Israel tipped off NSA to Russian digital spies using its product

Acting on this Israeli tip-off in 2015, the National Security Agency confirmed that its tools were being used by the Moscow-based Kaspersky company and enabled Russian spy services to dig out US secrets.
The Israeli government hackers’ tipoff prompted a search through US intelligence agencies for the leak. It was found in the NSA’s Tailored Access Operations division, and came from an employee who had installed Kaspersky’s anti-virus software on his home computer, thereby enabling Russian spy agencies to penetrate US intelligence networks.

He is still being investigated to find out whether he installed the Kaspersky software, which serves 400 million computers around the world, with malicious intent or through negligence.

The role of Israeli government hackers in this affair was revealed by the New York Times.
Late last month, the US National Intelligence Council completed a classified report that it shared with NATO allies concluding that the Russian clandestine FSB had “probable access” to Kaspersky customer databases and source code. That access, it concluded, could help enable cyberattacks against US government, commercial and industrial control networks.

In September, after the US banned federal agencies from using Kaspersky Lab software, citing concerns over its ties with Russian intelligence services, the firm’s founder, Eugene Kaspersky, said in a statement that “as a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and…the Kaspersky Lab is caught in the middle of a geopolitical fight.”

The company said it “does not possess any knowledge” of Israel’s hack. He said in a blog post last week that his anti-virus software is supposed to find malware from all quarters.

The US federal government has increasingly conveyed its concerns about Kaspersky to the private sector. The briefings elaborated on the risks of espionage, sabotage and supply-chain attacks that could be enabled through use of the software. They also explained the surveillance law that enables the Russian government to see data coursing through its domestic pipes.

The ramifications of the case are manifold:

  1. Whether or not Kaspersky is working directly for the Russian government doesn’t matter; their Internet service providers are subject to monitoring. So virtually anything shared with Kaspersky could become the property of the Russian government.
  2. The Israeli tip-off helped the US intelligence agency beat off one major breach of its security system. But that was two years ago, and it stands to reason that the Russians have come up with more methods in the interim.
  3. The Kaspersky software tool for detecting computer viruses – but also to identity other data – is known as “silent signatures” – strings of digital code that operate in stealth to find malware but which could also be written to search computers for potential classified documents, using keywords or acronyms. This is the only anti-virus firm whose data is routed through Russian Internet service providers subject to Russian surveillance.
  4. This episode casts the massive and elaborate political probes launched to discover whether Russian intelligence helped Donald Trump win the 2016 presidential election in an absurd light. Russian spies were known to have been digging around America’s most secret networks a year earlier. Although President Barack Obama must have been informed about these clandestine hacking operations, he never held Moscow to account.
  5. The Israeli government’s digital operators who track Russian systems pass their discoveries to US intelligence agencies, as this episode shows. Therefore, the Netanyahu government’s efforts to paint a picture of close friendship between Jerusalem and Moscow apply only to the surface relationship. The Russians have always seen Israel as an integral part of America’s military and intelligence presence in the Middle East and other parts of the world, and their policies with regard to Israel can be expected to reflect that perception.


Print Friendly, PDF & Email

25 thoughts on “Israel tipped off NSA to Russian digital spies using its product

  • Oct 11, 2017 @ 9:54 at 9:54

    “their Internet service providers are subject to monitoring”, oh this is too much. The US was caught tapping directly into the US based ISP and telecommunications providers without a warrant and not a single person went to jail.

    This whole article is trying to smear Russia as some kind of bad guy for monitoring all data in its territory. The difference is that Russia made laws to do this legally and the US just does it and does not even worry about the rule of law.

    • Oct 11, 2017 @ 15:08 at 15:08

      Message above is an Example of a Putin troll in action

      • Oct 11, 2017 @ 16:22 at 16:22

        The NSA having a room at AT&T and a splice in the trunk lines to trap all communications, which is expressly against the law, does not make me a troll.

