US intelligence agencies are claiming that the Russian government leveraged the popularity of Kaspersky Labs’ cybersecurity software to create what is tantamount to a global spy network with the company’s explicit cooperation. However, Germany’s intelligence agencies say they’ve found “no evidence” to suggest these reports are true.
The Wall Street Journal, which last week reported that the US had identified at least one case of Kaspersky’s software improperly copying classified information, is back with another “exclusive” spoon fed to it by anonymous “senior US officials” alleging that Kaspersky allowed Russian government malware to piggy back on its software. The malware scanned for and copied files labeled “top secret,” not just in the US, but globally. Though WSJ neglects to list other countries that are suspected victims of Russian hacking.
Meanwhile, Germany's BSI federal cyber agency said on Wednesday it had found no evidence to suggest that Russian hackers had used Kaspersky’s software to spy on US authorities. "There are no plans to warn against the use of Kaspersky products since the BSI has no evidence for misconduct by the company or weaknesses in its software," BSI said in an emailed response to questions about the latest media reports. "The BSI has no indications at this time that the process occurred as described in the media," according to Reuters.
Germany's BSI, which also uses Kaspersky products for technical analyses, said it was in touch with U.S. officials and other security agencies about the issue so it could take action and issue a warning on short notice if required.
The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool, according to current and former U.S. officials with knowledge of the matter.
The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as “top secret,” which may be written on classified government documents, as well as the classified code names of U.S. government programs, these people said.
After becoming suspicious that the Kaspersky software might be concealing malicious spyware, US intelligence agencies began scrutinizing the software, searching for signs that it was unknowingly copying and transmitting sensitive information.
For many months, U.S. intelligence agencies studied the software and even set up controlled experiments to see if they could trigger Kaspersky’s software into believing it had found classified materials on a computer being monitored by U.S. spies, these people said. Those experiments persuaded officials that Kaspersky was being used to detect classified information.
Later, WSJ notes that, in fact, it was Israeli intelligence that first alerted the US to Kaspersky’s skullduggery, effectively creating a separate, parallel narrative to explain how the deception was exposed.
So, which is it? Did the Israelis tell us? Or did the US discover the breach independently in 2015?
In an ironic twist, Kaspersky exposed Israel for lying about the source of its information on Iran deal talks after WSJ reported two years ago that Israel had spied on negotiations. Israel had said it received its intelligence by other means, but it had in reality infiltrated Kaspersky’s software, a fact the company publicly acknowledged in a research paper published two years ago.
In a twist, Kaspersky appears to have known, or at least suspected, that it had been hacked by Israel. In June 2015, the company published a detailed technical analysis about malicious computer code used to break into its systems, which it dubbed Duqu 2.0. Experts believe that the original Duqu malware, on which the one inside Kaspersky’s system appears to have been based, was used to spy on officials participating in international negotiations over Iran’s nuclear program, a fact that Kaspersky acknowledged in its paper.
The Journal reported in 2015 that Israel had spied on closed-door talks among the U.S. and other world powers about curtailing Iran’s nuclear ambitions. Israeli officials denied spying directly on U.S. negotiators and said they received their information through other means, including close surveillance of Iranian leaders receiving the latest U.S. and European offers.
Which begs the question: Is it possible that Israel was the source of the Kaspersky hack? The country has been exposed for spying on the US before – and not just during the Iran negotiations. And it has also been exposed for infiltrating Kaspersky’s systems.
Keep in mind, suspicions about the infiltration first emerged two years ago at a time of heightened tension between the Obama administration and Israel. In an unprecedented move, the Department of Homeland Security ordered all federal agencies using Kaspersky’s software to uninstall it, effectively ending Kaspersky’s relationship with one of its largest clients.