Israeli spies found Russian hackers using Kaspersky software to penetrate US agencies

Israeli cyber-intelligence agents tracking Russian hackers discovered that they were using Kaspersky anti-virus software to gain access to U.S. government networks.

The software, used by 400 million people worldwide, was hacked by Israeli cyber-agents, where they discovered hacking tools used by the NSA.


Israeli intelligence officials spying on Russian government hackers found they were using Kaspersky Lab antivirus software that is also used by 400 million people globally, including U.S. government agencies, according to media reports on Tuesday.

The Israeli officials who had hacked into Kaspersky's network over two years ago then warned their U.S. counterparts of the Russian intrusion, said The New York Times, which first reported the story.

That led to a decision in Washington only last month to order Kaspersky software removed from government computers.

The Washington Post also reported on Tuesday that the Israeli spies had also found in Kaspersky's network hacking tools that could only have come from the U.S. National Security Agency.

After an investigation, the NSA found that those tools were in possession of the Russian government, the Post said.

And late last month, the U.S. National Intelligence Council completed a classified report that it shared with NATO allies concluding that Russia's FSB intelligence service had "probable access" to Kaspersky customer databases and source code, the Post reported.

That access, it concluded, could help enable cyber attacks against U.S. government, commercial and industrial control networks, the Post reported.

The New York Times said the Russian operation, according to multiple people briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, which had Kaspersky antivirus software installed on it.

It is not yet publicly known what other U.S. secrets the Russian hackers may have discovered by turning the Kaspersky software into a sort of Google search for sensitive information, the Times said.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules, the Times said.

We are not likely ever to find out which networks and agencies have been compromised or how badly.  That is the nature of the war we're in.  But any breach of the NSA is deadly serious.  The way we gather electronic intelligence, the tools we use, was potentially exposed.  Any enemy with that information could develop countermeasures that would thwart our intel-gathering efforts.

The Israelis did us an enormous favor by informing us of the breach.  But how long had the Russians been able to use the Kaspersky anti-virus to penetrate our networks?  And was the Kaspersky Lab in on the spying, or was it an unwitting victim? 

Trump may still wish to make an attempt to repair relations with the Putin government.  The Russians are, after all, a nuclear power, and despite all, they share some strategic concerns with the U.S. about China and terrorism.  But this incident shows that they are not our friends and that Vladimir Putin prefers an adversarial relationship with the U.S. to one of constructive engagement.