Israeli intelligence officials were behind a US decision to remove all Kaspersky Lab software from government servers after they alerted their American counterparts to Russian hackers using the anti-virus software to steal classified information, according to US media reports Wednesday.
Over a two-year operation, Israeli intelligence agencies hacked into Kaspersky’s network and discovered that the software used globally by some 400 million people had been breached by Russian hackers who were using the program to find code names of US intelligence programs, according to The New York Times, which first broke the story.
Sources who were briefed of the developments said the Israelis provided the US National Security Agency with “solid evidence” of the Kremlin’s work based on a two-year hacking operation begun in 2014, the newspaper said. Among the information the Israelis allegedly gleaned from hacking Kasperksy were passwords, screenshots, emails and documents.
Last month, after receiving the Israeli report, the US Department of Homeland Security banned federal agencies from using any computer software supplied by Kaspersky Lab and ordered the products removed within 90 days.
Kaspersky, which opened a research and development center in Jerusalem in June, has denied knowledge of Russian hackers using its software.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the Moscow-based multi-national company said in a statement on Tuesday.
The chief executive of the software company, Eugene Kaspersky, is a mathematical engineer who attended a KGB-sponsored school and once worked for Russia’s Ministry of Defense. His critics say it’s unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin.
According to the NY Times report, at the time the DHS issued its September 13 directive against Kaspersky products, intelligence officials had already been concerned for some time about how the software works and possible ties between Kaspersky Lab and Moscow officials.
Kaspersky discovered the Israeli hack of its system in 2015, which it then publicly reported in June of that year, without fingering Israel as the culprit.
Among the clues pointing to Israel that Kaspersky researchers noted was that the hack was very similar to an earlier attack known as Duqu, which they blamed on the same nations responsible for the Stuxnet cyberweapon, a joint US-Israeli virus that was used in 2010 to attack Iran’s Natanz nuclear site, destroying about 20 percent of the facility’s uranium enrichment centrifuges.
Kaspersky also pointed out that the hack on its systems, which it labeled Duqu 2.0, was used against other targets of interest to Israel, including hotels and conference centers where United Nations Security Council members held closed-door meetings about a nuclear deal with Iran, talks to which Israel was not included. Since some of the targets were in the US, the researchers suggested it was a solely Israeli operation without American cooperation.
The talks eventually led to the 2015 Joint Comprehensive Plan of Action, an agreement signed with six world powers to curb Iranian development of nuclear weapons, which was strongly opposed by Israel.
The NY Times said it was not clear whether or not Eugene Kaspersky was involved in the Kermlin hack, or if any of his employees were cooperating with the Kremlin. Russian intelligence may also have infiltrated the company without the knowledge of senior staff.
Last week it was reported that Kaspersky hackers stole details about how the US infiltrates foreign networks and defends against cyberattacks after a National Security Agency contractor took the classified material home and put it on a personal computer.
The Wall Street Journal reported the breach of classified information. It’s the third time since 2013 that a theft of sensitive information involving an NSA contractor has become publicly known.
The newspaper, citing multiple unnamed individuals with knowledge about the theft, said the hackers apparently targeted the NSA contractor after identifying the sensitive material through his use of antivirus software by Kaspersky Lab. The Russian company denied involvement in the theft, which the newspaper said occurred in 2015 but was not discovered until last spring.
The NSA declined to respond to the news report, saying it has a policy not to comment on personnel matters or investigations that might or might not be occurring.
The name of the contractor is not publicly known. It’s unclear if he has been dismissed or charged in the incident, which is still being investigated.
In 2013, former NSA contractor Edward Snowden leaked classified material exposing US government surveillance programs. In August 2016, Harold Thomas Martin III, 51, of Glen Burnie, Maryland, was arrested by the FBI after federal prosecutors say he illegally removed highly classified information and stored the material in his home and car.
The breach comes as congressional committees and officials in the government are investigating Russia’s meddling in the 2016 presidential election which included cyber activities.