    • Oct 12, 2017 @ 12:48 at 12:48

      Russia a bad guy? Why would anyone say that? Is it just because they like to be involved in war and killing, tied to Hezbollah and Iran in slaughter and promoting Islamism when it suits them, picking off countries to re-establish the Soviet Union, threatening the security of Israel by establishing a Shia corridor, an everlasting ally to the Assad regime?

      • Oct 13, 2017 @ 21:29 at 21:29

        Russia is new to the slaughter, following 20 years of brutal US intervention. Whatever promotion of Islam that Russia has done through Hezbollah and Iran is vastly overshadowed by the US breaking the Sunni rock, Iraq, and not evening issuing a tiny squeak as Shi’te Iran gobbled it all up. Where was your outrage as the US was funneling weapons and material through the so called moderate groups on to Al Nusra and ISIS?

        The US is also the one that is poking the Russian bear with a sharp stick in Europe as well. The US promised not to try and recruit the old Soviet bloc countries into NATO. Everything was fine until the US started placing missile interceptors in eastern Europe. This woke the bear. Then the US started the “Freedom Marches” consisting of columns of US Stryker infantry fighting vehicles through Latvia, Estonia, and in some countries only 30 feet from the Russian border.

        I am not even getting into the cesspit of Ukraine, a mess that the US caused. Maybe Neuland can bring you some cookies and explain it.

        • Oct 14, 2017 @ 17:21 at 17:21

          Almost all the Soviet Bloc countries couldn’t get away from Russia fast enough to join the West. Russia is still playing the Cold war game, a game they lost and refuse to concede. Folks, the Russian troll army is not a myth.

        • Oct 15, 2017 @ 10:15 at 10:15

          Russia has always been a negative force against Isreal throughout the past 70 years – arming enemies of Israel after voting to re-establish Israel. Do not deflect the obvious blame Russia (the Soviets) deserves.

          • Oct 15, 2017 @ 18:05 at 18:05

            I am not exonerating Russia in any way. Most of everything that people accuse here about Russia is true. I am merely mentioning details that prove that the US’ behavior is every bit as onerous as Russia’s and in many cases that the US provokes Russia’s behavior.

  • Oct 11, 2017 @ 13:37 at 13:37

    Zionists are hurt after Kaspersky discovered Stuxnet. I use Kaspersky and I encourage everyone do the same.

    • Oct 11, 2017 @ 21:51 at 21:51

      After this incident with Kaspersky, no one should use this product, especially Americans and Israelis as Kaspersky cannot be trusted as they have been hacked by the Russian government, nothing but a state-sponsored spy and terrorist mechanism tool of the Russian spy agency’s. And you recommend this product? Surething comrade.

    • Oct 15, 2017 @ 10:21 at 10:21

      Sure, use it until you start getting robo- calls from Putin’s helpers about how to vote or you learn that your university-aged children have been indoctrinated by Marxist professors schooled by RT.

  • Oct 11, 2017 @ 14:26 at 14:26

    Apparantly Russians are present at this forum too.

  • Oct 11, 2017 @ 16:22 at 16:22

    The U.S., with it’s imperial over reach around the planet, of course, will see all defenders
    to its ‘global command’ as suspects.

  • Oct 11, 2017 @ 19:18 at 19:18

    Russia has a bad history of being a sore loser and is always trying to be smart and one step ahead but their game is always exposed like when the USSR collapsed, unlike the US that keeps on having its secrets STOLEN from non-smart and lazy ppl NATIONS and then creating new and more sophisticated software for new hackers!!!

    • Oct 13, 2017 @ 7:46 at 7:46

      i’m not sure about the “sore” part, but it was uncle sam’s security apparatus that got hacked, using their own tools. and israel had to notify them that it had happened. i’d say that that makes the us winners, in the “loser” category.

  • Oct 11, 2017 @ 19:53 at 19:53

    So no-one should use Kaspersky

  • Oct 11, 2017 @ 20:46 at 20:46

    Oh you poor fools, where do you think viruses come from. Follow the money is always useful. 😉

  • Oct 12, 2017 @ 11:51 at 11:51

    “whether Russian intelligence helped Donald Trump win the 2016 presidential election” – this is a foolish statement. it is a clinton lie. russia and clinton have one scope: to portray trump as illegitimate. clinton and russia want usa to be weaker.

