In a tale of international espionage that seems to only get more dramatic by the day, The New York Times and The Washington Post on Tuesday confirmed earlier suspicions that Russian hackers had, in fact, used Kaspersky antivirus to steal NSA secrets.
The confirmation comes via more hacking activity, this time by Israelis who were apparently embedded in the antivirus company's systems prior to the 2015 Russian hack of an NSA contractor who had taken classified information back home. The New York Times also confirmed, albeit via anonymous sources, that Israel was in fact behind the 2014 hack of the Russian cyber security firm, as most experts had suspected.
During their time rummaging around the Kaspersky network, the Israeli spies reportedly discovered, in real time, some fellow spies, though of Russian heritage. As per the report, the Russians had been converting Kaspersky's antivirus, which is installed on more than 400 million devices around the world, into a form of Google search engine for state secrets, scanning systems for code words pertaining to US intelligence efforts.
All of which brings us back to the loss of NSA secrets through a contractor. The contractor was found to have Kaspersky software installed on his computer and, after the Israeli hackers shared their intel with their NSA counterparts, it was believed that the Russians had used the same technique to steal confidential data from the contactor's computer.
The reports do not, however, provide much detail on how complicit Kaspersky itself was in the commission of these espionage activities by Russian actors, if at all. The company defended itself in a statement saying:
"Kaspersky Lab was not involved in, and does not possess any knowledge of, the situation in question. As the integrity of our products is fundamental to our business, Kaspersky Lab patches any vulnerabilities it identifies or that are reported to the company. Kaspersky Lab reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems, and [Kaspersky] respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity. In addition, Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts."
Though Kaspersky may not have been involved in, or approved of, these developments, The Washington Post article does provide more information on how such a scheme could have been implemented using the company's product.
According to the report, Kaspersky uses a tool called 'silent signatures' to detect malware on computers. Though this is a standard industry practice, the same code could be used to search for other information unrelated to malware, such as code words pertaining to classified US intelligence operations.
These events ultimately culminated in the US Department of Homeland Security banning the use of the Russian-made product in all federal agencies last month and will likely continue to lead to American and European businesses dropping support for Kaspersky, as Best Buy has already done.
Source: The Washington Post, The New York Times via Ars Technica
32 Comments - Add comment