave Russian hackers a reach of over 400 million people, the report said, including over 20 American government agencies. By offering scans for malicious software and reporting the information back to Kaspersky, Russian intelligence could exploit the contents of computers for their own interest.
The Russian operation is believed to have netted classified information from an NSA employee who stored the data on a home computer on which the Kaspersky antivirus was installed. It is not publicly known what information hackers may have uncovered from the breach.
Kaspersky Lab has denied any involvement or knowledge of Russian hackers using the software, saying in a statement, “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts.”
“Kaspersky Lab was not involved in, and does not possess any knowledge of, the situation in question,” the statement added.
Israeli intelligence said it provided the United States with “solid evidence” of Moscow’s role behind the hacking, going as far back as 2014.
The NSA bans its own analysts from using Kaspersky products because using antivirus products for hacking operations is a technique they’ve used in the past — a technique now reportedly used by Russian hackers, the Times report said.
“Antivirus is the ultimate backdoor,” Blake Darché, a former NSA operator, said. “It provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.”
By Sara Shayanian