Content, Americas, Breach, Channel markets, EMEA, Europe

Kaspersky Lab Still On the Hot Seat: What About NSA Hacking Tools?

chair on stage
More than 50 years ago in the height of the Cold War, the parody publication Mad Magazine featured a wordless comic strip called Spy vs. Spy. Two agents, ostensibly an American and a Russian, engaged in hilariously absurd espionage activities trying to do away with the other.

It was funny largely because of the political climate at the time: Fictional spies were portrayed as every bit the hapless bungler as furtive, clandestine operative. As it turns out, Spy vs. Spy, while dated, gave us a prophetic look into today’s cyber spying with one addition: Now it’s Spy vs. Spy vs. Spy. And, while state-sponsored surveillance no longer has a satirical aspect to it, there remains a truth-is-stranger-than-fiction residue.

Take, for example, last week’s news that two years ago, a National Security Agency (NSA) insider reportedly snuck classified material out of the agency’s network and stored it on an unsecured personal computer, only to have it subsequently lifted by Russia-backed cyber attackers using Moscow-based, security provider Kaspersky’s software to identify the goods.  Keep in mind that Kaspersky is already in hot water in the U.S. over national security concerns, highlighted by the Senate’s rubber stamp on legislation to ban the company’s products from federal networks.

Israel Spies: Tipping Off U.S. Spies?

Now it turns out there is more to the story: Israeli intelligence officers were involved from the beginning. As the New York Times aptly put it: “It was a case of spies watching spies watching spies.” Here’s the updated blow-by-blow rundown (via NYT and Washington Post):

  • In 2015, Israeli intelligence spies broke into Moscow-based Kaspersky’s own network and saw something unexpected -- hacking tools belonging to the NSA.
  • Co-conspirator blame quickly pointed to the Moscow-based security provider, whose alleged allegiance to the Kremlin has been questioned for years. Russian government-backed cyber crooks trying to ferret out the code names of American intelligence programs had apparently used Kaspersky’s software as a makeshift search to locate the coveted files.
  • Israel subsequently told the NSA of its discovery. The agency, in searching for the breach, found that the Russian government indeed had its hacking tools. (It’s the third time sensitive material has been heisted from NSA troves).
  • Kaspersky discovered the Israeli breach of its systems when one of its engineers observed some odd network activity in the process of testing a new detection tool. A follow-on report loosely tied the breach to a prior hack called Duqu, thought to be similar to the high-profile Stuxnet attack on Iran, which was a collaborative effort between the U.S. and Israel.
  • Updated 8:40 p.m. ET on Wednesday, October 11: Germany sees no link between Kaspersky and Russia spying.

Kaspersky: 'Nothing to See Here; Move Along'

Kaspersky has repeatedly claimed it had nothing to do with any of it. Russia, the U.S. and the NSA have been tight-lipped, as expected. Kaspersky's denials notwithstanding, it’s still unclear if or how the company or founder Eugene Kaspersky may/may not have participated, looked the other way, or themselves been unfairly snared in what it has called “geopolitical fights.” In a blog post last week, Kaspersky defended the company’s position, comparing the investigation to a “script of a C movie.”

That may, however, not be a strong enough denial. “Antivirus is the ultimate backdoor,” Blake Darché, a former N.S.A. operator and co-founder of Area 1 Security, told the NYT. “It provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.”

Of course, that doesn’t signal Kaspersky’s complicity, just that more details are still likely to come. For now we have the unanswered question: What other U.S. intelligence secrets did the Russian hackers steal from the two dozen government agencies using Kaspersky’s code?

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.