  • Oct 13, 2017 @ 2:59 at 2:59

    Meanwhile we are going after every MF Jew like Harvey Weinstein who has poisoned the real American society… We’re going to make this country great again without those parasites here. America for American. One down the rest will come soon.

    • Oct 13, 2017 @ 7:50 at 7:50

      “parasites”? do you mean pore white trash like you?

  • Oct 13, 2017 @ 4:48 at 4:48

    I’m buying Kaspersky. Hands down it beats the others. The Jew/zionist labels are meaningless jabber as all Anti Virus providers have to provide access to american intelligence…they share..The only malware I see here..the only a political virus coming from the Atlantic Council labs. Its a hateful virus being drummed onto our screens day in day out w/o a shred of evidence. Russians are being accused of interfereing with Pokemon. For Gods sake..get a grip. Like showing an audience a picture of a UFO blur.its still a blur..meaningless!..From Snowden to Wikileaks its known Marbles can emulate anyone. Thanx CIA! Thats why banks are being ripped off others one is safe..but to lump it all on Russia by political agenda is criminal. Israel would not like to be accused of the 8200 group being behind this..but it can be done, and they know it too.
    Even Debka itself wrote an excellent article on how the DNC Hacks were most likely insiders. and that Hillary’s server certainly was very Vulnerable…I’m of that same opinion today. Too many people know now, and that cannot be changed by continual finger pointing and News reports put out by reporters who know nothing about cyber crime much less how a computer works.

    • Oct 13, 2017 @ 7:48 at 7:48

      “jew/zionist labels”?!

  • Oct 13, 2017 @ 12:14 at 12:14

    Yes Things like Israeli conspiracy, the Obummer, the Drumpf crap I see on literally ever site..It’s sickening..and serve as substitutes for lack of thinking and critical analysis.
    There is a conspiracy to maintain a war machine for geo political interests..that can’t be ignored.., but continual demonization of Russia based on zero evidence. undermines the value of such propaganda tools..Germany’s Cyber experts just cleared Kaspersky as a vehicle for russian exploits, Others point out that The American allegation by Crowdstrike was based on a Threat Connect assesment traced to an Algerian malware/virus…The French and the Germans admitted they found no Russian interference..But NewsMedia at the behest Keep maintaining this untruth..

    But TIME reported:

    CrowdStrike also found the other group of hackers, Fancy Bear, was sending command and control instructions from a server with an Internet Protocol (IP) address of This was the same IP address that was linked to command and control of an attack against the German parliament in 2015.

    And Thomas Rid said:

    One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers.

    If true that would be quite odd, because that IP address was reported in May 2015 and has been BLOCKED since!
    For this see comment section by the hosting provider on the article by Netzpolitik linked above.

    Crookservers sagt:
    20. Juni 2015 um 02:25 Uhr

    We had received 1st abuse report about the IP on 20th May 2015. IP had been reported to be a Command & Control for APT-28.

    We immediately suspended the service on 20th May 2015. We had also requested our client information about the criminal activity and we never received a response. We’re ready to provide any information we have to law inforcement agencies.

    So Crowditrike reported a breach may 2016 by malware that that had already been blocked by it the year before..Very clever to have a sample ready and refuse to let anyone else do the forensics, but share with Fireye’s Galante who is a senior fellow at the Atlantic Council. The may as well have let Samantha Power or Madeline Albright do the Forensics. It would be funny if just a silly prank…but this will end up costing lives, and further erosion of trust in Government. It is that obvious.

  • Oct 13, 2017 @ 14:25 at 14:25

    Thanks Israel! I have been saying for years, why would anyone use an anti-virus software headquartered in Moscow where most malware come from. Never made sense.

  • Jul 11, 2018 @ 1:05 at 1:05

    I was really shocked when I heard that Kaspersky is also doing the same thing as Facebook. I have a great faith in Kaspersky and I am a satisfied customer of Kaspersky for the security given by it. But now I have to consult with Yahoo Supportbefore renewing my Kaspersky.

Comments are closed.