Acting on this Israeli tip-off in 2015, the National Security Agency confirmed that its tools were being used by the Moscow-based Kaspersky company and enabled Russian spy services to dig out US secrets.
The Israeli government hackers’ tipoff prompted a search through US intelligence agencies for the leak. It was found in the NSA’s Tailored Access Operations division, and came from an employee who had installed Kaspersky’s anti-virus software on his home computer, thereby enabling Russian spy agencies to penetrate US intelligence networks.
He is still being investigated to find out whether he installed the Kaspersky software, which serves 400 million computers around the world, with malicious intent or through negligence.
The role of Israeli government hackers in this affair was revealed by the New York Times.
Late last month, the US National Intelligence Council completed a classified report that it shared with NATO allies concluding that the Russian clandestine FSB had “probable access” to Kaspersky customer databases and source code. That access, it concluded, could help enable cyberattacks against US government, commercial and industrial control networks.
In September, after the US banned federal agencies from using Kaspersky Lab software, citing concerns over its ties with Russian intelligence services, the firm’s founder, Eugene Kaspersky, said in a statement that “as a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and…the Kaspersky Lab is caught in the middle of a geopolitical fight.”
The company said it “does not possess any knowledge” of Israel’s hack. He said in a blog post last week that his anti-virus software is supposed to find malware from all quarters.
The US federal government has increasingly conveyed its concerns about Kaspersky to the private sector. The briefings elaborated on the risks of espionage, sabotage and supply-chain attacks that could be enabled through use of the software. They also explained the surveillance law that enables the Russian government to see data coursing through its domestic pipes.
The ramifications of the case are manifold:
- Whether or not Kaspersky is working directly for the Russian government doesn’t matter; their Internet service providers are subject to monitoring. So virtually anything shared with Kaspersky could become the property of the Russian government.
- The Israeli tip-off helped the US intelligence agency beat off one major breach of its security system. But that was two years ago, and it stands to reason that the Russians have come up with more methods in the interim.
- The Kaspersky software tool for detecting computer viruses – but also to identity other data – is known as “silent signatures” – strings of digital code that operate in stealth to find malware but which could also be written to search computers for potential classified documents, using keywords or acronyms. This is the only anti-virus firm whose data is routed through Russian Internet service providers subject to Russian surveillance.
- This episode casts the massive and elaborate political probes launched to discover whether Russian intelligence helped Donald Trump win the 2016 presidential election in an absurd light. Russian spies were known to have been digging around America’s most secret networks a year earlier. Although President Barack Obama must have been informed about these clandestine hacking operations, he never held Moscow to account.
- The Israeli government’s digital operators who track Russian systems pass their discoveries to US intelligence agencies, as this episode shows. Therefore, the Netanyahu government’s efforts to paint a picture of close friendship between Jerusalem and Moscow apply only to the surface relationship. The Russians have always seen Israel as an integral part of America’s military and intelligence presence in the Middle East and other parts of the world, and their policies with regard to Israel can be expected to reflect that perception.