How Kaspersky AV reportedly was caught helping Russian hackers steal NSA secrets

Enlarge (credit: Mikhail Deynekin)

Last week, The Wall Street Journal dropped a bombshell when it reported that Russian government hackers located confidential National Security Agency material improperly stored on an employee’s home computer with help from Kaspersky antivirus, which happened to be installed. On Tuesday, The New York Times and The Washington Post provided another shocker: the Russian hackers were caught in the act by spies from Israel, who were burrowed deep inside Kaspersky’s corporate network around the time of the theft.

Moscow-based Kaspersky Lab disclosed the intrusion into its network in mid-2015. Kaspersky released a detailed report that said some of the attack code shared digital fingerprints first found in the Stuxnet worm that sabotaged Iran’s nuclear program. When combined with other clues—including the attackers’ targeting of entities located in the US, which is off limits to the NSA—most analysts concluded that the 2014 hack was carried out by Israel. At the time, Kaspersky Lab researchers said that the hackers appeared most interested in data the company had amassed on nation-sponsored hackers.

The NYT, citing unnamed people, said on Tuesday that Israeli spies indeed carried out the attack. More revealing still, the report said, that during the course of the hack, the spies watched in real time as Russian government hackers turned Kaspersky antivirus software used by 400 million people worldwide into an improvised search tool that scoured computers for code names of US intelligence programs. The NYT likened to a “sort of Google search for sensitive information.” The Israeli spies, in turn, reported their findings to their counterparts in the US.